Helm is to Kubernetes what apt is to Ubuntu or npm is to Node.js. Instead of maintaining dozens of raw Kubernetes YAML files for every application, you package them into a Helm Chart with templated values. A helm install command deploys the full application stack with environment-specific configuration.
Chart Structure
myapp/
Chart.yaml # Chart metadata (name, version, description)
…
A modern web server and reverse proxy written in Go that provisions and renews TLS certificates automatically — the simplest path to HTTPS for self-hosted services.
Cloudflare Tunnel (formerly Argo Tunnel) creates an outbound-only encrypted connection from your server to Cloudflare's edge. Your origin server makes the connection out; Cloudflare routes incoming requests to it. No inbound ports, no dynamic DNS, no server IP exposed, your server is completely hidden behind Cloudflare.
How It Works
WireGuard is a VPN protocol created by Jason Donenfeld and merged into the Linux kernel in 2020. It replaces OpenVPN and IPsec for most new deployments with a dramatically simpler design: cryptokey routing, a single modern cipher suite (ChaCha20, Poly1305, Curve25519, BLAKE2s), and a stateless design that is auditable, fast, and secure by default.
The Design Philosophy
WireGuard has no…
Tailscale takes the cryptographic strength of Wireguard and wraps it in a coordination layer that eliminates all the manual configuration that makes WireGuard hard to operate at scale. Install the client, log in with your identity provider, and your device joins the mesh. Every other device on your Tailnet is immediately reachable via a stable 100.x.x.x IP, through NAT, firewalls, and across…
vLLM (Virtual LLM) is an open-source inference engine from UC Berkeley that dramatically increases the throughput of serving large language models on GPU hardware. It was introduced in 2023 with PagedAttention, a novel memory management technique that treats the KV cache like virtual memory in an OS, reducing waste from up to 60–80% of GPU memory down to under 4%.
The Problem: KV Cache…
He querido esperar a tener todo funcionando un par de semanas antes de crear el hilo y ahora que ya tengo una visión de conjunto, es el momento.
Quería hablaros de Pangolin, en palabras de sus desarrolladores, "An open-source, identity-based remote access platform built on WireGuard that enables secure, seamless connectivity to private and public resources. ".
Mi ISP me tiene…
Valjastin viikonloppuna vanhan pöytäkoneeni Proxmox-käyttöön ja samalla vanha palvelinkoneeni pääsee viettämään ansaittuja eläkepäiviä. Ajattelin, että tämä voisi olla hyvä hetki kirjoittaa siitä, miten olen verkkoni rakentanut ja miten valvon sen toimintaa.
Oma verkkoni on varsin yksinkertainen. Yksinkertainen on tietenkin suhteellinen käsite. Tiedän, että joillakin…
Akvorado, a network flow collector, relies on Traefik, a reverse HTTP proxy, to expose HTTP endpoints for services implemented in a Docker Compose setup. Docker labels attached to each service define the routing rules. Traefik picks them up automatically when a container starts. Instead of maintaining a static configuration file to collect Prometheus metrics, we can apply the same approach with…
How to enable Traefik Gateway API Provider on K3S