Kubernetes - Tag - IT Guy Journals

Installing Cilium and Multus on Talos OS for Advanced Kubernetes Networking

Luka Krapić — Tue, 05 Aug 2025 15:25:19 +0100

In a previous article, we explored deploying a highly available Kubernetes cluster using Talos OS, running on Proxmox and automated with Terraform. That setup provided a clean, immutable base for Kubernetes. However, its default networking stack—based on Flannel and kube-proxy—offers limited capabilities when it comes to modern network observability, performance tuning, or multi-interface pods.

In this guide, we’ll walk through installing Cilium as the primary CNI and Multus as a secondary CNI meta-plugin on Talos OS. This combination introduces support for advanced features such as eBPF-powered networking, per-pod visibility, and attaching pods to multiple physical or logical networks.

Deploying a Highly Available Kubernetes Cluster on Proxmox with Terraform and Talos OS

Luka Krapić — Sat, 02 Aug 2025 12:05:21 +0100

A highly available Kubernetes cluster in a homelab setup creates opportunities to test distributed systems, automation, and failure recovery under real-world conditions. This guide walks through one approach to building such a cluster using Proxmox for virtualization, Terraform for provisioning, and Talos OS for running the Kubernetes nodes.

This setup provides declarative infrastructure and immutable operating systems, eliminating the need for traditional Linux administration—no SSH, no shell, and no drifting configuration. The result is a consistent, secure, and maintainable cluster architecture suitable for long-term experimentation or light production use.

Kubernetes Secrets Management Using Kubernetes Sealed Secrets

Luka Krapić — Thu, 23 May 2024 16:56:47 +0100

Security is a major concern in continuous integration (CI), especially when managing sensitive information like API keys, passwords, and other secrets. For Kubernetes resources, Sealed Secrets offer an effective solution for securely managing sensitive information within your repository. In this blog we will explore what are Sealed Secrets, how to use them and some common management tasks around Sealed Secrets.

What are Sealed Secrets?

Sealed Secrets is a set of Kubernetes resources, controller and custom resource definition, that enables secure storage of secrets in your version control system (VCS). Unlike standard Kubernetes Secrets, which are base64-encoded and easily decoded, Sealed Secrets use asymmetric encryption to ensure your secrets remain encrypted until deployed to your Kubernetes cluster. Once deployed, the Sealed Secrets controller decrypts them into regular Kubernetes secrets, making them accessible to your applications.

Securing Kubernetes Cluster With Cert-Manager And Self-Signed Certificates

Luka Krapić — Mon, 06 May 2024 16:56:47 +0100

Kubernetes is an incredible tool for deploying, scaling, and managing containerized applications. One crucial aspect of kubernetes security is ensuring that communication between different entities is secure. By default, kubernetes management network is secure and pod network is handled by 3rd party plugin which mostly support encryption.

Today we will focus on properly securing outside-in web communication to our cluster with Cert-Manager and self-signed certificates. We assume that you have access to working kubernetes cluster with ingress controller.