Java & Azure Certified Developer | CNCF Kubestronaut | Cloud-Native Enthusiast
Welcome to my website. I’m Vijay, a Cloud Native Engineer from the Netherlands.
I’m a backend engineer with 7+ years of experience in the Finance domain, with a focus on banking solutions, building secure and scalable applications using Java, Spring, and microservices. As a certified Azure Developer, I’ve led successful cloud migrations and data management projects.
In 2024, I earned the CNCF Kubestronaut title — recognizing deep expertise in Kubernetes and cloud-native technologies.
Passionate about clean code, real-world problem-solving, and modern DevOps, I’m on a continuous journey of learning and sharing through this blog.
Most Recent Posts#
Introduction I am using Nginx Ingress Controller for my Kubernetes cluster, but I wanted to set up Traefik as well for specific use cases. This guide explains how I installed Traefik on my Kubernetes cluster using Helm.
Why I want to use Traefik I want to use authentication features for my applications, and my Nginx Ingress Controller setup requires enabling allow-snippet-annotations and setting annotations-risk-level to Critical. This is because Nginx Ingress Controller uses annotations for advanced configurations, which can be risky if not managed properly. Traefik, on the other hand, does not require such risky configurations and provides a safer way to manage ingress rules and features. So I decided to switch to Traefik as my primary Ingress Controller.
...
Introduction In this guide, I will walk through the process of self-hosting JetBrains YouTrack, a powerful project management tool, in a Kubernetes environment. YouTrack is designed to help teams manage their projects efficiently with features like issue tracking, agile boards, and customizable workflows. It is also free for up to 10 users, making it an excellent choice for small teams or personal projects.
Prerequisites Before we begin, ensure you have the following prerequisites:
...
Introduction This guide will help you identify if your public IP address has any open ports or services that could be unintentionally exposed to the internet. This is crucial for maintaining the security of your network and devices.
Based on RFC1918, private IP addresses are not routable on the public internet.
What is RFC1918?
RFC1918 is a standard that defines private IP address ranges that are reserved for use within private networks. RFC1918 designates the following three ranges for private networks: 10.0.0.0 - 10.255.255.255: (10.0.0.0/8) 172.16.0.0 - 172.31.255.255: (172.16.0.0/12) 192.168.0.0 - 192.168.255.255: (192.168.0.0/16) Steps You can use online tools to scan your public IP address for open ports and services. Use a port scan tool like Censys to search for a public IP address.
...
Introduction In this guide, we will learn how to expose a Kubernetes application securely to the internet using Cloudflare Tunnel and Nginx Ingress. This setup allows you to leverage Cloudflare’s security features while managing your application traffic efficiently.
We are going to use:
Cloudflare Tunnel to expose our application securely to the internet. Kubernetes Nginx Ingress to route traffic to our application. Prerequisites A Cloudflare account with the domain added. A Kubernetes cluster set up with Nginx Ingress Controller installed. Root or sudo access to the Kubernetes cluster. Deployment Guide Step 1: Install Cloudflare Tunnel sudo apt-get update && sudo apt-get install cloudflared Step 2: Authenticate Cloudflare Tunnel sudo cloudflared tunnel login Don’t worry, if you see login url in the server terminal, just copy it and paste it in your personal browser. After logging in, you will see a success message in the server terminal.
...
Introduction Metrics Server is a cluster-wide aggregator of resource usage data in Kubernetes. It collects metrics from the kubelet on each node and provides them to the Kubernetes API server, which can be used for horizontal pod autoscaling and other purposes.
Prerequisites A running Kubernetes cluster (version 1.8 or later). kubectl command-line tool installed and configured to communicate with your cluster. Installation Steps kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml Verification To verify that Metrics Server is running correctly, you can check the status of the Metrics Server pod:
...
Introduction This guide will walk you through the following steps to set up a 3-node Kubernetes cluster using kubeadm:
Configure unique hostnames for each node. Set up networking and update the /etc/hosts file. Install required system packages and disable swap. Install and configure the container runtime (containerd) and enable IP forwarding. Install Kubernetes components: kubeadm, kubelet, and kubectl. Initialize the control plane node with kubeadm. Set up pod networking using Calico CNI. Join worker nodes to the cluster. Verify the cluster status and apply additional configurations. Prerequisites Create three VMs or physical servers with Ubuntu 22.04 LTS or later. Make sure all nodes can communicate with each other over the network and has internet access. Setup Step 1: Setup Hostnames on all nodes On each node, set a unique hostname using the following command:
...
How to Enable Auto Login on Proxmox Console (TTY) What is tty? tty stands for “teletypewriter” and refers to a terminal interface in Unix-like operating systems. It allows users to interact with the system through a command-line interface.
What is getty? getty is a program that manages physical or virtual terminals on Unix-like systems. It is responsible for prompting for a login name and starting the login process.
If you want to enable auto-login on the Proxmox console (TTY), you can do this by modifying the getty service configuration. This allows you to log in automatically without entering a username and password each time you access the console. This is helpful when your homelab server restarts for some reason, and you want to avoid manual login.
...
Introduction If you don’t have a paid Proxmox subscription, you’ll see a warning about the Enterprise repository. This is normal for home labs, but you can easily switch to the free no-subscription repository and get rid of the alert.
Steps to Fix the Warning Step 1: Open the Proxmox APT sources file nano /etc/apt/sources.list.d/pve-enterprise.list Step 2: Disable the enterprise repository Add a # at the start of the line so it looks like this:
...
Introduction This guide shows you how to set up a secure and flexible Proxmox VE homelab. You will:
Isolate your VM network but keep internet access. Securely access the Proxmox web UI using Cloudflare Tunnel and custom DNS. Block direct IP access to the Proxmox UI. Prepare for adding more services in the future. Prerequisite Before you start, ensure you have:
Already installed Proxmox VE on your machine. A basic understanding of Linux command line. A Cloudflare account with a domain set up (e.g., yourdomain.com). Already created a linux bridge network in Proxmox for your VMs. Check out my blog post on How to Configure DHCP Server to Create vmbr Bridge Network for guidance. Example values we are going to use Assuming you have a Proxmox VE installation with the following network configuration: Note that these values are examples. You should replace them with your actual network settings.
...
Introduction This guide will help you set up a DHCP server on your Proxmox host to create a bridge network (vmbr1) for your virtual machines (VMs). This setup allows VMs to automatically receive IP addresses and network configuration from the DHCP server.
Also, helps in isolating the VM network while still providing internet access.
Install DHCP Server and Configure Bridge Network Install DHCP server on Proxmox host:
apt install isc-dhcp-server Set interface in /etc/default/isc-dhcp-server:
...