Search
83 results for “jpetazzo”
-
Also, I want the K8S cluster to support IPV6, which meant replacing Talos' default CNI (Flannel) with Cilium.
(OK, it might be possible to support IPv6 with Flannel on Talos, but the Talos docs say very little about how to customize Flannel, and I wanted Cilium for other reasons too - e.g. LoadBalancer support with L2 announcements, replacing kube-proxy...)
This means declaring "cni: none" in the Talos machine config, and then either:
1) manually installing Cilium after provisioning the cluster
2) finding a way to automatically install Cilium when the cluster is provisioned.
Of course I went for option 2, right :-)
Which leads us to a rabbit hole of multiple options:
1) wait for the cluster to be up (=K8S API is functional) and then use the Helm provider to create a helm_release resource on the cluster
Problem: there is no easy and clean way to wait for the cluster to be up.
Talos has a talos_cluster_health resource, but this one waits for all nodes to be "Ready", which isn't going to happen since the CNI hasn't been deployed yet. (There is a skip_kubernetes_checks option but it doesn't seem to help.)
Declaring something like a kubernetes_nodes resource in Tofu sort of works, ... until you reprovision the cluster. Then you realize that you can't even do a "tofu plan" because Tofu tries to refresh that resources' status, which requires the cluster to be up. So, this is a non-starter.
2) use Talos "inlineManifests" feature, which instructs talos to apply a bunch of YAML to the cluster when it's provisioned
Problem: this requires Cilium YAML manifests; and the way I install it is typically with the Helm chart.
Solution: use a helm_template data source to do the equivalent of the "helm template" command, and render the Cilium chart into ready-to-apply YAML manifests.
Next problem: the Cilium Helm chart is very sophisticated, and depends on Capabilities.KubeVersion - in other words, when we invoke the helm_template resource, we need to pass it the correct kube_version.
Next solution: that version is available in talos_machine_configuration resources.
And with that (and a good amount of Cilium configuration!) our cluster comes up fully functional!
-
Also, I want the K8S cluster to support IPV6, which meant replacing Talos' default CNI (Flannel) with Cilium.
(OK, it might be possible to support IPv6 with Flannel on Talos, but the Talos docs say very little about how to customize Flannel, and I wanted Cilium for other reasons too - e.g. LoadBalancer support with L2 announcements, replacing kube-proxy...)
This means declaring "cni: none" in the Talos machine config, and then either:
1) manually installing Cilium after provisioning the cluster
2) finding a way to automatically install Cilium when the cluster is provisioned.
Of course I went for option 2, right :-)
Which leads us to a rabbit hole of multiple options:
1) wait for the cluster to be up (=K8S API is functional) and then use the Helm provider to create a helm_release resource on the cluster
Problem: there is no easy and clean way to wait for the cluster to be up.
Talos has a talos_cluster_health resource, but this one waits for all nodes to be "Ready", which isn't going to happen since the CNI hasn't been deployed yet. (There is a skip_kubernetes_checks option but it doesn't seem to help.)
Declaring something like a kubernetes_nodes resource in Tofu sort of works, ... until you reprovision the cluster. Then you realize that you can't even do a "tofu plan" because Tofu tries to refresh that resources' status, which requires the cluster to be up. So, this is a non-starter.
2) use Talos "inlineManifests" feature, which instructs talos to apply a bunch of YAML to the cluster when it's provisioned
Problem: this requires Cilium YAML manifests; and the way I install it is typically with the Helm chart.
Solution: use a helm_template data source to do the equivalent of the "helm template" command, and render the Cilium chart into ready-to-apply YAML manifests.
Next problem: the Cilium Helm chart is very sophisticated, and depends on Capabilities.KubeVersion - in other words, when we invoke the helm_template resource, we need to pass it the correct kube_version.
Next solution: that version is available in talos_machine_configuration resources.
And with that (and a good amount of Cilium configuration!) our cluster comes up fully functional!
-
Also, I want the K8S cluster to support IPV6, which meant replacing Talos' default CNI (Flannel) with Cilium.
(OK, it might be possible to support IPv6 with Flannel on Talos, but the Talos docs say very little about how to customize Flannel, and I wanted Cilium for other reasons too - e.g. LoadBalancer support with L2 announcements, replacing kube-proxy...)
This means declaring "cni: none" in the Talos machine config, and then either:
1) manually installing Cilium after provisioning the cluster
2) finding a way to automatically install Cilium when the cluster is provisioned.
Of course I went for option 2, right :-)
Which leads us to a rabbit hole of multiple options:
1) wait for the cluster to be up (=K8S API is functional) and then use the Helm provider to create a helm_release resource on the cluster
Problem: there is no easy and clean way to wait for the cluster to be up.
Talos has a talos_cluster_health resource, but this one waits for all nodes to be "Ready", which isn't going to happen since the CNI hasn't been deployed yet. (There is a skip_kubernetes_checks option but it doesn't seem to help.)
Declaring something like a kubernetes_nodes resource in Tofu sort of works, ... until you reprovision the cluster. Then you realize that you can't even do a "tofu plan" because Tofu tries to refresh that resources' status, which requires the cluster to be up. So, this is a non-starter.
2) use Talos "inlineManifests" feature, which instructs talos to apply a bunch of YAML to the cluster when it's provisioned
Problem: this requires Cilium YAML manifests; and the way I install it is typically with the Helm chart.
Solution: use a helm_template data source to do the equivalent of the "helm template" command, and render the Cilium chart into ready-to-apply YAML manifests.
Next problem: the Cilium Helm chart is very sophisticated, and depends on Capabilities.KubeVersion - in other words, when we invoke the helm_template resource, we need to pass it the correct kube_version.
Next solution: that version is available in talos_machine_configuration resources.
And with that (and a good amount of Cilium configuration!) our cluster comes up fully functional!
-
Also, I want the K8S cluster to support IPV6, which meant replacing Talos' default CNI (Flannel) with Cilium.
(OK, it might be possible to support IPv6 with Flannel on Talos, but the Talos docs say very little about how to customize Flannel, and I wanted Cilium for other reasons too - e.g. LoadBalancer support with L2 announcements, replacing kube-proxy...)
This means declaring "cni: none" in the Talos machine config, and then either:
1) manually installing Cilium after provisioning the cluster
2) finding a way to automatically install Cilium when the cluster is provisioned.
Of course I went for option 2, right :-)
Which leads us to a rabbit hole of multiple options:
1) wait for the cluster to be up (=K8S API is functional) and then use the Helm provider to create a helm_release resource on the cluster
Problem: there is no easy and clean way to wait for the cluster to be up.
Talos has a talos_cluster_health resource, but this one waits for all nodes to be "Ready", which isn't going to happen since the CNI hasn't been deployed yet. (There is a skip_kubernetes_checks option but it doesn't seem to help.)
Declaring something like a kubernetes_nodes resource in Tofu sort of works, ... until you reprovision the cluster. Then you realize that you can't even do a "tofu plan" because Tofu tries to refresh that resources' status, which requires the cluster to be up. So, this is a non-starter.
2) use Talos "inlineManifests" feature, which instructs talos to apply a bunch of YAML to the cluster when it's provisioned
Problem: this requires Cilium YAML manifests; and the way I install it is typically with the Helm chart.
Solution: use a helm_template data source to do the equivalent of the "helm template" command, and render the Cilium chart into ready-to-apply YAML manifests.
Next problem: the Cilium Helm chart is very sophisticated, and depends on Capabilities.KubeVersion - in other words, when we invoke the helm_template resource, we need to pass it the correct kube_version.
Next solution: that version is available in talos_machine_configuration resources.
And with that (and a good amount of Cilium configuration!) our cluster comes up fully functional!
-
The whole thing is provisioned with Tofu; and one of my favorite things to do is to verify that the end-to-end provisioning works fine.
So that means a lot of "tofu destroy" + "tofu apply".
However, the TF configuration includes the Talos disk images used by the cluster, and I didn't want to re-download them every single time.
My first intention was to use "tofu taint" on the virtual machines. But they are declared in a for_each block; and you can't use "tofu taint" or "tofu plan -replace" on a for_each resource (unless you enumerate each resource individually).
However, you can do a targeted destroy:
tofu plan -destroy -target proxmox_virtual_environment_vm.k8s_nodes
And destroy will follow dependencies (if you destroy a resource, the resources that depend on it will automatically be destroyed), so in my case I could also do e.g.:
tofu plan -destroy -target talos_machine_secrets.this
(Because pretty much every Talos-related resource depends on this directly or indirectly).
#terraform #opentofu #talos #kubernetes #homelab #selfhosted
-
Found the common point between century-old blues standards and my homelab AMA
-
Next at #scale23x / #planetnix : insightful+fun talk by Sam Fu about running sandboxed #nix builds inside #kubernetes pods.
Lots of gnarly stuff in there! User namespaces! Procmount masking! And much more :)
-
Okay, first problem with Flox: there doesn't seem to be an easy / generic way to install it 😅
The install docs (https://flox.dev/docs/install-flox/install/) have links to DEB and RPM packages, as well as instructions for Nix; but I'm on another distro... I suppose step 1 would be to install Nix? 🤔
(Instructions unclear; got my nix stuck in GPU fans)
-
Next talk at #scale23x, we're moving to #planetnix, with "You Know Nix. Your Team Doesn't. Now What?" by Rok Garbas.
IOW, how to usr #Flox to evangelize #Nix / help your coworkers to get on board with Nix but with a gentler learning curve.
-
I imagine you meant gandi; if it's them, I'd avoid them like the plague - they used to be a great company but got acquired by a fund who promptly and discreetly increased the prices for the sole benefit of their shareholders.
Personally I switched to porkbun, and if you'd rather avoid US-based services, I hear infomaniak is great too.
-
I imagine you meant gandi; if it's them, I'd avoid them like the plague - they used to be a great company but got acquired by a fund who promptly and discreetly increased the prices for the sole benefit of their shareholders.
Personally I switched to porkbun, and if you'd rather avoid US-based services, I hear infomaniak is great too.
-
I imagine you meant gandi; if it's them, I'd avoid them like the plague - they used to be a great company but got acquired by a fund who promptly and discreetly increased the prices for the sole benefit of their shareholders.
Personally I switched to porkbun, and if you'd rather avoid US-based services, I hear infomaniak is great too.
-
I imagine you meant gandi; if it's them, I'd avoid them like the plague - they used to be a great company but got acquired by a fund who promptly and discreetly increased the prices for the sole benefit of their shareholders.
Personally I switched to porkbun, and if you'd rather avoid US-based services, I hear infomaniak is great too.
-
I imagine you meant gandi; if it's them, I'd avoid them like the plague - they used to be a great company but got acquired by a fund who promptly and discreetly increased the prices for the sole benefit of their shareholders.
Personally I switched to porkbun, and if you'd rather avoid US-based services, I hear infomaniak is great too.
-
We'll see how to run popular #LLM on Kubernetes, and how to leverage #Bento, #RabbitMQ, and #PostgreSQL to run requests asynchronously; then we'll use #Prometheus and #Grafana for observability, sprinkle #KEDA for ausoscaling, and some #Helmfile to manage the deployment of all these components.
Interested? Register here:
-
They often fall in this uncanny valley where requests take a bit too long to work well with a #LoadBalancer, but not long enough to justify spinning up #BatchJobs. Fortunately, there is a solution: #MessageQueues!
.../...
-
They often fall in this uncanny valley where requests take a bit too long to work well with a #LoadBalancer, but not long enough to justify spinning up #BatchJobs. Fortunately, there is a solution: #MessageQueues!
.../...
-
They often fall in this uncanny valley where requests take a bit too long to work well with a #LoadBalancer, but not long enough to justify spinning up #BatchJobs. Fortunately, there is a solution: #MessageQueues!
.../...
-
They often fall in this uncanny valley where requests take a bit too long to work well with a #LoadBalancer, but not long enough to justify spinning up #BatchJobs. Fortunately, there is a solution: #MessageQueues!
.../...
-
They often fall in this uncanny valley where requests take a bit too long to work well with a #LoadBalancer, but not long enough to justify spinning up #BatchJobs. Fortunately, there is a solution: #MessageQueues!
.../...
-
Pour les copains, les copines, et les gens qui travaillent avec les #containers en général :
Mercredi 11 septembre, au #meetup #DeezerTech à #Bordeaux, je parlerai d'#antipatterns sur la construction des images de containers !
https://www.meetup.com/fr-FR/deezertech/events/302551825/
Images trop grosses, trop petites, builds trop lents... On verra quand/pourquoi c'est un problème, comment le corriger, avec plein de trucs&astuces pertinents pour les gens qui bossent avec #Docker et/ou #Kubernetes.
Viendez nombreuxes ! 😁
-
A better approach is to use message queues, and we'll explore how to implement this on #Kubernetes, without writing code, thanks to the amazing message processing tool #Benthos.
We'll also sprinkle some #Helmfiles on that to demonstrate how to package the entire application and all its components, making deployment and redeployment seamless.
2/3
-
@drmorr @shane you probably already know this, but there are features in #kyverno to sync resources across namespaces (https://kyverno.io/docs/writing-policies/generate/#clone-source), would that help here? (Genuinely curious because I hadn't had that use case myself yet so I wonder if the implementation is practical :))
-
Dernière après-midi à #Devoxx ; je vais découvrir le #MobProgramming (ou encore #EnsembleProgramming ou #SoftwareTeaming) dans la présentation de Marjorie Aubert et Alexandre Victoor.
L'aspect qui m'intéresse c'est le côté "on-boarding" notamment l'intégration de juniors. Ça va aussi parler de mélange télétravail / sur site, sujet important pour moi aussi 😁
-
#Dell #TechnicalSupport: we have officially entered the voodoo phase of troubleshooting
For context, we're trying to find out why the CPU will not budge from a fixed clock speed of 200 MHz. The problem happens in Windows, in Linux, even in the cursed BIOS 🤷
-
...but less great for us, users, since we are facing choices that we don't understand when we're just trying to get started 🫤
Just in case: don't hesitate to ask for help in the Kubernetes slack (#kubeadm channel) or even here. Many folks have suffered similar pains and will be glad to help!
-
It's pretty cool to see that there are still new features coming to #Docker Compose:
https://www.youtube.com/watch?v=KDh8aIwfIac
My favorites for now are "pull_policy: build" (to make --build the default for some services) and "dockerfile_inline" (because yes I often have 2- or 3-line Dockerfiles that I might as well inline in Compose!) but the video has 15 tips, so I'm just scratching the (brace for it) tip of the iceberg here (ho ho)
I'm also keeping an eye on the experimental git stuff!
-
I'd like to give a shout-out to draw.io; each time I need to doodle some diagrams I end up using that, and (at least for me!) it's exactly the right mix of features - i.e. enough features to do what I want, but not too much (which means that the interface remains fairly light and easy to use).
I wanted to give them money but I didn't see a straightforward way to do that 😅
So here is some free advertising because they totes deserve it!
-
OH: "what's that song about... you know... being a refrigerator repairman?
— money for nothing?
— yeah!"