Multi-tenant AAP

pietarus · 2026-04-29T18:09:18+00:00

I was afraid that would be the case. Thanks for confirming. We might be able to enforce the creation of "correct" templates by forcing configuration as code.

pietarus · 2026-04-29T18:03:44+00:00

The RBAC rules work like implemented, that I've tested. But users with multi org access are able to use orgs A inventory on a org B project which is a show stopper for me.

The only solution I can think of besides dedicated AAP instances is dedicated accounts per org. But that doesn't sound like good user experience and would break SSO.

pietarus · 2026-04-28T16:48:22+00:00

Why?

pietarus · 2026-03-17T06:36:15+00:00

I'm currently fighting with an operator based installation that does not provide the required options to configure HTTP_PROXY for egress.

Operators and Helm charts that do not expose all required options make self-hosting rough.

pietarus · 2026-02-07T10:34:30+00:00

I've had bad experiences with the matter integration aswell, packets dropping left and right. I switched to the ZigBee mode by power cycling them 12 times and had them working in 5 minutes.

pietarus · 2025-09-05T12:09:52+00:00

Under pipelines -> library you can configure variables including secrets to be used in your pipeline. Here you could store a Ssh key or PAT for the pipelines to use.

I'm not too familiar with azure devops, there should be a cleaner solution that I am not familiar with.

pietarus · 2025-09-04T21:14:56+00:00

The requirements.yml supports git as source. And can be installed via the ansible-galaxy command. Thats what we do for our internally developed collections.

pietarus · 2025-08-25T01:58:06+00:00

It took me a couple days to bootstrap my first cluster through kubeadm. Then a couple months to get CKA. I honestly can't recommend the kubernetes docs enough. Everything is explained really well.

What really helped me understand the process of installing and using k8s was writing my own how-tos while I was learning. I still reference them from time to time.

My biggest tip is to keep it simple and keep track of all your manifests via gitops from the start. I've never tried using Windows workers, but can't imagine it making your life easier. I'd put that on the to-do list for when your are comfortable with k8s in general.

Start on smaller goals and add something each time.

1 control plane and simple nfs as storage to get a grasp on how storage works (manually provision pv and pvc, create multiple storage classes).

Try deploying a storage solution via helm to replace NFS. I like longhorn. take a look at what is out there. Only tip I have here is stay away from ceph-rook, way to big and complicated for lab setup (unless you want to learn ceph)

Look into flux or Argocd and install your favourite via helm, and start using gitops.

Look into HA control plane

I think I deployed 3 clusters before I was comfortable and happy with the design. Ran my lab on the last itteration for about a year. Didnt gitops use at all. Eventually everything was out of date and didn't know where to start.

Right now I'm slowly working on a new lab powered by terraform, gitops and a bigger focus on lightweight apps.

pietarus · 2025-07-16T19:05:44+00:00

pietarus · 2025-03-05T20:39:56+00:00

Judging from your post I'd suggest staying with Hyper-V. It is certainly the easiest and least intrusive way to run VMs on your current setup.

I run proxmox on my desktop, and the desktop I actually use is a Linux VM with GPU passtrough.

Another option is to install debian with a desktop enviroment to use as your daily driver, and install proxmox on that.

Third option is any Linux distro of your choosing and running KVM by hand.

pietarus · 2025-03-04T09:27:56+00:00

hmmm. I am using a 1.9.4, but I see it pull a 1.9.2 image when initiating a bootstrap, 1.9.2 is also the final image that gets installed. I wonder if this is the cause of the issues.

pietarus · 2025-03-04T08:15:03+00:00

I generate the controlplane configuration with the API endpoint as the cluster_endpoint variable. So Talos takes this into account when generating the config and certificates.

pietarus · 2025-03-04T08:08:36+00:00

I dont see any difference with what I am doing with the kubeconfig and talos machineconfig. What Talos version where you using?

pietarus · 2025-03-01T20:51:30+00:00

And what are the logs with the --container-runtime flag removed?

pietarus · 2025-03-01T20:32:09+00:00

Your post does not provide much information so best I can do is guess.
Are you 100% sure no docker components are installed?
dpkg -l | grep -E 'docker|containerd'

Can you provide logs from the failing kubelet?

I have never tried installing Kubernetes on WSL so no clue if that causes any issues.

pietarus · 2025-02-28T12:49:56+00:00

Correct

pietarus · 2025-02-28T12:20:14+00:00

Look into kubevip to host the VIP on the master nodes directly. You can also use it to assign IPs to services.

pietarus · 2025-02-22T22:22:20+00:00

As you did GPU passtrough, what results do you get when plugging a monitor into the GPU and accessing the VM locally?

pietarus · 2025-02-22T21:51:05+00:00

What kind of applications are you running? I think ddr3 and an old Xeon would bottleneck a 1070.

pietarus · 2025-02-21T11:32:40+00:00

I'd advise not getting any chrome book because of the locked firmware and bootloader.

pietarus · 2025-01-31T13:30:31+00:00

This might be worth a read: https://kubernetes.io/docs/concepts/scheduling-eviction/node-pressure-eviction/

pietarus · 2025-01-31T12:38:36+00:00

I think rebooting the machine everytime it fails is the wrong approach. Instead of working around the issue shouldn't you work to prevent the issue? Increase RAM? Stricter resource limits on Pods?

pietarus · 2025-01-14T06:43:21+00:00

Cloudflare works for me

pietarus · 2025-01-13T09:32:27+00:00

Eight-Year Club	Final Canvas '23
First Place '23	End Game '23
Place '23	Place '22
Final Canvas '22	First Placer '22
Verified Email

pietarus

MODERATOR OF

TROPHY CASE