Schenkl | 🏳️🌈🦄Webseiten, die einen "merken" Button beim Login haben, sich dann aber weder den Login noch die Session merken...
**Looking at you #goharbor**
DisI am so glad I still have #GoHarbor running as a local #dockerhub cache. Simply updating #calico was enough to throw me over quota. (Calico and such are exempted because GoHarbor runs on the cluster and I hate debugging cold-start issues. Also, I know I can log in and give #microsoft explicit permission to spy all over me but um no thanks? ISTR my IP address still isn't legally me, but my account is...)
Instead of sitting here hand-crafting a bunch of bullshit trying to manually load images onto half the cluster, I just updated the annotation from 'disabled' to 'enabled' and
Today's picture: Has anyone else noticed that #renovatebot can't handle it's own changelogs? An appropriate example of the state of the ecosystem today. 
#selfhost #selfhosting #k8s #k3s #homelab #snarkhome
Instead of sitting here hand-crafting a bunch of bullshit trying to manually load images onto half the cluster, I just updated the annotation from 'disabled' to 'enabled' and
k roll -n calico-system and all was well. It didn't even noticeably impact services.Today's picture: Has anyone else noticed that #renovatebot can't handle it's own changelogs? An appropriate example of the state of the ecosystem today.
#selfhost #selfhosting #k8s #k3s #homelab #snarkhome
Jeroen Postma 🇪🇺I'd like to introduce #GoHarbor in my #homelab but the setup is so terribly convoluted that it's putting me off.
Why does it need to ship syslog, database and proxy stuff? I don't consider this the responsibility of this software.
Worst of all, it's such a mess that it tries to fix it by providing an installer. Which hides the intentions and makes it even harder to understand how these components relate and how to instrument them.
Might go for Nexus or something else instead.
Today's fun link is for the #k8s #homelab. "Harbor-Container-Webhook" is a somewhat mis-named project. It started as an automatic way to use GoHarbor as a Docker Hub cache, but since then it has grown into a capable docker image repo/tag mutator. It takes in a list of matches and transformations, then watches pod creation. If a pod's image matches a match, it gets changed. Simple. (For example, the docker hub cache would change docker.io/library/alpine:latest to harbor.svc/dockercache/library/alpine:latest.) This isn't tied to Harbor at all; it doesn't even have to point to a cache.
If you installed a #goharbor docker hub cache into your #homelab "way back when", you probably installed HCW, everything Just Worked, and you walked away. Today is a good day to wander back and ghcr.io to your caching. (And if you are of a #security mindset, #GoHarbor does image scanning and such too.)
The attached code will cache everything from GHCR except your username's packages. Just delete the excludes block if you want to cache everything. (It is formatted for the helm chart, as values.rules.)
rules:
- name: "ghcr.io rewrite"
matches:
- "^ghcr.io"
excludes:
# these are authenticated separately, so exclude them here:
- '^ghcr.io/MyUsernameRocks/.*$'
replace: "MYHARBOR/ghcache"
checkUpstream: false
verbose: true#dockerhub #k3s #selfhosted #selfhosting #containersecurity
Dis@fyw321 @geerlingguy My 8 node cluster costs around 55W via POE. It is 3 pi4 8G control+worker nodes, and 5 pi4 4G worker-only nodes (1 is actually 8G.)
Storage is #iscsi on spinning rust on #TrueNAS, but you can do all this on local disks.
It handles a LOT:
- #Promstack, #FluxCD, #Calico, various scrapers
- #Adguard
- #Blocky (another adblocking #dns)
- #Jellyfin
- #Ombi, Prowlarr, *arr, Deluge
- Home automation helpers (#ser2sock instances, #zigbee/#zwave 2mqtt, but not HA itself)
- #Argo for builds (deprecated in favor of the x64 cloud lab. Building x64 docker containers on arm is BAD)
- Democratic CSI for iscsi/nfs
- #GoHarbor container registry & #dockerhub cache
- #Mealie recipe manager
- #Monica contact manager
- #SMTP relay to gmail
- #Ubiquiti console (bootstrapping becomes a chicken and egg problem though, if it goes down wrong)
- #Wireguard #VPN server
- #Whoogle
- #VisualStudioCode and a #dind sidecar
- SSL termination for most of the rest of the network
