The HashiCorp Nomad and Kubernetes logos, connected with an arrow pointing from Nomad to Kubernetes

Nomad to k8s, Part 25: Control Plane Migration

Wherein I migrate my control plane to the Raspberry Pi 4 nodes it is intended to run on. This is part 26 of my k8s migration series. This one did not remotely go as well as I thought. Initially, I wasn’t even sure that this was going to be worth a blog post. But my own impatience and the slowly aging Pi 4 conspired to ensure I’ve got something to write about. ...

April 9, 2025 · 17 min · Michael

Securing K8s Credentials

Wherein I will explain how to use pass and GnuPG to secure k8s credentials. Since I migrated my HashiCorp Vault instance into my Kubernetes cluster, I started to feel a bit uncomfortable with the Kubernetes access credentials just sitting in the ~/.kube/config file in plain text. Anyone who somehow gets access to my Command & Control host would be able to access them and do whatever they like with the Kubernetes cluster, including the Vault deployment containing a lot of my secrets. ...

April 7, 2025 · 7 min · Michael
The HashiCorp Nomad and Kubernetes logos, connected with an arrow pointing from Nomad to Kubernetes

Nomad to k8s, Part 24: Migrating Vault to Kubernetes

Wherein I migrate my HashiCorp Vault instance to the Kubernetes cluster. This is part 25 of my k8s migration series. Look at all this Yak wool. That’s how much it takes to migrate Vault from baremetal to a Kubernetes deployment. I’ve been going back and forth for quite a while, trying to decide what to do with my Vault instance. It’s the one piece of HashiCorp software I do not currently plan to get rid of. But there was a problem: My Vault, or rather the High Availability nature of it, relied on HashiCorp’s Consul and its DNS service discovery functionality. And while I did want to keep Vault, I did not want to keep Consul. And I also didn’t really want to introduce some other sort of method, like HAProxy. ...

April 7, 2025 · 35 min · Michael
The HashiCorp Nomad and Kubernetes logos, connected with an arrow pointing from Nomad to Kubernetes

Nomad to k8s, Part 23: Shutdown of the Baremetal Ceph Cluster

Wherein I migrate the last remaining data off of my baremetal Ceph cluster and shut it down. This is part 24 of my k8s migration series. I set up my baremetal Ceph cluster back in March of 2021, driven by how much I liked the idea of large pools of disk I could use to provide S3 storage, Block devices and a POSIX compatible filesystem. Since then, it has served me rather well, and I’ve been using it to provide S3 buckets and volumes for my Nomad cluster. Given how happy I was with it, I also wanted to continue using it for my Kubernetes cluster. ...

March 29, 2025 · 21 min · Michael
The HashiCorp Nomad and Kubernetes logos, connected with an arrow pointing from Nomad to Kubernetes

Nomad to k8s, Part 22: The end of Nomad

Wherein I shut down my Nomad cluster for good. This is part 23 of my k8s migration series. It is finally done, on the 13th of March I shut down my Nomad cluster. I had originally set it up sometime around 2021. The original trigger was that I had started to separate the Docker containers running public-facing services and the purely internal ones. Around that setup, I had constructed a bunch of bash scripts and a couple of shared mounts. It wasn’t pretty, plus the Homelab had recently turned from a utility into a genuine hobby. In short, increased complexity was actually welcomed. 😁 ...

March 23, 2025 · 6 min · Michael