Kubernetes on Minoko Labs

Mochi: An Algorithmic Trading Backtest Platform on Kubernetes

Tue, 27 Jan 2026 12:00:00 +0000

Architecture of a multi-language backtest pipeline using Argo Workflows, Trino, MinIO, and a React dashboard on a homelab Kubernetes cluster

Kubernetes Local PVs and Symlinks Do Not Mix

Mon, 26 Jan 2026 20:00:00 +0100

Why Kubernetes local persistent volumes fail to mount when the hostPath is a symlink, and how to fix it with bind mounts.

Avoiding Stale Builds with Kaniko and Container Registry Caching

Sun, 18 Jan 2026 14:00:00 +0000

Debug and fix stale container builds caused by Kaniko layer caching and Kubernetes node image caching when using mutable tags like latest.

Clean URLs with NGINX Ingress Redirects

Sun, 18 Jan 2026 12:50:00 +0000

Use a separate Ingress with permanent-redirect annotation to create clean URL redirects when configuration snippets are disabled.

VLAN Traffic Separation with MikroTik and OPNsense

Fri, 09 Jan 2026 21:12:46 +0000

Configure VLAN separation on a MikroTik CRS310 switch with OPNsense to isolate Kubernetes traffic from bulk data transfers on a dual-homed node.

Configuring Alertmanager Slack Notifications with kube-prometheus-stack

Sun, 04 Jan 2026 00:55:04 +0000

Setting up Prometheus Alertmanager to send notifications to Slack, including gotchas with Prometheus operator compatibility and Linkerd sidecar injection.

Adding NetworkPolicies for Defense-in-Depth with Linkerd

Sat, 03 Jan 2026 23:49:47 +0000

Implementing Kubernetes NetworkPolicies alongside Linkerd mTLS to restrict pod-to-pod communication in critical namespaces.

In-Cluster GitLab Runner with Kubernetes Executor

Sat, 03 Jan 2026 20:51:28 +0000

Deploy a GitLab Runner inside your Kubernetes cluster using the Kubernetes executor. CI jobs spawn as pods, use Kaniko for rootless Docker builds, and cache dependencies in MinIO.

Building a GPU-Accelerated RAG System for Gold Market Intelligence

Sat, 03 Jan 2026 20:48:34 +0000

This post documents the implementation of a Retrieval-Augmented Generation (RAG) system for gold market intelligence, running entirely on a homelab Kubernetes cluster with GPU acceleration.

The Goal

Build a self-hosted AI system that:

Ingests gold market data from multiple sources (FRED, GoldAPI, RSS feeds)
Stores embeddings in a vector database
Provides natural language query capabilities using a local LLM
Runs on an NVIDIA RTX 5070 Ti GPU

Architecture

┌─────────────────────┐ ┌─────────────────────┐ ┌─────────────────────┐
│ Data Ingestion │───▶│ Embedding Service │───▶│ Qdrant │
│ (CronJobs) │ │ (nomic-embed-text) │ │ (Vector Store) │
└─────────────────────┘ └─────────────────────┘ └──────────┬──────────┘
│
┌─────────────────────┐ ┌─────────────────────┐ │
│ Query Service │◀───│ Ollama │◀──────────────┘
│ (RAG API + UI) │ │ (Llama 3.1 8B) │
└─────────────────────┘ └─────────────────────┘
│ │
│ ┌──────┴──────┐
▼ │ RTX 5070 Ti │
Web UI @ :80 │ (16GB) │
└─────────────┘

Components

Component	Purpose	Image
Ollama	LLM inference (Llama 3.1 8B) + embeddings (nomic-embed-text)	ollama/ollama
Qdrant	Vector database for storing embeddings	qdrant/qdrant
Data Ingestion	CronJobs fetching from FRED, GoldAPI, RSS	Custom Python/FastAPI
Embedding Service	Converts text to vectors, stores in Qdrant	Custom Python/FastAPI
Query Service	RAG pipeline + web UI	Custom Python/FastAPI

Data Sources

Source	Data	Schedule
FRED	Gold price history, CPI, Fed Funds Rate, 10Y Treasury, USD Index	Every 6 hours
GoldAPI.io	Real-time XAU/USD spot price	Hourly
RSS Feeds	Market news from Investing.com	Every 4 hours

Implementation

Repository Structure

gold-intelligence/
├── .gitlab-ci.yml
├── services/
│ ├── data-ingestion/
│ │ ├── Dockerfile
│ │ ├── requirements.txt
│ │ └── src/
│ │ ├── main.py
│ │ └── collectors/
│ │ ├── fred.py
│ │ ├── gold_api.py
│ │ └── news_rss.py
│ ├── embedding-service/
│ │ ├── Dockerfile
│ │ ├── requirements.txt
│ │ └── src/
│ │ ├── main.py
│ │ ├── embedder.py
│ │ └── qdrant_client.py
│ └── query-service/
│ ├── Dockerfile
│ ├── requirements.txt
│ └── src/
│ ├── main.py
│ ├── rag_pipeline.py
│ ├── ollama_client.py
│ └── static/ # Web UI
├── helm/
│ ├── data-ingestion/
│ ├── embedding-service/
│ ├── query-service/
│ ├── ollama-values.yaml
│ └── qdrant-values.yaml
└── kubernetes/
└── argocd/

Ollama Configuration

The key to GPU acceleration is the runtimeClassName: nvidia in the Helm values:

Enabling HTTPS on Wiki.js with Let's Encrypt via OPNsense

Sat, 03 Jan 2026 19:49:58 +0000

Migrate Wiki.js from HTTP to HTTPS using a Let's Encrypt wildcard certificate managed by OPNsense, with automatic synchronization to Kubernetes via a CronJob.

Adding Comments with Comentario: Self-Hosted PostgreSQL-Backed Comments

Sat, 03 Jan 2026 12:00:00 +0000

Deploy Comentario as a self-hosted PostgreSQL-backed comment system for Hugo blogs, with GitHub OAuth, custom theming, and HAProxy TLS termination.

Exposing an NVIDIA RTX 5070 Ti GPU in Kubernetes with Time-Slicing

Fri, 02 Jan 2026 23:00:00 +0000

Expose an NVIDIA RTX 5070 Ti Blackwell GPU in Kubernetes with time-slicing support, including PyTorch compatibility requirements for sm_120 compute capability.

OPNsense IDS Monitoring with Suricata, Loki, and Grafana

Thu, 01 Jan 2026 23:30:00 +0000

Forward OPNsense Suricata IDS alerts to Loki via syslog and visualize intrusion detection events in Grafana alongside firewall logs.

Automatic Certificate Rotation with cert-manager and Linkerd

Thu, 01 Jan 2026 12:00:00 +0000

Automate Linkerd identity issuer certificate rotation using cert-manager, with a CronJob to sync secret formats and Prometheus alerts for expiry warnings.

Enabling CPU and Memory Stats in k9s on Bare-Metal Kubernetes

Thu, 01 Jan 2026 10:00:00 +0000

Enable CPU and memory metrics in k9s on bare-metal kubeadm clusters by installing metrics-server with the required kubelet TLS configuration.

GitOps Blog Deployment with ArgoCD and Automatic Image Updates

Mon, 29 Dec 2025 19:00:00 +0000

Set up a fully automated blog deployment pipeline using ArgoCD and Image Updater, where pushing to main automatically builds, detects, and deploys new container images to Kubernetes.

Configuring OPNsense Firewall Rules via API for Cross-VLAN Kubernetes

Sun, 28 Dec 2025 21:14:00 +0000

Configure OPNsense firewall rules via REST API to allow Kubernetes traffic between VLANs, including firewall rules, node preparation, and HAProxy backend updates for a cross-network cluster.

Why You Need --disable-eviction for Homelab Kubernetes Node Drains

Sun, 28 Dec 2025 21:00:00 +0000

Solve PodDisruptionBudget deadlocks in homelab Kubernetes clusters by using --disable-eviction during node drains when running single-replica workloads.

Why Your Kubernetes Control Plane Has a NoSchedule Taint

Sun, 28 Dec 2025 13:00:00 +0000

Understand why Kubernetes control plane nodes have a NoSchedule taint and when you should (or shouldn't) remove it to run workloads on control plane nodes.

Backing Up etcd to MinIO with a Kubernetes CronJob

Sun, 28 Dec 2025 12:00:00 +0000

Create automated daily etcd backups using a Kubernetes CronJob that snapshots cluster state and uploads to MinIO with automatic retention management.

Upgrading Kubernetes with Ansible: A Homelab Guide

Sat, 27 Dec 2025 20:00:00 +0000

Automate Kubernetes cluster upgrades with Ansible playbooks that handle etcd backups, version validation, serial worker upgrades, and health verification.

Backing Up Kubernetes Data to Scaleway Object Storage

Sat, 27 Dec 2025 18:00:00 +0000

Set up offsite cloud backups for Kubernetes databases using MinIO mirror and Scaleway Object Storage, with scheduled sync via CronJob and automatic retention.