Kubernetes from scratch with kubeadm
Three VMs, no cloud, no shortcuts. Ansible-managed control plane + workers, Calico CNI, MetalLB for LoadBalancer.
in progress
I'm an engineer working my way from fundamentals to a DevSecOps career. Everything I learn lands here as notes, homelab experiments, and honest write-ups — including the stuff that didn't work the first time.
This page updates roughly monthly. Inspired by Derek Sivers' /now page idea.
Small, focused homelab projects — the point isn't the deliverable, it's understanding what's happening underneath. Repos go up as I finish each one.
kubeadmThree VMs, no cloud, no shortcuts. Ansible-managed control plane + workers, Calico CNI, MetalLB for LoadBalancer.
Rebuilding container and pod networking from raw primitives: network namespaces, veth pairs, bridges, iptables DNAT, VXLAN.
Simulating a shared cluster with team namespaces, quotas, NetworkPolicies, and a verification script that proves the isolation works.
I write as I learn — each post is a concept I struggled with, explained in the way I wish someone had explained it to me.
I'm Alex — UK-based, working through a deliberate two-year plan to move into DevSecOps. The focus: Kubernetes, AWS, and the security layer that sits across both.
My approach is simple: rebuild things from first principles, homelab everything, and write about what surprised me. I'd rather post a rough note I actually understand than a polished article I half-copied.
Currently working toward:
Not a badge collection — each cert comes with a public project that proves I actually use the material.
Happy to hear from other engineers learning the same things, people working in DevSecOps who'd share a coffee/call, or anyone who spots something wrong in a post. Freelance enquiries: see consulting.