K8s

Wherein I try to draw a conclusion about my migration to k8s. This is the final part of my k8s migration series. After a total of 26 posts, this will be the last one in the migration series. On the evening of April 13th, after one year, three months and 26 days, I set the final task of my k8s migration plan to “Done”. I made the first commits for the migration on December 19th 2023, shortly after starting my Christmas vacation that year. It was the addition of the first VMs, for the control plane nodes. I already did some experimentation in November, but I don’t count that as time spend for the migration. ...

Wherein I migrate my control plane to the Raspberry Pi 4 nodes it is intended to run on. This is part 26 of my k8s migration series. This one did not remotely go as well as I thought. Initially, I wasn’t even sure that this was going to be worth a blog post. But my own impatience and the slowly aging Pi 4 conspired to ensure I’ve got something to write about. ...

Wherein I will explain how to use pass and GnuPG to secure k8s credentials. Since I migrated my HashiCorp Vault instance into my Kubernetes cluster, I started to feel a bit uncomfortable with the Kubernetes access credentials just sitting in the ~/.kube/config file in plain text. Anyone who somehow gets access to my Command & Control host would be able to access them and do whatever they like with the Kubernetes cluster, including the Vault deployment containing a lot of my secrets. ...

Wherein I migrate my HashiCorp Vault instance to the Kubernetes cluster. This is part 25 of my k8s migration series. Look at all this Yak wool. That’s how much it takes to migrate Vault from baremetal to a Kubernetes deployment. I’ve been going back and forth for quite a while, trying to decide what to do with my Vault instance. It’s the one piece of HashiCorp software I do not currently plan to get rid of. But there was a problem: My Vault, or rather the High Availability nature of it, relied on HashiCorp’s Consul and its DNS service discovery functionality. And while I did want to keep Vault, I did not want to keep Consul. And I also didn’t really want to introduce some other sort of method, like HAProxy. ...

Wherein I migrate the last remaining data off of my baremetal Ceph cluster and shut it down. This is part 24 of my k8s migration series. I set up my baremetal Ceph cluster back in March of 2021, driven by how much I liked the idea of large pools of disk I could use to provide S3 storage, Block devices and a POSIX compatible filesystem. Since then, it has served me rather well, and I’ve been using it to provide S3 buckets and volumes for my Nomad cluster. Given how happy I was with it, I also wanted to continue using it for my Kubernetes cluster. ...