Cloud
Choose GCP Regional vs Global External ALB
The default advice for new HTTPS services on GCP is “use a Global External ALB.” It’s usually right.…
Author
Josphat Mutai
Containers
Migrate GKE Ingress to Gateway API with Cert Manager
On GKE, per-service Ingress plus per-service ManagedCertificate is the path of least resistance. It also scales badly: every…
Cloud
Consolidate GCP Certs on a Shared LB with Cert Maps
Per-service ManagedCertificate attached to a per-service target HTTPS proxy is why you have 120 forwarding rules across 4…
Cloud
Issue GCP Wildcard Certs with DNS Authorization (Terraform)
A single wildcard cert covering every service on a shared LB is what turns cert sprawl from a…
Cloud
Configure Cloud DNS DNSSEC and CAA on GCP (Terraform)
Cert sprawl starts with DNS. If the zone you issue certs against isn’t locked down first, every cert…
GCP
Audit GCP Certificate Sprawl on Per-Service ManagedCertificate
Reproduce the per-service ManagedCertificate sprawl pattern on GKE Autopilot with three live services, real cost math, and the…
Containers
How To Install Uptime Kuma on Ubuntu 26.04 LTS
Some monitoring stacks make you pick between feature-rich and heavy. Prometheus plus Alertmanager plus Grafana is amazing, but…
Containers
Install Kubernetes (kubeadm) on Ubuntu 26.04 LTS
Setting up a Kubernetes cluster from scratch on Ubuntu 26.04 requires one non-obvious change: configuring containerd for cgroup…
Ansible
Setup Event-Driven Ansible (EDA) for Real-Time Automation
Standard Ansible runs when you tell it to. Event-Driven Ansible (EDA) flips that model: it watches for events…
Ansible
Setup Ansible Dynamic Inventory for Auto Host Discovery
Static inventory files work until you have more than a handful of servers. Once VMs spin up and…
Ansible
Configure Dynamic Config Files with Ansible Jinja2
Config files are where most Ansible complexity lives. A static copy module works until you need different ports…
Ansible
Use Ansible Conditionals and Loops for Control Flow
The first playbook that does one thing to all hosts is satisfying. The second you need different behavior…