k8s-migration

This is the second post in my k8s migration series. I will skip the cluster setup itself in this series, as I did not make many changes compared to my experimental setup. Instead I will start with my very first deployed service, external-secrets. Motivation In my initial experimentation, I decided to not go with any secrets management and instead use Helmfile’s secret handling. But I’ve come around to the fact that having some sort of service which can automatically take in secrets from my Vault instance would be pretty nice to have....

In a previous post, I had noted that due to HashiCorp’s recent decisions about the licensing for their tools, I was thinking about switching away from Nomad as my workload scheduler. Since then, HashiCorp made a change to the Terraform registry’s Terms of Service which only allowed usage with HashiCorp Terraform. This was obviously an action against OpenTOFU, and it reeked of pure spite. That turned my musings about the future of my Homelab from “okay, this leaves a bad taste” to “Okay, I just lost all trust in HashiCorp”....