I tried both voidauth and authelia and found that I really like that you can (actually must, as far as I’ve seen) configure authelias OIDC clients as configuration files. That fits a gitops style approach much better when paired with e.g. sealed secrets. It was a real pain to figure out that authelia configuration, hard agree on that… The official helm chart felt way too over-parametrized and is badly documented. The project website has a lot of basically-copy-paste configs for all kinds if self hosted software though.

This is about Doom 3, which was definitely more down the horror alley than the Doom installations after the reboot 2016.

War wohl keine DIN mehr für die Tabellenbeschriftungen übrig 🫩

There are certainly different kinds of developers writing different types of tests. I usually only write the tests first if I‘m adding a critical functionality to some method or function already present. However having automated tests can help you when you can‘t easily understand the code or when you want to refactor that code to make sure you‘re not breaking existing functionality.

What you‘re describing with external devs often happens when these devs can‘t access the real data - plus you often want these tests to be automated, which usually brings with it the requirement of atomicity, i.e. you want one test run running in parallel with another not effecting each other. That usually doesn‘t work well with a real database (unless you really take your test engineering to the overengineered tier).

Ingress controllers usually use the standard k8s services. In fact metal-lb allows workloads (like the nginx ingress controller) in the cluster to use services of type LoadBalancer, which is the default configuration. This results in an actual IP being made available to your ingress controller.

To get nginx ingress to use the external clients IP, you can configure the ingress controllers traffic policy. Using the helm chart, I used these values:

controller: priorityClassName: cluster-service service: # this has a bunch of downsides, but allows source-ip based access white/deny listing. externalTrafficPolicy: Local

For the ingress IP, I configured metal-lb to receive traffic on a static IP (using IP4AddressPool and L2Advertisement CRDs from metal-lb), which is then used for the port forwarding. I’ve never tested it because I only have a single worker node, but I expect the metal-lb controller will receive traffic to that same static IP if a node goes down.

Danke für die neue Schotenwurf-Unterschreibung!

Laser iellones!

Gaming, as a basis for Valves Proton.

Having weak security on your operating system certainly isnt helping when there is some sort of exploit in a browser running on that system. The perfect operating system may not prevent issues inside your browser, but it may limit the damage these do. I feel like you suggest using Linux reduces security - why do you say that?