Wherein I talk about the Ingress setup for my Homelab’s k8s cluster with Traefik. This is part four of my k8s migration series. After the initial setup of some infrastructure like external-dns and external-secrets, I went to work on the Ingress implementation for my cluster. I chose Traefik as my Ingress controller. This was mostly driven by the fact that I’m already using Traefik as the proxy in front of my current Nomad cluster, and I’ve become quite familiar with it....

Wherein I talk about migrating from Cilium’s L2 announcements for LoadBalancer services to BGP. This is an addendum to the third part of my k8s migration series. BGP instead of L2 announcements? In the last post, I described my setup to make LoadBalancer type services functional in my k8s Homelab with Cilium’s L2 Announcements feature. While working on the next part of my Homelab, introducing Ingress with Traefik, I ran into the issue that the source IP is not necessarily preserved during in-cluster routing....

This is the third part of my k8s migration series. This time, I will be talking about using Cilium as the load balancer for my Kubernetes cluster with L2 announcements. But Why? A couple of days ago, I was working on setting up my Traefik ingress for the cluster. While doing so, I yet again had to do a couple of things that just felt weird and hacky. The most prominent of those was using hostPort a lot when setting up the pod....

This is the second post in my k8s migration series. I will skip the cluster setup itself in this series, as I did not make many changes compared to my experimental setup. Instead I will start with my very first deployed service, external-secrets. Motivation In my initial experimentation, I decided to not go with any secrets management and instead use Helmfile’s secret handling. But I’ve come around to the fact that having some sort of service which can automatically take in secrets from my Vault instance would be pretty nice to have....

In a previous post, I had noted that due to HashiCorp’s recent decisions about the licensing for their tools, I was thinking about switching away from Nomad as my workload scheduler. Since then, HashiCorp made a change to the Terraform registry’s Terms of Service which only allowed usage with HashiCorp Terraform. This was obviously an action against OpenTOFU, and it reeked of pure spite. That turned my musings about the future of my Homelab from “okay, this leaves a bad taste” to “Okay, I just lost all trust in HashiCorp”....