vault

This is the second post in my k8s migration series. I will skip the cluster setup itself in this series, as I did not make many changes compared to my experimental setup. Instead I will start with my very first deployed service, external-secrets. Motivation In my initial experimentation, I decided to not go with any secrets management and instead use Helmfile’s secret handling. But I’ve come around to the fact that having some sort of service which can automatically take in secrets from my Vault instance would be pretty nice to have....

Basically my entire Homelab is build upon HashiCorp’s products. On August 10th, HashiCorp announced that they would switch all of their products to the BSL, the Business Source License, where they had been licensed under the Mozilla Public License before. From my (rather rudimentary!) understanding, the license basically says that all “non-production” use is perfectly fine. I’m pretty confident that that covers all of my own personal usage. But as it was pointed out to me today, that formulation also creates a lot of uncertainty for commercial entities of all kinds....

As mentioned in my previous post on migrating the Consul/Vault/Nomad servers from a VM to a Raspberry Pi, I was still waiting for some more Pis to arrive to extend the Nomad/Consul/Vault clusters to a HA configuration for all three. The main reason for this is not necessarily fault tolerance, but rather gaining the ability to restart the controllers without taking down the entire Nomad cluster. Now I’d like to give a short overview of the experience, and end with a bit of an overview on the resource consumption (spoiler: Raspberry Pi 4 4GB are absolutely sufficient)....

I am currently working on distributing my Homelab a little bit more. My main driver is high availability. Do I need high availability in a homelab setup? No, not really. But I was getting annoyed by having to take down the entire Homelab whenever I was doing an update on my single server. The newest part of that project is my cluster controller. That is the machine running the servers for my Vault, Consul and Nomad cluster....