It is now already Tuesday morning but everything is back online.
✅ #Pihole is back up so #DNS resolution works again and the rest of the family can use the internet!
✅ NFS provisioners can provide persistent volumes,
✅ #CertManager issues HTTPS certificates,
✅ #Unifi controller is back up to allow me to actually make changes to my network config (such as, say, change DNS settings when pihole is down... )
✅ #HomeAssistant automates away,
✅ #Nextcloud is seeing sunnier days,
✅ #Photoprism <3
When #certManager works, it's beautiful. It'd been working smoothly for YEARS without me needing to touch it.
Getting it to work though... !?
Well, let's just I'd forgotten how much "fun" that can be.
I spent probably a weeks worth of hours learning more #kubernetes so I could save $60 a month.
I have a nice 3 node kube cluster with a 2 node #keepalived #haproxy TCP load balancer. All on #ARM VPS.
Haproxy ingress
#ExternalDNS operator
#CertManager
#RookCeph
#ArgoCD
#KeyCloak
#ValKey
#Mastodon
#CloudNativePG #Postgresql
openDesk läuft ausschließlich auf Kubernetes und nutzt über 35 Helm-Charts für den produktiven Betrieb. Voraussetzungen: K8s >=1.24, Ingress-NGINX, cert-manager, Helm, Helmfile, RWO-Volumes & externe Dienste wie Redis, Postfix & Co.
Details: https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/develop/docs/requirements.md
#Kubernetes #Helm #DevOps #OpenSource #openDesk #GovTech #CloudNative #Ingress #certManager #DigitalSovereignty
I'm going to be at #kubecon. At the maintainers summit beforehand, at the contribfest, and at the #headlamp project pavilion.
Contribfest session: https://kccnceu2025.sched.com/event/1td0n
I'm looking forward to connecting with folks working on different projects. People have been quite busy building out Headlamp Kubernetes UIs for ecosystem tooling and standards like #gatewayapi #prometheus #keda #flux #minikube #backstage #inspektorgadget #flagger and #certmanager
Those who've been reading my toots, might have picked up on the fact that I'm building a #kubernetes cluster from scratch (yes, I like pain). After figuring out #cri_o #calico #certmanager #metallb #traefik and #cloudnativepg I finally deployed my first actual application: #nextcloud ! Wueeh! Extremely stocked! Now I need to figure out how I rope in my ZFS box for persistence, and then I'm ready for a deployment in testing! #k8s #selfhosting
Managed to migrate my first #Truecharts app from #TrueNAS to #Talos.
Do this only if you need another hobby. It is definitely nothing like the comfort the TrueNAS App Catalogue and UI provided.
But i like #Kubernetes and so it is fine for me, to play around with #CertManager, #RenovateBot, #FluxCD and #VolSync. Just have to compare resource consumption now 😅
#CertManager can now be rolled out with GOP. We're planning to extend the support to automatically provision #TLS certs via #letsencrypt / #ACME for all tools with a single parameter 🚀
This release also contains contributions of our new maintainer Thomas Michael. Welcome to the team 🥳
Isn't there a decent alternative to #certmanager in #kubernetes ?
I need a tool that support #powerdns api.
kube-lego sadly is deprecated
💻🧾 An alle #CertManager Profis:
Lassen sich mit der DNS-Challenge und #Webhook auf einem anderen Server, als auf dem die #Domain und Website gehostet ist, #Zertifikate für die Hauptdomain wie z.B. meinedomain.de erzeugen?
Hintergrund: mein #ejabberd läuft bei mir zuhause auf meiner Hauptdomain, für mein Domain-/Webhoster gibts aber keinen Webhook... Daher erwäge ich zu wechseln falls das möglich wäre...
Evtl. kann auch @CertManager, @netcup oder @team was dazu sagen 🤔
🔃🙏
So I've managed to finally get #Traefik working with #CertManager.
It took lots of frustration, a sidequest around attempting replace Traefik with the #Cilium Gateway API implementation, to lots of annoyance and frustration, broken iptables, but we finally got back to pretty much where we started and things started to fall in place from here.
So the good news is by separating certificates from Traefik, we can now get Traefik doing HA. Why you ask? Just cause.
I was wrong. I'm still too stupid to understand #CertManager. I've generated certificates and switched my #Traefik ingressroutes to use the tls secret name, but now all services are having gateway timeouts? It works for the traefik dashboard, but not other services. #Kubernetes
Am I too stupid to understand #CertManager? #Kubernetes
Cert-Manager es DIOS y quien diga lo contrario tendrá que verselas conmigo.
I had the rare opportunity to need to send a physical mail, a form. There used to be a SAM machine near my place where you can print out a stamp but they removed it recently.
I search for the nearest SAM machines near me, Google Maps showed the nearest one and along with the business info, included is the URL https://mysam.sg.
#singpost #mysam #tls #ssl #iis #letsencrypt #certmanager #eol
Ha, funktioniert: LoadBalancer für #dovecot wird automatisch erzeugt, automatisch in DNS eingetragen und automatisch ein TLS-Zertifikat erzeugt. Langsam nimmt mein Mail-auf-Kubernetes-Setup Form an.
I've just merged a huge PR to my #Orked (O-tomated RKE Distribution - GREAT NAME I KNOW) that makes it easier than ever for anyone to set up a production-ready #RKE2 #Kubernetes cluster in their #homelab.
With this collection of scripts, all you need to do is just provision the nodes required, including a login/management node, and run the scripts right from the login node to configure all of the other nodes to make up the cluster. This setup includes:
- Configuring the Login node with any required or essential dependencies (such as #Helm, #Docker, #k9s, #kubens, #kubectx, etc.)
- Setup passwordless #SSH access from the Login node to the rest of the Kubernetes nodes
- Update the hosts file for strictly necessary name resolution on the Login node and between the Kubernetes nodes
- Necessary, best practice configurations for all of the Kubernetes nodes including networking configuration, disabling unnecessary services, disabling swap, loading required modules, etc.
- Installation and configuration of RKE2 on all the Kubernetes nodes and joining them together as a cluster
- Installation and configuration of #Longhorn storage, including formatting/configuring their virtual disks on the Worker nodes
- Deployment and configuration of #MetalLB as the cluster's load-balancer
- Deployment and configuration of #Ingress #NGINX as the ingress controller and reverse proxy for the cluster - this helps manage external access to the services in the cluster
- Setup and configuration of #cert-manager to obtain and renew #LetsEncrypt certs automatically - supports both #DNS and HTTP validation with #Cloudflare
- Installation and configuration of #csi-driver-smb which adds support for integrating your external SMB storage to the Kubernetes cluster
Besides these, there are also some other helper scripts to make certain related tasks easy such as a script to set a unique static IP address and hostname, and another to toggle #SELinux enforcement to on or off - should you need to turn it off (temporarily).
If you already have an existing RKE2 cluster, there's a step-by-step guide on how you could use it to easily configure and join additional nodes to your cluster if you're planning on expanding.
Orked currently expects and supports #RockyLinux 8+ (should also support any other #RHEL distros such as #AlmaLinux), but I am planning to improve the project over time by adding more #Linux distros, #IPv6 support, and possibly even #K3s for a more lightweight #RaspberryPi cluster for example.
I've used this exact setup to deploy and manage vital services to hundreds of unique clients/organisations that I've become obsessed with sharing it to everyone and making it easier to get started. If this is something that interests you, feel free to check it out!
If you're wondering what to deploy on a Kubernetes cluster - feel free to also check out my #mika helm chart repo 🥳
🔗 https://github.com/irfanhakim-as/orked
🔗 https://github.com/irfanhakim-as/charts
Can anyone recommend a free #dns provider that can be used with cert-manager? Besides Cloudflare? #kubernetes #certmanager
