It’s been a while since I made a blog post, And I’ve just finished up a (relatively) quick switch over in my homelab network layout for inbound traffic to kubernetes - A perfect time to make a post about it! It’s always a problem hosting public services at home, Because there’s a risk of exposing your home network to all sorts of nasty attacks, not to mention the amount of detail an IP address can reveal....
Just a short post here: In my previous post I set up this nice and shiny blog using hugo, you can find it here. In that post I set up a quick gitlab runner config to build and deploy my docker images to my Kubernetes cluster. There was a problem with that however, I was using a Docker-in-Docker (dind) image with TLS enabled. Which is not an ideal workflow, as not only does it require extra config on the runners themselves, and a dedicated docker host, It also requires the build container to run in a privileged execution mode - which creates a large amount of unnecessary security holes, by basically disabling all security mechanisms of containers, which can lead to a rather terrifying vulnerability known as host privilege escalation....
There are a few things I consider myself bad at, this blog aims to fix the worst ones. Documentation and motivation. Wait! before you assume that I am not motivated and immediately write this off, I would like to offer a defence; My motivation comes in bursts, sometimes I spend many hours on learning new tech, other times its just more relaxing to fire up a game and switch off. The goal of this blog is to remind myself to document my learning, as well as to keep me building out my skills and knowledge....