Kogent.Tech — Infrastructure Engineering Bloghttps://blog.kogent.tech/Recent content on Kogent.Tech — Infrastructure Engineering BlogHugoen-usWed, 06 May 2026 00:00:00 +0000How We Built a Self-Healing DNS Failover for $0 Using Cloudflare Workershttps://blog.kogent.tech/posts/building-a-failover/Wed, 06 May 2026 00:00:00 +0000https://blog.kogent.tech/posts/building-a-failover/<p>Every hosting provider has maintenance windows. Most give you notice. Some don&rsquo;t. When your provider goes dark at an inconvenient time, you have two options: scramble to restore service or switch traffic to a secondary site that&rsquo;s already running and already current. The first option is stressful. The second one is engineering.</p> <p>This post covers how we built automated DNS failover across a fleet of production sites — our own &lsquo;kogent.tech&rsquo; and several client sites — using Cloudflare Workers, Cloudflare KV, an on-premises server, and a Cloudflare Tunnel. The whole system costs nothing in ongoing fees. Failover takes under two minutes. Failback is automatic.</p>Building a Data-Sovereign Mail Server, Part 1: Classical Hardeninghttps://blog.kogent.tech/posts/building-a-mail-server/Wed, 29 Apr 2026 00:00:00 +0000https://blog.kogent.tech/posts/building-a-mail-server/<p>Running your own mail server has a reputation. The conventional wisdom is that it&rsquo;s a masochistic endeavour best left to people who enjoy reading RFC errata for fun on a Sunday afternoon. Spam filters will hate you. Your IP will be blacklisted before you send your first message. You&rsquo;ll wake up at 3am to a silent inbox and spend an hour discovering that a single missing SPF record cost you a week of legitimate mail.</p>Building a DevOps blog: Hugo, GitLab CI, and Cloudflare Pageshttps://blog.kogent.tech/posts/building-a-devops-blog/Tue, 31 Mar 2026 00:00:00 +0000https://blog.kogent.tech/posts/building-a-devops-blog/<p>A DevOps blog should practice what it preaches. So when I decided to start writing about infrastructure work, I wasn&rsquo;t going to click through a WordPress installer or pick a Squarespace template. The blog itself needed to be a project — version-controlled, automated, infrastructure-as-code, and deployed through a proper CI/CD pipeline.</p> <p>This is the write-up of how I built <a href="https://blog.kogent.tech">blog.kogent.tech</a> from scratch — the stack decisions, the theme build, the pipeline, and everything that broke along the way.</p>Migrating six WordPress sites to Kubernetes: what actually brokehttps://blog.kogent.tech/posts/k8s-migration/Tue, 24 Mar 2026 00:00:00 +0000https://blog.kogent.tech/posts/k8s-migration/<p>Running six WordPress sites on a bare-metal Debian 11 LAMP stack is fine — until it isn&rsquo;t. No secret management, no automated backups, and deployments meant SSH-ing into the server and copying files. By early 2026 the technical debt was obvious enough to justify a full migration.</p> <p>The goal: migrate everything to Kubernetes, implement proper secret management with HashiCorp Vault, automate backups, and decommission the old host entirely. This post covers what that actually looked like — not the happy path, but the parts that broke and why.</p>