Howdy 馃憢
I’m Simon; an SRE by day, and quite often by night too. I’m fascinated by technology, cars and photography (although not necessarily in that order).
Using systemd-nspawn containers as KubeEdge edge nodes
A summary of my first conference talk since 2017
Running a Minimal Homelab Whilst Living with the In-Laws
Using Pinniped for authentication against Talos-based Kubernetes clusters
Postmortem: Management Cluster nodes flapping
A postmortem around sporadic flapping nodes in my ClusterAPI management cluster. ...
Postmortem: Proxmox host drops offline twice
A short postmortem into why a node in my Proxmox cluster went offline twice within a few days. ...
Replacing the drive in a single drive Proxmox node
Recently, I started getting the dreaded emails from smartd on one of my Proxmox nodes. The drive was (slowly) failing and needed to be replaced. Unfortunately due to my nodes being micro form-factor(MFF), they only have a single drive. This means that I would also need to migrate the VM disks to the new drive too. As this is a homelab setup, I don鈥檛 have a ton of capacity or any fancy storage solutions, so I would need to get a little creative and replace the drive in-situ. ...
Update: Using BGP to integrate Cilium with OPNsense
A little while back, I wrote a short piece on integrating Cilium with OPNsense using BGP. With more recent releases of Cilium, the team have introduced the Cilium BGP Control Plane (currently as a beta feature). This reworking of the BGP integration replaces the old MetalLB-based control plane and as such the older feature must first be disabled. To enable the new feature, you can either pass an argument to Cilium: --enable-bgp-control-plane=true Or if you use Helm to install Cilium then the following values are required: ...
Troubleshooting Network Traffic with CRI-O and Kubernetes
Running immutable infra is the holy grail for many people, however there are times when you鈥檒l need to get down in the weeds in order to troubleshoot issues. Let鈥檚 imagine a scenario; you need to verify that a pod is receiving traffic, but the image is built FROM scratch. As scratch containers are as minimal as possible, there鈥檚 no shell in the image, so there鈥檚 no way you can exec into it and hope to do anything remotely useful. ...
Allowing DNS lookups with Hashicorp Consul + ACLs enabled
I鈥檝e recently been experimenting with Hashicorp鈥檚 Consul in my home infrastructure because I want to use it to provide service discovery and automatic DNS provisioning when I create Proxmox instances with Terraform. Consul is a bit of a hefty beast to get to grips with and getting DNS lookups working when you have ACLs enabled can be a little tricky - it鈥檚 taken me a day or two of going round in circles to figure this one out. ...