Technical foundations
This page covers how I build and maintain the infrastructure and applications documented on this site. For the personal side, see the welcome page or about me.
How I build: Infrastructure as Code (IaC) and GitOps
My approach is Infrastructure as Code for provisioning and GitOps for day 2 operations. It is declarative, versioned, reviewable, and reproducible. Remaining gaps are host imaging, base network config, and automated preflight tests.
| Practice | What it means | Tooling here |
|---|---|---|
| IaC | Infra is defined declaratively in code, version-controlled, applied by automation. | Kubespray (Ansible) for cluster build and OS tuning |
| GitOps | Desired cluster state lives in Git; controllers reconcile the running state to match. | FluxCD for manifests and Helm releases |
Additional pieces that make it reproducible and safe:
- SOPS + age stores secrets as encrypted text in Git.
- Pinned manifests and Helm for Calico, MetalLB (FRR), Ingress-NGINX, cert-manager with Cloudflare DNS-01, PostgreSQL, and your apps.
- Runbooks and rollback complete the loop for safe change.
How I keep Kubernetes "boring"
- Kubespray with Ansible for a single, repeatable build path.
- One container network interface (CNI) and one ingress across sites.
- GitOps for every add-on and every application.
- Image automation so new versions move from build to cluster through Git, not by hand edits on the cluster.
- Local registry and chart mirrors for control and resilience.
- Backups automated and restore tests proven end to end.
- Clear service level objectives for API, DNS, and ingress, with automated checks.
Conventions
Commands
- Shell commands are in blocks; replace values in
<angle-brackets>.
Paths
- File paths are relative to repo sections unless noted.
Links and formatting
- Links prefer a single canonical source.
- Formatting is automated with Prettier and linters.
Admonitions
General info worth calling out.
Helpful advice or best practice.
Background or reference details.
Heads up: something to watch for.
Risky or destructive; proceed with care.
How I create the Sphere
Publishing is automatic once I commit a change.
Authoring
- Notes turned into Markdown with One Markdown.
- Authored in Obsidian.
- Published with Docusaurus and local full-text search.
Build and publish
- Built on a private GitLab runner (local-first).
- CI deploys the compiled site to Cloudflare Pages using Wrangler Direct Uploads.
- Public site served at https://sphere.muppit.au with TLS and CDN caching.
- Web Analytics enabled in Cloudflare for privacy-first visitor stats.
- No GitHub mirror. The repository stays on my local Kubernetes cluster.
Contributing and corrections
This site is statically built through an automated process. If something is incorrect or could be improved, please message me with a short note and the page link. I read every suggestion and update pages regularly.
If there is something specific you want on Kubernetes or related practices, ask for it. I am converting a lot of notes and will prioritise what helps most. If you use a different method and want to share it, message me and I will add it with credit.