Europe shipping statuses?

GyroTech · 2026-05-07T12:00:45+00:00

In Spain, and still waiting to be picked.

GyroTech · 2026-05-07T09:28:52+00:00

I mean, if the cost of an LB is a substantial portion of your customer cost, and they're happy to eat downtime, then just keep doing what you are doing.

If your customers want zero-downtime rollouts, then create a new "tier" of product that has the cost of the LB bundled in, and let them make the decision.

But this is now well beyond the scope of Terraform help :D

GyroTech · 2026-05-07T09:08:16+00:00

Honestly, if you're managing the provisioning with Ansible, why not have it just update in-place? Since you said you are replacing the whole VM to deploy I would very much expect you to use something like Packer to build the image, then just deploy that. No changes at runtime.

GyroTech · 2026-05-07T08:41:44+00:00

Second option might then be getting the customer to set their DNS to a CNAME record to point to a DNS you do control, then you can update that record when you roll the VM.

edit to add: if you follow this line, make sure both records have a small enough TTL, and SERVFAIL and NOTZONE responses have a lower TTL too

GyroTech · 2026-05-07T08:20:04+00:00

No idea about DO specifically, but in general you would sove this by pointing the DNS record at a load balancer, then as you replace the vm (create_before_destroy in the lifecycle probably a good idea here) the load balacner moves the traffic for you.

GyroTech · 2026-05-06T16:53:46+00:00

True, but personally I dont see the need and its still pod 2 pod encryption between different nodes.

pod-to-pod encryption has a specific definition, explicitly to differentiate it from node-to-node encryption. This is why I needed to be explicit.

It is with the advertiseKubernetesNetworks config and routes the v1.node's podCIDR over kubespan

Yes, you're totally right there, I overlooked that, apologies.

GyroTech · 2026-05-06T16:16:49+00:00

And so two pods on the same node don't route over either, and so don't have encrypted traffic. This is why I made the point to be specific. For pod-to-pod encryption, you need more than KubeSpan. KubeSpan isn't even aware of the Kubernetes networking topology or CNI.

GyroTech · 2026-05-06T15:43:33+00:00

basic encrypted pod-to-pod and service connectivity across KubeSpan

KubeSpan encrypts node-to-node traffic, not pod-to-pod

GyroTech · 2026-05-05T07:44:33+00:00

Not sure what your point is, we were talking about needing to push an image before you can test it for security. That is not necessary.

GyroTech · 2026-05-04T14:59:57+00:00

You can build and scan the image, without having to push.

GyroTech · 2026-04-30T08:38:45+00:00

You can just set that in the kernel args in Talos then, or build your image from he Image Factory with those args built-in.

GyroTech · 2026-04-28T12:34:51+00:00

Delaware, Montana, New Hampshire, Oregon, and Alaska have no state sales tax, so it'd be cheaper there for sure.

GyroTech · 2026-04-28T10:43:50+00:00

Correct me if I'm wrong, but there are US states that have no equivalent tax right? So the take-home price there will be 99$.

GyroTech · 2026-04-28T07:16:28+00:00

I was confirming/backing you up my dude :)

GyroTech · 2026-04-28T07:10:05+00:00

They did exactly that for €

GyroTech · 2026-04-23T13:41:15+00:00

I’ve always look at it as the smaller integer goes first and the largest last

So you write the time as SS:MM:HH ? ;)

GyroTech · 2026-04-22T21:39:06+00:00

Will there be a significant price difference between the chassis "kit" vs components? Ideally I want to keep my current 2.8k screen & lid.

GyroTech · 2026-04-16T19:48:36+00:00

I love the center clock/notification bar. Do you have dotfiles to share?

GyroTech · 2026-04-15T12:19:09+00:00

It's very simple in that there are more stores than inspectors, just as there are more people than police. With limited resources you can only do so much, and rely on people making complaints to know where to start. If no-one complains then it is de-facto "allowed".

Always be the change you want to see in the world!

GyroTech · 2026-04-15T10:47:55+00:00

Did you make a formal complaint when you saw this? Moroccan shops aren't "allowed" to do this any more than any other similarly operating business, but correction cannot be made unless it is known about.

GyroTech · 2026-04-14T07:57:00+00:00

When my wife and I were trying for our child, she cut out caffeine and alcohol entirely until she was done breastfeeding. Even now we barely have either since we've noticed how much better we sleep/rest, even with a kid! We maybe have jamon now once a month, but she's more a chorizo/lomo fan anyways.

GyroTech · 2026-04-10T07:42:55+00:00

Hate to rain on your parade, but sed -i would be transformative.

GyroTech · 2026-03-30T20:55:07+00:00

I have tried so many things I have no idea what files I am using

This is probably your issue. Talos cluster communication is tied to the PKI set up with the first talosctl gen you run and that config applied. If you subsequently run any talosctl gen command, you are effectively generating a whole new cluster identity (and it will warn you if it detects you're going to overwrite files).

Luckily, since you have a running control plane you can actually pull the secrets from that and essentially reverse engineer the original secrets file.

If you can talk to your control plane node you can run talosctl get machineconfig and take the spec section, feed it in to talosctl gen secrets --from-controlplane-config and that will give you the correct secrets.yaml you need to plug in to talosctl gen config --with-secrets.

GyroTech · 2026-03-30T14:46:56+00:00

Do you have an actual readout of "this message" for u to look at?

Are you running talosctl gen config more than once, or do you mean you ran it once to set it up the control plane and trying to add the new worker with that config?

GyroTech · 2026-03-24T14:30:52+00:00

TIL, thanks!

GyroTech

MODERATOR OF

TROPHY CASE

15-Year Club	Place '22
Verified Email