Pete Keen<p>Happy <a href="https://hachyderm.io/tags/homelab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>homelab</span></a> <a href="https://hachyderm.io/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kubernetes</span></a> cluster migration update at the end of the week: all but one of my media apps are moved over to the new cluster setup.</p><p>Next steps are to finish that last media app then get VMSave and the other public stuff moved over plus paperless and Minecraft.</p><p>All thats left then is <a href="https://hachyderm.io/tags/HomeAssistant" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HomeAssistant</span></a> and friends that all need to get moved together, which involves resetting and reinstalling <a href="https://hachyderm.io/tags/TalosLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TalosLinux</span></a> hardware nodes.</p>
sigmoid.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A social space for people researching, working with, or just interested in AI!
Administered by:
Server stats:
579active users
sigmoid.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.4
#TalosLinux
1 post · 1 participant · 0 posts today
Mauricio Teixeira 🇺🇸🇧🇷<p>Talos keeps impressing me. Now they came up with this PXE boot provider that sounds really nice. I need to try it at some point.</p><p><a href="https://hachyderm.io/tags/HomeLab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HomeLab</span></a> <a href="https://hachyderm.io/tags/TalosLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TalosLinux</span></a> <a href="https://hachyderm.io/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kubernetes</span></a></p><p><a href="https://hachyderm.io/@siderolabs/115145683694198775" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hachyderm.io/@siderolabs/11514</span><span class="invisible">5683694198775</span></a></p>
Mauricio Teixeira 🇺🇸🇧🇷<p>wow. Just wow. The Tailscale Kubernetes Operator is SWEET! It was a bit complicated to setup, but it works a lot easier than exposing stuff via Docker Compose or sidecars. It has a bit too many options, like everything in k8s world, but that might be useful at some point. Today all I'm doing is exposing a simple service (using annotations) that doesn't need TLS or funnel. Working beautifully with Cilium CNI.<br><a href="https://hachyderm.io/tags/HomeLab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HomeLab</span></a> <a href="https://hachyderm.io/tags/Tailscale" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tailscale</span></a> <a href="https://hachyderm.io/tags/TalosLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TalosLinux</span></a> <a href="https://hachyderm.io/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kubernetes</span></a><br><a href="https://tailscale.com/kb/1236/kubernetes-operator" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">tailscale.com/kb/1236/kubernet</span><span class="invisible">es-operator</span></a></p>
Nagaram<p>I hadn't quite decided if I was going to use the Raspberry PIs in my rack as a cluster or not. </p><p>Honestly they just look good for now.</p><p>But I was reading the <a href="https://hachyderm.io/tags/TalosLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TalosLinux</span></a> docs and discovered they make raspberry pi images too.</p><p>So... The only thing to do is build my virtual cluster in <a href="https://hachyderm.io/tags/Proxmox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Proxmox</span></a> and then the bare metal cluster on the pis and see what's the better idea!</p><p>I'm already floating the idea of donating a larger amount of my compute to science or local volunteer orgs. So making more of it available at no increased cost is super cool!</p>
Sidero Labs<p>To SSH is human, but that doesn’t mean we should.</p><p>SSH is like popping the hood of your car while driving 70mph. It works just fine. Until it doesn’t, and then you have a problem.</p><p>Here's why Talos Linux removes SSH entirely, and how that shift leads to consistent, secure, and boringly reliable infrastructure. No drift. No late-night fixes. No hidden state.</p><p>👉 Read the full post: <a href="https://www.siderolabs.com/blog/to-ssh-is-human/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">siderolabs.com/blog/to-ssh-is-</span><span class="invisible">human/</span></a> </p><p><a href="https://hachyderm.io/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kubernetes</span></a> <a href="https://hachyderm.io/tags/TalosLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TalosLinux</span></a> <a href="https://hachyderm.io/tags/InfrastructureAsCode" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfrastructureAsCode</span></a> <a href="https://hachyderm.io/tags/CloudNative" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudNative</span></a> <a href="https://hachyderm.io/tags/DevOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevOps</span></a></p>
VictoriaMetrics<p>👋 Running Talos <a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> in your <a href="https://mastodon.social/tags/K8s" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>K8s</span></a> cluster and wondering how to collect system logs properly?</p><p>Ryan Jacobs just published a deep dive into exactly that, and it’s packed with practical steps, <a href="https://mastodon.social/tags/Helm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Helm</span></a> configs, gotchas, and workarounds.</p><p>If you're using <a href="https://mastodon.social/tags/TalosLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TalosLinux</span></a> in production, bookmark this post 👇<br><a href="https://bit.ly/4lA9zTa" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">bit.ly/4lA9zTa</span><span class="invisible"></span></a></p>
"Musty Bits" McGee<p>Cool blog spotto</p><p><a href="https://blog.stonegarden.dev/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">blog.stonegarden.dev/</span><span class="invisible"></span></a></p><p><a href="https://eigenmagic.net/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kubernetes</span></a> <a href="https://eigenmagic.net/tags/OIDC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OIDC</span></a> <a href="https://eigenmagic.net/tags/Oauth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Oauth</span></a> <a href="https://eigenmagic.net/tags/k8s" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>k8s</span></a> <a href="https://eigenmagic.net/tags/Proxmox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Proxmox</span></a> <a href="https://eigenmagic.net/tags/Talos" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Talos</span></a> <a href="https://eigenmagic.net/tags/TalosLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TalosLinux</span></a> <a href="https://eigenmagic.net/tags/ArgoCD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ArgoCD</span></a></p>
Mauricio Teixeira 🇺🇸🇧🇷<p>Oh wow! I had some weird stuff in the GatewayAPI config for HTTP to HTTPS redirect which was blocking ACME.</p><p>Now I have CertManager correctly issuing certificates from my private StepCA, using the http01 solver behind GatewayAPI! Blog coming (eventually). 🎉 </p><p><a href="https://hachyderm.io/tags/HomeLab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HomeLab</span></a> <a href="https://hachyderm.io/tags/GatewayAPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GatewayAPI</span></a> <a href="https://hachyderm.io/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kubernetes</span></a> <a href="https://hachyderm.io/tags/CertManager" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CertManager</span></a> <a href="https://hachyderm.io/tags/StepCA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>StepCA</span></a> <a href="https://hachyderm.io/tags/TalosLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TalosLinux</span></a></p>
Sidero Labs<p>We built Talos Linux for teams like yours. And we want your take.</p><p>What’s working? What’s not? What should we tackle next? Take our short survey and help shape what comes next.</p><p>It only takes a few minutes, and as a thank-you, you’ll be entered to win a JetKVM, our favorite little IP KVM device for hands-on remote control.</p><p>➡️ Take the survey <a href="https://sidero.surveysparrow.com/s/talosuseq22025/tt-QKzS7" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">sidero.surveysparrow.com/s/tal</span><span class="invisible">osuseq22025/tt-QKzS7</span></a> </p><p><a href="https://hachyderm.io/tags/TalosLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TalosLinux</span></a></p>
Mauricio Teixeira 🇺🇸🇧🇷<p>And in record time (4 days) I have all the k8s cluster basics running (cluster-api + external-dns + cert-manager), and the first apps deployed (ollama + forgejo-runner).</p><p>Dealing with GatewayAPI (as opposed to ingress-nginx), as well as cert-manager with my private StepCA, were quite challenging. I suppose those deserve a blog post.</p><p>Need to deploy a few more apps to figure out what can be done better, then I'll think about it.</p><p>Next: metrics! 📈 </p><p><a href="https://hachyderm.io/tags/HomeLab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HomeLab</span></a> <a href="https://hachyderm.io/tags/TalosLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TalosLinux</span></a> <a href="https://hachyderm.io/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kubernetes</span></a></p>
Mauricio Teixeira 🇺🇸🇧🇷<p>"Home prod" cluster is up, and Flux is syncing with Forgejo. Time to work on the infra then the apps.</p><p><a href="https://hachyderm.io/tags/HomeLab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HomeLab</span></a> <a href="https://hachyderm.io/tags/TalosLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TalosLinux</span></a> <a href="https://hachyderm.io/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kubernetes</span></a></p>
Mauricio Teixeira 🇺🇸🇧🇷<p><span class="h-card" translate="no"><a href="https://hachyderm.io/@bashfulrobot" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>bashfulrobot</span></a></span> <br>Took me a long time to figure out that Cilium didn't want to schedule the load balancer IP on a control plane node because I am running on a single node.</p><p>When Talhelper generates the Talos config files, it adds a label "node.kubernetes.io/exclude-from-external-load-balancers". I had to make sure it doesn't add any labels ("nodeLabels: {}").</p><p>Took me a while to figure that out, because the services were up, the load balancers and the L2 advertisements were being created, but it was just not being actually advertised on the network. 🙄 </p><p><a href="https://hachyderm.io/tags/HomeLab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HomeLab</span></a> <a href="https://hachyderm.io/tags/TalosLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TalosLinux</span></a> <a href="https://hachyderm.io/tags/Talhelper" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Talhelper</span></a></p>
Mauricio Teixeira 🇺🇸🇧🇷<p>The hardest part about building this Talos cluster so far: getting Cilium to work with Gateway API and L2 advertisements. The "dance" to get it working in a single-node cluster is just "ugh!".</p><p><a href="https://hachyderm.io/tags/HomeLab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HomeLab</span></a> <a href="https://hachyderm.io/tags/TalosLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TalosLinux</span></a> <a href="https://hachyderm.io/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kubernetes</span></a></p>
Mauricio Teixeira 🇺🇸🇧🇷<p>After three weeks of testing, it looks like I'm done with my Talos Kubernetes cluster proof of concept, and ready to start building it in the "production" machine, replacing Proxmox.</p><p>And since I like things clean, I'll basically start all the config files from scratch, just keeping in mind all my previous learnings, which should give me another 2-3 weeks of work.</p><p>Gladly anything running in the current machine is not critical, so they can be stopped, or run temporarily somewhere else.</p><p>I still don't see a reason to blog about "just another nerd building a k8s cluster". 😄</p><p><a href="https://hachyderm.io/tags/HomeLab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HomeLab</span></a> <a href="https://hachyderm.io/tags/TalosLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TalosLinux</span></a> <a href="https://hachyderm.io/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kubernetes</span></a></p>
Mauricio Teixeira 🇺🇸🇧🇷<p>I'm two days behind on my Mastodon timeline because my K8s cluster project has been eating my brain. I probably should go to therapy instead. 🤣<br><a href="https://hachyderm.io/tags/HomeLab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HomeLab</span></a> <a href="https://hachyderm.io/tags/TalosLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TalosLinux</span></a> <a href="https://hachyderm.io/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kubernetes</span></a></p>
Mauricio Teixeira 🇺🇸🇧🇷<p>Aw man. Another rabbit hole.</p><p>This whole Talos/Kubernetes exploration is making me rethink my home lab DNS situation. 😞 </p><p>Edit: I've been using Pi-hole as my primary DNS with static hostnames, and I found out that K8s external-dns does have support for it's API, so now I'm trying to decide if I wanna keep doing that, or if I just daisy-chain with PowerDNS. 🙄</p><p><a href="https://hachyderm.io/tags/HomeLab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HomeLab</span></a> <a href="https://hachyderm.io/tags/TalosLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TalosLinux</span></a></p>
Mauricio Teixeira 🇺🇸🇧🇷<p>Well... Every time I create a repository on my self-hosted Forgejo I set the object format to sha256, because I thought any modern things should work fine.</p><p>It so happens that Flux only talks to repos in sha1 format. :picardfacepalm: </p><p><a href="https://hachyderm.io/tags/HomeLab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HomeLab</span></a> <a href="https://hachyderm.io/tags/Forgejo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Forgejo</span></a> <a href="https://hachyderm.io/tags/TalosLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TalosLinux</span></a> <a href="https://hachyderm.io/tags/FluxCD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FluxCD</span></a></p>
Mauricio Teixeira 🇺🇸🇧🇷<p>It's interesting when I go down this rabbit hole of learning new things: because of Talos I need to learn Talhelper (as opposed to Terraform), Cilium (as opposed to Calico/Flannel), LGTM (as opposed to Kube-Prometheus), and now I found out about Taskfile (as opposed to Makefile). My head is spinning. 😵</p><p><a href="https://hachyderm.io/tags/HomeLab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HomeLab</span></a> <a href="https://hachyderm.io/tags/TalosLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TalosLinux</span></a></p>
Mauricio Teixeira 🇺🇸🇧🇷<p>After a good night of sleep I realized I was unfair on my rant about Talos Linux: it's not their fault.</p><p>Setting up a basic cluster was easy. Doing the same with Talhelper was even easier.</p><p>But it took me hours to set up UEFI secure boot and TPM disk encryption. Talos doesn't have a native way to manage secrets, and their Terraform provider is very incomplete. Talhelper made it less bad, even though still not ideal.</p><p>Bootstrapping with extended security like encrypted local storage, privileged namespace exceptions and network firewalls were very cumbersome to implement. Apparently it's supposed to be easier if you do post bootstrapping.</p><p>So, as you can see, my problems are mostly because I'm paranoid, and I want to run a home lab with the same level of automation and security as a production environment.</p><p>I'm sure it's not supposed to be that hard for most people. Please don't get discouraged by my experience.</p><p>I'm still working on getting it up and running the way I want. I'm getting there.</p><p><a href="https://hachyderm.io/tags/HomeLab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HomeLab</span></a> <a href="https://hachyderm.io/tags/TalosLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TalosLinux</span></a> <a href="https://hachyderm.io/tags/Azure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Azure</span></a> <a href="https://hachyderm.io/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kubernetes</span></a></p>
Mauricio Teixeira 🇺🇸🇧🇷<p>Seriously... Building this Talos Kubernetes cluster on my local home lab machine is turning out to be a lot harder than building an Azure AKS cluster. 🙄</p><p><a href="https://hachyderm.io/tags/HomeLab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HomeLab</span></a> <a href="https://hachyderm.io/tags/TalosLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TalosLinux</span></a> <a href="https://hachyderm.io/tags/Azure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Azure</span></a> <a href="https://hachyderm.io/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kubernetes</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload