Kubernetes

cartoon cover for: Dev Notes

📝 Dev Notes

Running notes on things I’ve hit, fixed, or found worth remembering.

cartoon cover for: Every Robot in My House Can Text Me Now

Every Robot in My House Can Text Me Now

My house is full of automation that never told me anything — until I gave it one push bus. The first thing I taught it to do was warn me before Claude Code cuts out mid-task.

cartoon cover for: Is Anyone Knocking? A Security Pass on My Homelab

Is Anyone Knocking? A Security Pass on My Homelab

I set out to answer a simple worry — is someone trying to get into my server? — and found the scarier question underneath it: if they did, would I even know? My front door was solid. The inside had an alarm with the wires cut, a web terminal sitting on the open internet, and no floor under the blast radius. Here’s the audit, and the three things I fixed.

Audiobookshelf library: the same tale with stock narrator and the cloned dad voice

🎙️ Cloning My Own Voice for My Kid's Audiobooks

Zero-shot voice cloning with XTTS-v2 on a CPU-only k3s node: 26 seconds of phone audio in, a cloned-voice audiobook out — and an honest verdict from the bedtime jury. Every manual step, including the ones that went wrong.

Brew Buddy batch detail with fermentation log

🫙 I Built a Tracker for My Kombucha. The Data Model Was the Hard Part.

Brewing kombucha looks simple until you try to model it: one batch splits into many flavored bottles, every jar generates a stream of pH and taste readings, and a SCOBY has a lineage. Here’s the little app I built to keep track — and why the schema, not the code, was the real work.

Three walls of multi-tenant isolation on Kubernetes, verified end-to-end

🧱 How Do You Isolate Two n8n Tenants on Kubernetes — and Prove Each Wall Holds?

Multi-tenant isolation is easy to assert and hard to verify. Three walls — network, secret, resource — and the actual 403s, timeouts, and admission rejections that prove each one holds.

n8n workflow canvas

🍵 I A/B-Tested Cloud vs Local LLMs in One n8n Agent. The Local One Faked It.

I built an AI agent in self-hosted n8n over my kombucha-tracking app, then gave it two brains — NVIDIA’s 70B and a local Phi-3.5 — sharing the same tools. The cloud model called the tools and answered from real data. The local one couldn’t, so it made things up.

cartoon cover for: Five Ways to Manage Kubernetes Manifests (and Why They're Not All Equal)

📦 Five Ways to Manage Kubernetes Manifests (and Why They're Not All Equal)

Raw YAML, Kustomize, Helm, Jsonnet — there’s more than one way to describe what you want running in a cluster. Here’s what each actually looks like in practice and where each one breaks.

the little robot stands guard at a doorway like a friendly bouncer, holding up a hand to check a stack of papers, while the boy in the cap watches; a shield symbol floats above them, protective and watchful

🔒 Building a PII Guardrail Proxy for Cloud LLM Calls

A local model classifies every prompt before it leaves the cluster. If it’s sensitive, it’s blocked. If it’s clean, it goes to NVIDIA NIM. 150 lines of FastAPI, deployed on k3s.

cartoon cover for: Privacy-Preserving LLM Pipelines: Anonymize Before You Send

🕵️ Privacy-Preserving LLM Pipelines: Anonymize Before You Send

Replace PII with semantically realistic fakes before sending to a cloud LLM, then restore the originals from the response. Started with a general model and prompt engineering — then upgraded to a purpose-built 1.7B fine-tune via Ollama.