/posts/Recent content in Posts on Schemes and NotionsHugoen-usWed, 19 Feb 2025 23:32:09 +0000/posts/authentikk8scustomca/Wed, 19 Feb 2025 23:32:09 +0000/posts/authentikk8scustomca/The goal The end-goal for this setup is to have Authentik running and providing LDAP so that I can tie some of my Servers and VMs to central auth via SSSD. While Authentik has some good guides on this, I found there were some gaps for my particular setup. We’ll walk you through the full setup. Assumptions I’m making the following assumptions on this post: You have a working kubernetes cluster You have a basic understanding of kubernetes resources and working with helm You have a basic understanding of certificates and PKI You have a basic understanding of SSSD and LDAP (not very important, but helps when we go into host-specific configuration) You have read through, and have a very basic grasp of Authentik Terminology./posts/awsworkspacesclientfedora39/Fri, 08 Mar 2024 12:00:00 +0000/posts/awsworkspacesclientfedora39/“Old tricks are the best tricks, eh?” Yeah, unless they don’t work. So fast forward a year and change, and my now well seasoned directions no longer apply. I tried re-following those directions on Fedora 39 but it was just dependency after dependency. I figured, “There has to be a better solution”. And there was… Enter DISTROBOX. In short, this allows you to run different distributions in containers, but handles all the bind-mounting and passing through to your desktop session so it feels like a first-class experience./posts/awsworkspacesclientfedora36/Thu, 01 Dec 2022 23:46:00 +0000/posts/awsworkspacesclientfedora36/Checkout my new instructions that should work on any distro/version of linux that’s supported by Distrobox! READ ME FIRST There is a flatpak on flathub. At the time of writing this post, the version on flathub (4.3.0.1766) was behind what people were getting for Ubuntu (4.4.0.1808-2). Additionally, it looks like that flatpak is not maintained by AWS. From the FlatHub page: NOTE: This wrapper is not verified by, affiliated with, or supported by Amazon./posts/k3snsentertroubleshooting/Mon, 11 Jul 2022 09:00:00 +0000/posts/k3snsentertroubleshooting/Problem You were troubleshooting a pod the other daaaaaaayyyy….. [mike@einsteinium $] k exec -it it-inventree-cache-6975b6445f-h5m5q -- bash root@it-inventree-cache-6975b6445f-h5m5q:/data# ping bash: ping: command not found root@it-inventree-cache-6975b6445f-h5m5q:/data# nc bash: nc: command not found root@it-inventree-cache-6975b6445f-h5m5q:/data# ss -alnp bash: ss: command not found root@it-inventree-cache-6975b6445f-h5m5q:/data# netstat bash: netstat: command not found root@it-inventree-cache-6975b6445f-h5m5q:/data# f*%! bash: f*%!: command not found Solution nsenter to the rescue! nsenter allows you to run commands from the namespace of the pod (like its being run on the pod) but while having access to all of the host binaries./posts/giteadroneselfsignedtls/Sat, 26 Feb 2022 17:30:00 +0000/posts/giteadroneselfsignedtls/Problem In my lab, I deployed my own ACME Certificate Authority using SmallStep (a post for another day). It signs all (valid) requests for the internal lab. The problem is, any container I pull down obviously won’t have my custom CA cert loaded into the containers trust store, there are quite a few places where you’re going to need to load in this cert. It should be noted, that I chose to route everything through my Traefik Ingress Controller so everybody would be talking TLS to everybody else./posts/migratinggitea/Thu, 27 Jan 2022 04:32:09 +0000/posts/migratinggitea/Problem I deployed Gitea initially using docker compose to just get it up and running. As things progressed on my team, we migrated most of our core services to k8s. Gitea was one of those core services. You’d think just a simple app backup/restore, except that Gitea has no real ‘restore’ functionality. Assumptions I’m going to assume a couple of things for the sake of keeping this brief. You’re migrating to/from the same version of Gitea and same database backend (in this case, I’m going to be using Postgres)./posts/promexternalmetrics-p1/Wed, 05 Jan 2022 16:00:00 +0000/posts/promexternalmetrics-p1/TL;DR Use kind: Probe CRDs provided in the chart. See examples at the bottom. CRD Spec File Background I wanted monitoring, and I had already deployed the kube-prometheus-stack (via the rancher-monitoring chart) and I wanted to leverage that for my non-k8s monitoring needs. It seemed silly to deploy an RPM or static docker based monitoring solution when I had that shiny k3s cluster sitting there, ready to go, with something already deployed on it./posts/edgeosfirmwareupdate/Tue, 28 Dec 2021 11:55:00 +0000/posts/edgeosfirmwareupdate/TL;DR Run add system image but point at a http:// url, either via Ubiquiti’s download page or an internally hosted web server. Problem You have your shiny new Ubiquiti EdgeRouter X, but you need to update the firmware. You want to update it via the CLI because Web UIs are for chumps. You don’t want to connect it to the internet because its running some horrifically old version of firmware and should be patched before it talks to the internet./posts/garagedoorpreview/Fri, 18 Sep 2020 04:44:43 +0000/posts/garagedoorpreview/Whats going on here?! I wired the contacts for the button on each of my garage door openers to a relay board, connected that to an ESP8266, and programmed it with ESPHome using the generic output switch function. Once I get the full tutorial on how to do this, I’ll provide wiring diagrams and example configuration files for ESPHome./posts/garagelights/Thu, 28 May 2020 04:44:43 +0000/posts/garagelights/Timestamps Start-5:00 - unboxing/package contents 5:00-13:48 - custom wiring (skip if you’re just going to use the pre-packaged plugs) 13:48-End - final thoughts TL;DR I would buy these lights again, and not nearly as many as I did (They’re bright AF!) Model: Barrina INWT504020650Bc Amazon: https://www.amazon.com/gp/product/B07F2WMCP2/