Foggy Clouds

Upgrading a Talos Kubernetes Cluster

Rolling upgrades for Talos Linux and Kubernetes versions. Upgrade workers first, control plane last, and always have a rollback plan.

Posted on 11 February 2026

Rolling upgrades for Talos Linux and Kubernetes. Workers first, control plane last. Always have a rollback plan. [Read More]
Tags:
- kubernetes
- talos
- upgrades
- homelab
- operations
Talos Day-2 Operations: Managing Your Cluster

Everything after the initial deploy. talosctl essentials, etcd management, node replacement, config patches, and troubleshooting a Talos Kubernetes cluster.

Posted on 11 February 2026

Everything after terraform apply. talosctl essentials, etcd management, node replacement, config patches, and troubleshooting a Talos cluster. [Read More]
Tags:
- kubernetes
- talos
- operations
- homelab
- etcd
- troubleshooting
Autoscaling a Talos Kubernetes Cluster

Pod and node autoscaling for a homelab Talos cluster. HPA for horizontal scaling, VPA for right-sizing, and a custom Terraform-based node autoscaler for Proxmox.

Posted on 11 February 2026

Pod and node autoscaling for a homelab Talos cluster. HPA for horizontal scaling, VPA for right-sizing, and a custom Terraform-based node autoscaler for Proxmox. [Read More]
Tags:
- kubernetes
- talos
- autoscaling
- homelab
- proxmox
- terraform
Fixing Intel e1000e NIC Failures on Proxmox

Network drops, backup freezes, and hardware unit hangs - the Intel I217/I219 on recent Proxmox kernels has a regression. Here's the ethtool workaround that actually works.

Posted on 9 February 2026

“When the network dies at 2am, you learn to love ethtool. And kernel pinning. And backups.” - Homelab incident retrospective [Read More]
Tags:
- proxmox
- networking
- homelab
- intel
- e1000e
- troubleshooting
Vault + Consul: Enterprise Secret and Config Management for Kubernetes

Migrating from hardcoded secrets to Vault and Consul with automated backups. Secrets in Vault, config in Consul, zero hardcoded values.

Posted on 9 February 2026

I found my Gmail password in Git. In a public repo. Three months after I pushed it. [Read More]
Tags:
- kubernetes
- vault
- consul
- security
- secrets
- configuration
- external-secrets
- backup
Ansible Vault for Secrets

Encrypt API keys, backup passwords, and tokens in group_vars with ansible-vault. Keep secrets in Git without exposing them.

Posted on 9 February 2026

API keys, backup passwords, Proxmox tokens. You need them in Ansible. You don’t want them in plaintext in Git. Ansible Vault encrypts files so you can commit them safely. [Read More]
Tags:
- ansible
- security
- vault
- secrets
Scheduled Ansible Runs with Cron

Run the patch playbook weekly. Keep Proxmox hosts updated without remembering to do it.

Posted on 9 February 2026

Ansible works when you run it. Ad-hoc runs drift. Schedule the patch playbook weekly and forget about it. [Read More]
Tags:
- ansible
- cron
- automation
- patching
Managing Proxmox Hosts with Ansible

First-boot configures the host. Ansible keeps it that way. Patching, security hardening, and automated backups - run it once or schedule it.

Posted on 9 February 2026

The automated Proxmox install gets you a configured host from a USB stick. But what happens in month two? Package updates, SSH hardening drift, backup schedule changes. Manual changes on a single host become tribal knowledge. Add a second node and you’re copy-pasting configs. [Read More]
Tags:
- ansible
- proxmox
- homelab
- automation
- patching
- security
- backup
Monitor Ansible Runs with Uptime Kuma

Alert if site.yml or the patch playbook fails. Use Uptime Kuma's heartbeat monitor so a missed run triggers a notification.

Posted on 9 February 2026

Scheduled Ansible runs fail silently. A host is unreachable, a variable is wrong, or SSH keys expired. You find out when the host drifts. Uptime Kuma’s push monitor fixes that. [Read More]
Tags:
Ansible CI/CD with GitHub Actions

Run ansible-lint and check mode on every PR. Catch config drift and risky changes before they hit production.

Posted on 9 February 2026

Every PR that touches Ansible playbooks should pass ansible-lint and ansible-playbook --check. GitHub Actions runs them automatically - no “I’ll lint before merge” discipline required. [Read More]
Tags:
- ansible
- cicd
- github-actions
- linting

Older Posts →

Upgrading a Talos Kubernetes Cluster

Rolling upgrades for Talos Linux and Kubernetes versions. Upgrade workers first, control plane last, and always have a rollback plan.

Talos Day-2 Operations: Managing Your Cluster

Everything after the initial deploy. talosctl essentials, etcd management, node replacement, config patches, and troubleshooting a Talos Kubernetes cluster.

Autoscaling a Talos Kubernetes Cluster

Pod and node autoscaling for a homelab Talos cluster. HPA for horizontal scaling, VPA for right-sizing, and a custom Terraform-based node autoscaler for Proxmox.

Fixing Intel e1000e NIC Failures on Proxmox

Network drops, backup freezes, and hardware unit hangs - the Intel I217/I219 on recent Proxmox kernels has a regression. Here's the ethtool workaround that actually works.

Vault + Consul: Enterprise Secret and Config Management for Kubernetes

Migrating from hardcoded secrets to Vault and Consul with automated backups. Secrets in Vault, config in Consul, zero hardcoded values.

Ansible Vault for Secrets

Encrypt API keys, backup passwords, and tokens in group_vars with ansible-vault. Keep secrets in Git without exposing them.

Scheduled Ansible Runs with Cron

Run the patch playbook weekly. Keep Proxmox hosts updated without remembering to do it.

Managing Proxmox Hosts with Ansible

First-boot configures the host. Ansible keeps it that way. Patching, security hardening, and automated backups - run it once or schedule it.

Monitor Ansible Runs with Uptime Kuma

Alert if site.yml or the patch playbook fails. Use Uptime Kuma's heartbeat monitor so a missed run triggers a notification.

Ansible CI/CD with GitHub Actions

Run ansible-lint and check mode on every PR. Catch config drift and risky changes before they hit production.