Security scanning of your code with Trivy
Security vulnerabilities in your codebase need to be dealt with. Trivy is an open source tool that is straightforward to set up.
Connecting GitHub with Claude Code through MCP
I've been exploring ways to give Claude Code more context about my projects, and the GitHub MCP server caught my attention. Setting it up turned out to be straightforward.
Git hooks for code quality: catching issues before they escape
There's a particular kind of frustration that comes from pushing code, feeling good about your progress, then watching CI fail on a missing semicolon. It's the development equivalent of tripping over your own shoelaces – embarrassing and entirely preventable.
A containerised sandbox for Claude code
I've been using Claude Code for a few weeks now, watching it navigate codebases and execute commands with impressive competence. It's genuinely helpful – the kind of tool that makes you wonder how you managed without it. But there's this nagging voice in the back of every platform engineer's head that asks uncomfortable questions at 2 AM: What if it decides to explore that .ssh directory?
When code speaks the business language
I've been working with AI coding assistants for months now, and there's this recurring pattern that initially frustrated me but eventually became enlightening. You ask Claude (other AI tooling exists) to help with a method called processData(), and it generates comprehensive tests for data validation and transformation. The tests are perfectly written and completely wrong – because the method actually handles user authentication.
Building controlled context with Markdown reader MCP
I was deep in a coding session last week when it hit me: my AI assistant had no clue about the deployment process I'd carefully documented two months ago. Or the coding standards my team had hammered out. Or the architectural decisions that explained why half the codebase looked the way it did.
Auto-completion of Kubernetes custom resource definitions (CRDs)
Custom Resource Definitions (CRDs) are a powerful way to extend Kubernetes. They let products provide their own Kubernetes resource types tailored to their specific needs. A Kubernetes operator may then use such a CRD to manage applications or provide other custom behaviour. Writing these CRDs freehand can be error-prone. It's easy to misplace indentation in YAML or mistype a property name. If these mistakes make it into a cluster, they might only surface when a pod fails to start or a resource behaves unexpectedly.
Exploring the new native env file support in Node.js
Back in 2011, The Twelve-Factor App laid out some fundamental principles about keeping configuration separate from code. It became the go-to guide for how we handle environment variables, influencing everything from Docker's ENV directives to how we structure modern applications.
Setting up OpenTelemetry to send metrics and traces to Grafana Cloud
Observability is essential for understanding how your system actually behaves and for ensuring reliable performance and a solid user experience. As systems grow and evolve, you need consistent, vendor-neutral observability tooling - especially when you want to avoid getting locked into a single platform provider. Cost becomes a real concern as your usage scales: what seemed like an affordable package with low user volumes can quickly become expensive as usage ramps up.
Deploying Kube resources with the Argo CD app of apps pattern
Now that I have my local kube stack with K3s on a couple of Raspberry Pis, my next task I wanted to tackle was to set up an App of Apps structure so that I could (repeatedly) go from empty kube stack to my desired set of applications deployed into the cluster. The app of apps pattern in Argo CD helps define the apps that we want deployed, all driven from Git repository that describes a desired state.
Raspberry Pi 5, Argon NEO 5 case and NVMe SSD unboxing
The Pi 5 introduced a lovely little PCIe slot onto the Raspberry Pi board. Ideal for attaching an SSD drive, which is just what the Argon NEO 5 M.2 NVME connects to. Let's unbox the kit and get it up and running.
Mounting LUKS encrypted drive on Raspberry Pi on boot
LUKS provides support for encrypted drives on Linux and we can provide password for decryption during the boot sequence over SSH with dropbear so that encrypted drive can mount on startup. I had an itch to set up an encrypted drive on a Raspberry Pi to give the data some protection in case the Raspberry Pi went missing. Given I was upgrading a Raspberry Pi I was using as a small media server, I thought it would be a good time to try out LUKS and dropbear SSH.
How to boot a Raspberry Pi from a local SSD drive
I've used a Raspberry Pi 4 in an Argon ONE M.2 case for a while. It allows me to attach an M.2 SATA SSD to my Pi, improving boot times and performance considerably. Let's go through how we can get the Pi booting from a SSD device.
Automate Let's Encrypt certificates with the Caddy web server
I was setting up a small internal network with a few hosted services and I wanted these services to route through virtual hosts so I could start configuring some good semantic host names for each of these services. Naturally, these services also needed to be delivered over https with trusted certificates.
Under the covers of SOPS for codifying CI/CD and IaC secrets
SOPS (Secrets OPerationS) is a command line tool that encrypts and decrypts files in a way that allows you to codify CI/CD and dev processes that require secrets. In an encrypted form, secrets can be stored in a Git repository, with appropriate access control, in the knowledge that it is hard to decrypt the secrets without the authorisation to decrypt. Codifying of secrets and SOPS tooling, helps make rotation of secrets easier, and hence encourages us to become better at timely rotations, in turn de-risking exposure of historical secrets.
Local Argo CD in k3d with trusted HTTPS routes
The non-trusted certificate warnings when I spun up Argo CD locally in a k3d cluster were bugging me. Let's fix them and get Argo CD spun up locally without these warnings, with trusted certificates and end-to-end encrypted flows.
Routing k3d deployments with a Traefik reverse proxy
I started writing a blog that needed a clean way to expose two services from the cluster, and it got me wondering the best way to do this. I'm often aiming to write blogs on this site in a zero-to-goal manner, so they can be read in isolation. k3d by default uses traefik, which is pretty neat when it comes to low configuration, however it did lead me to experimenting with ways to expose services with a lightweight approach that I could use in future blogs. Let's have a look at some of the options.
Setting up persistent volumes for storage in a k3d cluster
To set up any service that needs to retain data, we're going to need to make sure the storage is persistent through pod and cluster restarts. In Kubernetes we can set up a PersistentVolume (PV) to define the storage resource, and a PersistentVolumeClaim (PVC) to use the PersistentVolume.
Deploying Kubernetes on a Raspberry Pi cluster with k3s
K3s is a fantastic lightweight Kubernetes distribution that is so quick to install on a collection of Raspberry Pis. I had a couple of Raspberry Pis sitting idle so had a go at spinning up a Kubernetes cluster on them. It's great way to get some deeper understanding and hone your Kubernetes skills.
Running local AI code assist to power your IDEs with Ollama
I'm intrigued in how effective it is to run code assist models locally. I'm keen to explore the available IDE extensions and AI models. Let's start with VSCode, the Code GPT extension and models run locally with Ollama.
Getting started with GitOps with a local Argo CD stack
Argo CD creates and updates resources in a Kubernetes cluster to achieve the desired state that is defined in a Git repository. This allows us to declare the desired state of our resources and leave Argo CD to do the work of deploying and updating the cluster to achieve this state.
Spinning up a local Gitea service for GitOps practice
I wanted a quick throwaway git service for some GitOps practice. Gitea is an open source Git hosting service. It is powerful for self-hosting a GitHub-like service, but also lightweight and straightforward to spin up as needed for little experiments.
Comparing local k8s stacks; k3d, minikube and microK8s
I explored spinning up a local cluster with k3d recently, however I realised I should have compared k3d with other approaches. Let's compare kind, minikube and microk8s and see how these different k8s stacks help for local development.
Monitoring Kubernetes metrics with Grafana and Prometheus
Grafana is an open observability platform that gives your team a centralised view on the health and behaviour of your system. We'll use Kubernetes metrics to quickly spin up some dashboards and provide foundations to experiment and learn more about Grafana.
Locally running GenAI and large language models with Ollama
If you are interested in exploring Generative AI without relying on cloud services, Ollama can run open models entirely locally, giving you a chance to explore GenAI APIs and capabilities.