High Availability and Split-Brain Runbook with Redis Sentinel
A field-ready runbook for operationally managing quorum, failover, and split-brain risk in a Redis Sentinel-based HA setup.
280 posts
Step-by-step guides, practical examples and hands-on tutorials.
A field-ready runbook for operationally managing quorum, failover, and split-brain risk in a Redis Sentinel-based HA setup.
A runbook to triage the 401 wave (kid mismatch/JWKS cache) that occurs during JWT key rotation, and to set up safe overlap/caching strategy.
A practical guide for generating signals before the nf_conntrack table fills up, applying safe sysctl tuning, and recovering in a controlled way during an…
Chrony settings, firewall recommendations, and drift/loss alarms to design a hierarchical and secure time synchronization.
A runbook to triage the connect timeout crisis when the SYN backlog/accept queue fills up, apply rapid mitigation, and design lasting resilience.
A practical Vector and VRL based approach for cleaning sensitive fields out of a centralised log stream before they reach the destination.
A practical way to manage server services with systemd and Podman Quadlet, free from the Docker daemon dependency.
A practical guide to admitting container images not just by a CVE list, but by component inventory and policy threshold.
An AppArmor guide for securing server services through process-level constraints rather than generic hardening.
A practical Nuclei approach for scanning internal network services with low noise and tying validated findings to your operations workflow.
A Headscale-based management network overlay guide for providing controlled access to scattered servers and management endpoints.
A guide that explains how to set up tail sampling to lower cost on high-volume trace data while preserving the critical flows.
A guide that explains a step-ca based short-lived TLS certificate generation flow for cutting long-lived certificate burden between internal services.
An installation guide that pushes a real reachability signal into Prometheus by running HTTP, TCP, and TLS checks from multiple network locations.
A guide describing how to set up filtering and routing on the OpenTelemetry Collector to reduce unnecessary volume in metric, log, and trace flows.
A practical and enterprise-friendly setup guide for signing container images with Cosign and verifying them in the delivery pipeline.
A guide describing how to set up an nftables-based egress policy layer to control which destinations servers can reach in the outside world.
A practical guide to splitting OpenTofu state in order to preserve tenant, environment, and ownership boundaries in enterprise infrastructure.
A SmokePing guide for making latency and jitter behaviour visible across branch, data center, and cloud connections.
An rsyslog and RELP-based setup that keeps critical logs intact through TCP drops as they ship to a central system.
A clear design framework based on MetalLB for publishing services on bare metal Kubernetes clusters without a cloud load balancer.
Set up a policy-based routing layout on Linux servers with Netplan that separates primary and secondary uplinks based on source network.
A practical WireGuard-based approach to building short-lived, auditable management access instead of permanent VPN accounts.
A secure authorization pipeline you can build with the Envoy ext_authz filter to separate identity, policy, and decision logging on internal service traffic.