I occasionally write blog posts where I talk about software, hardware, or even plants that I'm working on.
Recent Posts
Comparing changes in a Nix Flake
Nix/NixOS is a declarative language for defining your entire operating system. I use it on my dedicated servers to be able to apply GitOps for the servers. I define my services in a Git repo, everything from what version of packages to use, to what services should be installed, and how they should be installed. Those servers run Kubernetes which is where most of my services live.
Nix is a beast. The language is quite complicated and I wrote about my challenges. While I’ve gotten used to the language, I still don’t consider it intuitive. With that out of the way, my next challenge is that if I run nix flake update, which updates the packages that come from NixPkgs (which is most packages that you install.) Then I don’t really know what’s changing.
Managing software updates for my Cdk8s home lab with Renovatebot
In my home lab, I use cdk8s which builds on AWS CDK to define my Kubernetes resources infrastructure as code. A lot of people use Helm which uses YAML programming, which I wrote about why I didn’t like, but cdk8s allows me to write it in TypeScript. I can write reusable classes to reduce duplication, like an Ingress construct that handles all the configuration I need. If you want to read more about the pros and cons of Cdk8s, read the post.
In this post, I’m going to show how I use an open-source system, Renovatebot, to keep my home lab up to date.
Continue reading...Creating Kyverno policies using LLMs in Open WebUI
Kyverno is a handy policy engine for Kubernetes. For example, I use them to improve security by enabling user namespaces, or fix compatibility issues. I frequently use to validate or mutate resources that are created.
However, the YAML format can be a bit tricky for some of my more complicated policies. LLMs do alright creating many policies, but can struggle with my more complicated policies because they have to one-shot the policy and create it in one pass with no feedback or validation.
In this post, I’m going to show how I configure OpenWebUI to help me draft Kyverno policies.
Continue reading...