I have tailscale mostly set up. What’s the issue with USB drives? I’ve got a raspberry pi on the other end with a RO SD card so it won’t go bad.

This reminds me that I need alerts monitoring set up. ; -)

I’m using Kubernetes and many of the apps that I use require environment variables to pass secrets. Another option is the pod definition, which is viewable by anybody with read privileges to K8s. Secrets are great to secure it on the K8s side, but the application either needs to read the secret from a file or you build your own helm chart with a shell front end to create app config files on the fly. I’m sure there are other options, but there’s no “one size fits all” type solution.

The real issue here is that the app is happy to expose it’s environment variables with no consideration given to the fact that it may contain data that can be misused by bad actors. It’s security 101 to not expose any more than the user needs to see which is why stack dumps are disabled on production implementations.

I’d love to hear more about your GitHub to K8s setup. I’ve been thinking about doing something similar, but I’m not sure how to keep my public stuff public while injecting my personalized (private) configuration during deployment.

Helm is one of the reasons I became interested in Kubernetes. I really like the idea of a package where all I have to do is provide my preferences in a values file. Before swarm was mature, I was managing my containers with complicated shell scripts to bring stuff up in the right order and it became fragile and unmaintainable.

This is just a homelab, running on old hardware. I don’t think the raid controller supports RAID-6 and I only got 3 new SSDs, and I read that RAID-6 needs 4 drives.