Privacy-Routed LLM Inference: Keeping Sensitive Data Out of the Cloud
How to build a routing layer for AI agents that ensures sensitive data stays on local hardware while leveraging cloud LLMs for non-private tasks.
#kubernetes
20 posts
Kyverno Admission Controllers: Policy-as-Code That Actually Works
Moving beyond the happy path of Kubernetes policy enforcement. Real-world Kyverno pitfalls, mutation loops, and the gap between docs and production.
AdGuard Home: Network-Wide DNS Filtering with Failover
Setting up AdGuard Home for network-wide DNS filtering with a robust failover strategy to prevent total internet outages.
Stop Merging Broken YAML: Kubernetes Manifest Validation in CI
Don't let invalid manifests break your GitOps pipeline. Learn how to use kubeconform and Kyverno exclusions to catch errors before they hit production.
cert-manager + Cloudflare DNS-01: Automated TLS for Everything
Automating TLS with cert-manager and Cloudflare DNS-01 in Kubernetes
SealedSecrets Key Backup: Don't Lose Your Encryption Keys
How to back up and recover SealedSecrets encryption keys in Kubernetes
Ollama on Kubernetes: Recreate Strategy and Single-GPU Deadlock
Deploying Ollama on Kubernetes can lead to GPU deadlocks. Here's how to avoid them.
Wildcard DNS + ndots:5: The TLS Nightmare and How to Fix It
Kubernetes default DNS settings can cause TLS certificate mismatches when using wildcard DNS. Here is how to debug and fix it.
Self-Improving AI Infrastructure: How Your Homelab Wiki Updates Itself
How to automate your homelab wiki with self-improving AI infrastructure
The 6-Layer Memory Architecture I Run for Claude Code
Open-sourcing the memory system behind my Claude Code setup: CLAUDE.md, path-scoped rules, wiki, vector search, cognitive memory. With the mistakes.
Building Karpathy's LLM Wiki: A Production Homelab Implementation
Implementing Karpathy's LLM Wiki in a homelab with real-world lessons and gotchas
AMD iGPU Stealing Your RAM: UMA Frame Buffer on Headless Servers
AMD iGPU steals RAM on headless servers, here's how to fix it
Agent Credential Management: Two-Tier Service Accounts for Secure AI Agent Workflows
Managing agent credentials with two-tier service accounts: a secure approach for AI agent orchestration
Pod Disruption Budgets: Why kubectl drain Gets Stuck on Longhorn
Pod Disruption Budgets can block kubectl drain on Longhorn. Here's how to avoid it.
Helm fullnameOverride: Naming Sanity in ArgoCD
Avoid naming chaos in ArgoCD by using Helm fullnameOverride effectively
NVIDIA Container Toolkit: Why the Default Runtime Matters
Fixing default runtime misconfigurations in NVIDIA Container Toolkit for GPU workloads
AMD Ryzen C-State Freezes: How `processor.max_cstate=1` Saved My Proxmox Node
Ryzen freezes in Proxmox? Learn how to disable deep C-states and stop random system lockups.
GPU Passthrough on Proxmox: A Field Guide to the Gotchas That Bit Me
The documentation won't warn you about D3cold bricking, PCIe bus renumbering, or why the NVIDIA device plugin silently fails. This is that guide.
GitOps for Homelabs: How ArgoCD App-of-Apps Scales Your Cluster
How the ArgoCD app-of-apps pattern brings real GitOps discipline to homelab Kubernetes — repo structure, examples, and what I'd do differently.
Building a Production Homelab: Multi-Node Proxmox Cluster with Kubernetes
How I built a multi-node Proxmox cluster running Kubernetes with GPU passthrough, GitOps, and dozens of services — and what broke along the way.