Helvede

0 posts0 participants0 posts today

Nic Roland :mastodon:Okay, authentik is up! Took a while, I was fighting against flux and the helm release because it deployed with the wrong StorageClass (I forgot to have that configuration ready before release.) Helm wasn't able to modify the PVC because they're immutable, updating the release has to wait for the initial release to succeed (which it won't) or timeout and flux is quiet on the reasons for all of this unless you know where to look 😔 lots of learning was had though! Anyway, admin and personal user accounts created, MFA enabled. Got my first application integrated too! (actual budget)What next? The world is my oyster... Probably gitea or semaphore. I'm hesitant to integrate services like jellyfin before I have more users onboarded and this gives me an opportunity to experiment with other edge cases like other providers and service accounts and such <a href="https://techhub.social/tags/selfhosted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#selfhosted</a> <a href="https://techhub.social/tags/homelab" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#homelab</a> <a href="https://techhub.social/tags/authentik" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#authentik</a> <a href="https://techhub.social/tags/sso" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sso</a> <a href="https://techhub.social/tags/fluxcd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#fluxcd</a> <a href="https://techhub.social/tags/gitops" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#gitops</a> <a href="https://techhub.social/tags/helm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#helm</a>

Sam WestonI've just learned about <a href="https://blahaj.social/tags/Weaveworks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Weaveworks</a> shutting down. They've done a lot of very interesting work in the <a href="https://blahaj.social/tags/kubernetes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#kubernetes</a> space over the years and I'm sad to see them go.I'm a big <a href="https://blahaj.social/tags/FluxCD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FluxCD</a> fan, to the point where my team is in the process of moving our entire business over to it.I'm glad to see <a href="https://hachyderm.io/@stefanprodan" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@stefanprodan</a> at a new company and continuing to work on Flux. 😄

Tech Tyrant ᴶᴶᴳᵃᵈᶢᵉᵗˢ :jjtinfoil:I'm finally writing an <a href="https://social.jjgadgets.tech/tags/introduction" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#introduction</a> toot LOL.I'm "JJGadgets" online, you can call me JJ, everyone does.My life is <a href="https://social.jjgadgets.tech/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tech</a>, nothing brings me more joy and zen than sitting in front of my screens. Maybe except for Japanese food.I use and prefer <a href="https://social.jjgadgets.tech/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#linux</a> for both server and desktop use, despite its flaws. I live in the <a href="https://social.jjgadgets.tech/tags/commandline" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#commandline</a>. Been that way since I first jailbroke on iOS 5 and installed MobileTerminal.I study <a href="https://social.jjgadgets.tech/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> but textbooks and lessons don't even come close to doing justice to what <a href="https://social.jjgadgets.tech/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> is all about. I like to think that I live and strive to live the infosec life, including my mindset. (After all, that's why <a href="https://fedi.voltaicforge.com/users/truxnell" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@truxnell</a> started calling me the "tinfoil hat sensei" LOL)I do <a href="https://social.jjgadgets.tech/tags/kubernetes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Kubernetes</a> @ Home, and maintain my cluster state in <a href="https://social.jjgadgets.tech/tags/git" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#git</a> then apply it with tools like <a href="https://social.jjgadgets.tech/tags/fluxcd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FluxCD</a>. My <a href="https://social.jjgadgets.tech/tags/homelab" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#homelab</a> repo can be found at <a href="https://biohazard.jjgadgets.tech" rel="nofollow noopener noreferrer" target="_blank">https://biohazard.jjgadgets.tech</a> (will always 301 redirect to my latest Git remote of choice, in the event it changes). I think using <a href="https://social.jjgadgets.tech/tags/gitops" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GitOps</a>/IaC to declare desired security-related state (policies, rules etc) makes managing security a lot easier.I try to follow "Principle of Least Privilege" for my homelab, and especially for Kubernetes security, using tools such as network policies (<a href="https://social.jjgadgets.tech/tags/netpols" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#netpols</a>), policy engines, secrets management, identity management, strong <a href="https://social.jjgadgets.tech/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#authentication</a>, and access control. For example, my homelab Kubernetes cluster heavily uses netpols everywhere to default-deny and only allow the necessary network traffic for any given app to work.I am also very interested in strong authentication methods such as <a href="https://social.jjgadgets.tech/tags/passwordless" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passwordless</a> <a href="https://social.jjgadgets.tech/tags/fido2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#fido2</a> / <a href="https://social.jjgadgets.tech/tags/webauthn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#webauthn</a> (<a href="https://social.jjgadgets.tech/tags/yubikey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#yubikey</a> and <a href="https://social.jjgadgets.tech/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passkeys</a>) and where possible, I only enroll FIDO2 MFA, and choose the passwordless variant if available.I try my best to use privacy-respecting software where possible, as I believe in maintaining transparency and control over the <a href="https://social.jjgadgets.tech/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#privacy</a> of people, regardless of online or offline.I also believe in <a href="https://social.jjgadgets.tech/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a>, too many times we've been shown the consequences of relying on closed source software, so where possible I always prefer open source.Outside of the screen, admittedly I'm terrible at life stuff, and it's very hard for me to be interested in much of anything other than stuff on or related to a screen/device (I basically only talk tech stuff LOL). I'm working on changing that in the event I burnout hard again (though I still haven't found a non-tech interest yet, as of writing). I've burnt out multiple times despite still being a student, and thus I now (try to) take as much necessary measures as I can to avoid over-working, over-stressing or over-exerting myself.That's about it, let's chat (or toot?)!

SaustrupLow hanging stateless fruits moved from ArgoCD to <a href="https://mstdn.dk/tags/FluxCD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FluxCD</a>: <a href="https://mstdn.dk/tags/CertManager" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CertManager</a>, <a href="https://mstdn.dk/tags/ExternalDNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ExternalDNS</a>, <a href="https://mstdn.dk/tags/Drone" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Drone</a>, <a href="https://mstdn.dk/tags/Stakater" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Stakater</a> <a href="https://mstdn.dk/tags/Reloader" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Reloader</a>. Those seem to be in working order. It's gonna take a bit of time moving the stateful projects though.

SaustrupGrrrr! I'm upset that <a href="https://mstdn.dk/tags/ArgoCD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ArgoCD</a> doesn't support listing tags from private OCI registries (like <a href="https://mstdn.dk/tags/Harbor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Harbor</a>). It's apparently due to a weird inconsistency in the OCI API, which requires different kinds of authentication for listing and pulling artifacts. It's supposed to be fixed in the master branch, but alas - the latest image on Quay doesn't support it. What an amazing opportunity to switch to <a href="https://mstdn.dk/tags/FluxCD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FluxCD</a>, which I find damned sexy and truly <a href="https://mstdn.dk/tags/cloudnative" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloudnative</a>. Instead of implementing a weird ass custom RBAC model, <a href="https://mstdn.dk/tags/FluxCD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FluxCD</a> uses ServiceAccounts from the namespace it's operating on. Clean and simple. A shame I'll have to say goodbye to ArgoCD's cute web interface, but let's admit it - everything awesome happens at the command prompt.<a href="https://mstdn.dk/tags/k8s" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#k8s</a> <a href="https://mstdn.dk/tags/kubernetes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#kubernetes</a>

Sebastian Mangelsdorf<a href="https://metalhead.club/tags/introduction" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#introduction</a> time I live near <a href="https://metalhead.club/tags/hamburg" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hamburg</a>, build and maintain <a href="https://metalhead.club/tags/privatecloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#privatecloud</a> installations based on <a href="https://metalhead.club/tags/openshift" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#openshift</a> and I'm always eager to automate stuff - <a href="https://metalhead.club/tags/sysadmin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sysadmin</a> for live, technical stuff just makes me happy.Loving games, books, good discussions and real world riddles. And of course: music, rock and a bit of metal.Technical Stuff running in the lab: <a href="https://metalhead.club/tags/proxmox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#proxmox</a> <a href="https://metalhead.club/tags/k3s" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#k3s</a> <a href="https://metalhead.club/tags/sops" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sops</a> <a href="https://metalhead.club/tags/fluxcd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#fluxcd</a> <a href="https://metalhead.club/tags/metallb" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#metallb</a> <a href="https://metalhead.club/tags/traefik" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#traefik</a> <a href="https://metalhead.club/tags/longhorn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#longhorn</a> <a href="https://metalhead.club/tags/prometheus" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#prometheus</a> <a href="https://metalhead.club/tags/thanos" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#thanos</a> <a href="https://metalhead.club/tags/loki" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#loki</a> <a href="https://metalhead.club/tags/alloy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#alloy</a> <a href="https://metalhead.club/tags/grafana" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#grafana</a> <a href="https://metalhead.club/tags/tekton" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tekton</a> <a href="https://metalhead.club/tags/mosquitto" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#mosquitto</a> <a href="https://metalhead.club/tags/homeassistant" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#homeassistant</a> <a href="https://metalhead.club/tags/jellyfin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#jellyfin</a> <a href="https://metalhead.club/tags/wikijs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#wikijs</a> <a href="https://metalhead.club/tags/keycloak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#keycloak</a> <a href="https://metalhead.club/tags/forgejo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#forgejo</a> <a href="https://metalhead.club/tags/openshift" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#openshift</a>

Recent searches

Search options

Administered by:

Server stats:

#fluxcd