I started writing on the Internet with a nod to the value of the fundamentals, with an unapolagetically strong emphasis on learning bash. I think now is a good time to revisit what a “fundamental skill” is today, in 2026. I believe everyone has their personal “oh shit” moment when it comes to AI. Mine was on the day I heard about ChatGPT and I logged in with the free tier.
Problem We want to run OpenWebUI so we have an easy way to interact with, and test out, LLMs. We also want the convenience of Ollama for managing/running our models for us. We also want to make use of the GPU in our system. Solution Go the lazy simple route of running both inside containers. We’ll coordinate the tech with docker-compose. The file Below is one successful docker-compose.yaml file for standing up both containers, getting them talking to each other, and also exposing both ports on the host network for easy access over your home network.
Problem We want to take advantage of the Wiz MCP Server on our Windows workstation running WSL2. Solution The long-term solution to this is to just host the MCP server in a central location and put something like the OpenWebUI OpenAI Proxy in front of it. But this is a fast-moving area so we’ll scope this article to our local workstation. Here’s our tech stack: Cline VSCode plugin for our human interface (we will configure Cline to talk to our LLM and our MPC server) WSL for our runtime.
I started writing on the Internet with a nod to the value of the fundamentals, with an unapolagetically strong emphasis on learning bash. I think now is a good time to revisit what a “fundamental skill” is today, in 2026. I believe everyone has their personal “oh shit” moment when it comes to AI. Mine was on the day I heard about ChatGPT and I logged in with the free tier.
Problem We want to run OpenWebUI so we have an easy way to interact with, and test out, LLMs. We also want the convenience of Ollama for managing/running our models for us. We also want to make use of the GPU in our system. Solution Go the lazy simple route of running both inside containers. We’ll coordinate the tech with docker-compose. The file Below is one successful docker-compose.yaml file for standing up both containers, getting them talking to each other, and also exposing both ports on the host network for easy access over your home network.
Problem We want to take advantage of the Wiz MCP Server on our Windows workstation running WSL2. Solution The long-term solution to this is to just host the MCP server in a central location and put something like the OpenWebUI OpenAI Proxy in front of it. But this is a fast-moving area so we’ll scope this article to our local workstation. Here’s our tech stack: Cline VSCode plugin for our human interface (we will configure Cline to talk to our LLM and our MPC server) WSL for our runtime.
Problem Garmin Venu 3 watches will sometimes go into severe battery drain mode, measured by more than 1% per hour (normaly, a single charge will last over ten days). This is further complicated by the sheer opacity of the devices. There’s no logs, no error indicators, and the only way to interact with the device is a desktop program. Solution (sort of) The Internet is filled with threads and forum posts of people performing various Kabuki dances because knowing the cause is impossible, so you can’t execute a precise fix.
With thanks to Arnold, Adam, and Ketch for the pointers. I recently finished The Foundation workout program in Arnold’s Pump Club. This is a 90-day workout program with multiple workouts per week. I finished it after ten months. Injuries, sickness, work schedule, life events. There was always something slowing me down but I always got back to it once I had the time & ability. I’ll let you in on another secret - I didn’t do the full workout every single time.
I love reading. I love the idea of books, to the point that a small, always ongoing vanity project of mine is a library of books I find special. This means there are always a few books in flight (I should probably practice better focus and work on only one book at a time). So anyway, I was reading a memoir from someone in the restaurant industry. They were recounting an interview they had early in their career.
For the longest time, Garmin was “the GPS company”. They sold those bricks that you mount on your car dashboard and would help you get from Point A to Point B. They even had custom voice packs you could buy; and this was before it was easy to generate it with AI so you had to pay real money to the real Samuel L. Jackson, who sat in front of a real microphone and really said “Turn right here!
When you’re the one talking, all eyes are on you. This means several things: Everyone showed up to accomplish something. We all dedicated this time to this thing. We chose to be here instead of anywhere else. It doesn’t matter if it’s a three-person meeting to decide on today’s work or a recorded TED Talk with tens of thousands of people in the audience. Your responsibility doesn’t change: inform / assist keep their attention Most of us took classes on the first part - putting together information, making charts, or preparing to troubleshoot.
You can build the best thing, do your best work. But if no one notices, it doesn’t mean anything. Let me try to illustrate with a story. We were on a vacation to Disneyworld years ago. Disney, if you weren’t aware, has engineered just about all the efficiency out of their experience. They track traffic, ridership numbers, they even have data on which garbage cans are the most popular. So it’s not surprising to see this pathological obsession over efficiency applied to the Starbucks that’s in Epcot Center.
When there’s a setback, a technical bump in the road, people who don’t really care will dismiss the problem with “it’s just an inconvenience”. The subtext is “grow up, deal with it”. But convenience has knock-on effects: convenient things get done often, because they’re easy to do convenient things free up time, because they take less time convenient things can be done by anyone, because they’re easy to do Making something “convenient” isn’t just about making the job cushier.
Problem We need to create self-signed certs. But because browsers/tools are finally enforcing what they said they would for years, we have to put the CN into the list of SANs for the cert. This is non-negotiable. That means we have to use the x509v3 extensions. Which is highly forgettable. Solution Automate as much as is reasonable. Worth noting that this worked as of this writing for securing an NPM registry proxy.
Entire books have been written on the topic of Strategic vs Tactical. At the risk of creating more noise, I’d like to add my experience to the collection. Talking with Tom Hatch about, well, a lot of things, this topic came up and he had the best illustration. I’m sure you’ve heard a varient of it before. If I’m defending my house (let’s pretend it’s a zombie apocalypse just for fun), the “man at the door” is my Tactical need.
Problem Raspberry Pi’s are great but they don’t automatically update themselves. And once we’ve figured out how to make them do whatever it is we wanted them to do, we’re not likely to log back in just for updates. We need to set the machine to update itself. Solution There are, no doubt, a number of ways to do this. The following approach just drops an entry into /etc/crontab to make the system update itself and reboot once a day.
Problem We have Kubernetes. We need a cert. We want to use Let’s Encrypt to create (and manage) that cert for us. Solution We can install cert-manager and, with three objects, do exactly that. At a high level, we create a ClusterIssuer, we configure it with our cloud credentials (in this case AWS), and we request a certificate. We’ll be using Harbor as the example application but this can be used for any service requiring a cert.
Problem We’ve successfully implemented user authentication in our TKG clusters. Now, we’d like to update the client ID/secret for our TKG Management Cluster. Solution TKG uses Pinniped to support authentication, including to OIDC providers. However, exactly which Kubernetes object we need to update/reconfigure is not immediately obvious. Fortunately, we only need to update one object, and the cluster takes care of the rest for us. At a high level, here’s what we’ll do:
Problem We need to reliably implement cluster autoscaling for our Kubernetes platform. How can we do that? And how can we know it’s working? Solution TKG uses the ClusterAPI provider, part of the Cluster Autoscaler but makes it easy to configure. We’ll ask TKG to enable Cluster Autoscaler for us, dial in a few options, and then test it out. Note: As of this writing, the latest version of TKG is 1.
Problem User management is not part of Kubernetes. You have to tie Kubernetes to an external system. This gets…. complicated. Solution For TKG, we can hook our Kubernetes clusters up to any OIDC provider. For this excercise, we’ll use Okta. At a high level, here’s what we’ll do. Create a new ‘app’ in Okta. This will give us our OIDC endpoint. Deploy a management cluster, configuring it to point to our Okta app Update our Okta app with a callback URL (created during the management cluster creation process) Generate kubeconfig and test Create RoleBinding and finalize This has some big advantages, most notable is the centralizing of user management.
Stated Goal We want easy GPU access for Kubernetes workloads in our TKG clusters. This is done by: Installing GPU device drivers on our Kubernetes worker nodes Installing the device plugins on our Kubernetes worker nodes Applying the appropriate labels to our Kubernetes worker nodes so that GPU workloads can find them. The Nvidia GPU Operator does all three for us. I’m Impatient. Just Tell Me What to Type If you just want to get up and running and move on with life, here you go.
Problem As of today, there is no single answer to the question “How do I deploy my workload?”. Helm Chart? A set of yaml files? Templated yaml files? And not just user-facing apps - how do I consistently deploy ingress controllers? K8s cluster user auth services? Diagnostics, metrics, and so forth? We need one answer to this question. Enter kapp and kapp-controller. In this post, we’re going to focus on kapp-controller and show how to set up a reconciliation loop that gives you the ability to push a new version of your workload into your Kubernetes cluster with just a git push (hi Gitops!
Problem Now that Vsphere 7u1 is out (yay!), you, too, can run Vsphere with Kubernetes without NSX-T. But for the home lab of a former developer, what does that look like? We have our fancy Ubiquiti networking but we’re not sure how to make the right networks. We also don’t know how to make those networks work on our Vsphere gear. If you’re approaching Vsphere with Kubernetes from an app down perspective (that is, you’re better at Kubernetes than you are at Vsphere), we’re going to explain how you can set up your network to prepare for enabling Workload Management.
Problem You got a Kubernetes! Your Vsphere team has given you access to a Vsphere Workload Management Namespace, which means you can start making clusters! But how, exactly? Assuming they didn’t give you enough directions, how do you from ‘access’ to ‘I have a Kubernetes workload!’ ? Solution At a high level, you’ll need to log into the Supervisor cluster built into Vsphere. After doing that, you can target the supervisor namespace created for you and get to work creating clusters and using them.
Problem You may occasionally find that a game you made in Roblox has been hijacked and immediately teleports you to another game when you start. This is a total bummer as it takes away all the time you spent creating the game and can leave you feeling helpless. Bottom line, this is being caused by some code, somewhere, teleporting the player to the target game. This is done (currently) by a call to Teleport() in the API, found here.
Problem We want to deploy a simple (read: development) instance of MongoDB in our Kubernetes cluster with as little work as possible. Additionally, we’d like to make that MongoDB deployment available to services outside the k8s cluster but not outside our VPC Solution Use Bitnami’s MongoDB helm chart to deploy MongoDB, then expose the service via a Kubernetes service of type LoadBalancer. Assumptions We assume you: are in AWS (not EKS, just living in AWS) already have a Kubernetes and have appropriately tagged your public subnets to allow Kubernetes to create load balancers for you on your behalf.
Note: This will be light on details. The exact commands to run, unfortunately, are an exercise left to the reader. This post is more of a tactical guideline to jog your memory. The author regrets the lack of detail. Problem Creating your k8s clusters is just the first step. How do you hand the cluster off to the right people so you don’t have to worry about it anymore? How do you give them access while keeping others out?
Problem We have Jenkins. We also have a need to build and deploy a typical application (in this case, a Java application). We need a way to go from “I just installed Jenkins” to “We have a Jenkins pipeline that can build and deploy our code”. Solution We will install the bare minimum of extra packages on our Jenkins server (and slaves, if necessary), then write a pipeline to fetch, build, and deploy our code.
Disclaimer It was recently brought to my attention that this problem is probably solved by using certstrap, courtesty of Square. If you’re in a hurry, I’d encourage you to go and give that a try first. Link: https://github.com/square/certstrap I’m leaving the below for posterity and pedagogical use. Problem Wildcard certs are expensive, especially for home labs. It seems, though, that the Internet is full of how-to’s and “works for me!” type solutions.
Problem As of this writing, the docs for deploying PCF on Amazon using Terraform have a gap that could lead to a lot of frustration. In short, the Terraform files and docs have switched to using Network Load Balancers instead of ‘Classic’, Elastic Load Balancers. The end result is there is a detail that we need to implement ourselves. The problem is that our router vms need to be placed behind the web-lb-security-group in order to accept HTTP/HTTPS traffic.
Problem We have an offline (i.e. airgapped) Ubuntu machine (or machines) and the need to install packages on them. We also are unable to stand up our own repo mirror (because reasons), so all we have is our single machine with limited disk space. Solution Package up only the binaries that we need and create a local repo on said airgapped machine. In full transparency, the clean, “right” way to do this is to create a mirror of the repo in your airgapped network and simply use that.
Problem We need to make several Certificate Signing Requests (CSRs) for our datacenter. Two, or two-thousand, it doesn’t matter. We’re putting together a one-liner that will solve it for us. Of course we’re automating it. Solution Create a text file containing your server short names. Say, servers.txt. text Copy salt-master-01 es-data-01 es-data-02 es-data-03 es-data-04 es-data-05 es-data-06 es-kibana-01 streamsets-sdc-01 streamsets-sdc-02 Set your domain via an environment variable: sh Copy DOMAIN=lab.company.com And fire away:
In keeping with the fundamentals, here’s a handy one-liner to save yourself a few extra commands. Problem We want to delete a number of machines via Salt Cloud, but we want it in a one-liner because we hate typing the same thing over and over. bash Copy $ salt-key Accepted Keys: esdata-01 esdata-02 esdata-03 esdata-05 Four machines. But we want to avoid up-arrowing or copy/pasting each individual one. So… Solution bash Copy $ salt-cloud -d $( for x in 1 2 3 5; do echo "esdata-0${x}"; done) The following virtual machines are set to be destroyed: vmware: vmware: esdata-01 esdata-03 esdata-02 esdata-05 And we’re done.
Introduction Salt has moved on from simple configuration management and is better described as “event-driven automation”. At the heart of this argument is the message bus. A typical follow up to getting your hands around your internal cloud is going to be management of your network space. Let’s go through how Salt’s event bus can help us solve this problem. This post assumes a simple setup of a /24 network.
It turns out that there are a lot of nuances when using Saltstack with VMWare. Let’s walk through the requirements for successfully using Saltstack to deploy VMs on VMWare. Assumptions To narrow the scope of this post, we’ll assume the following is already taken care of. The intended use is to deploy VMs from a template, a la a normal cloud provider. You already have a healthy VMWare environment. Permissions - There are many and I won’t pretend to know all of them.
If there’s one thing that the great Saint Atwood taught me, it’s this - software is built to help people do their jobs. That’s why we have automation, right? Because we need something done and would rather not spend all our time manually building something. That’s why we have software, computers, and all of these crazy frameworks and languages we spend our times learning - so we can build something that someone needs.
I’ve always said that Salt is not configuration management. I want to expand on one of the capabilities that Salt, as a platform, can offer you. That capability lies just under all the salt commands you’re accustomed to firing on the command line. It’s Salt’s Python API, not to be confused with the separate salt-api system. The largest advantage of going down this route is the ability to inspect the return data from a Salt run and, using the full capability of Python, write the logic necessary to make complex decisions that would otherwise be difficult in Bash or an absolute nightmare in Jinja.
Sometimes you need to make a few VMs. For me, it’s usually libvirt. We have some scripting around the creation of a number of machines, but what we don’t have (yet) is the ability to add additional disks to those VMs. So instead of chasing each machine in the VM Manager UI, let’s slap together some bash (remember Bash? Remember the previous entry?). bash Copy #!/bin/bash # Create, and attach, three additional disks: # /dev/vdb # /dev/vdc # /dev/vdd for vm in `virsh list --name`; do for disk in b c d; do # Fancy disk name disk_name=${vm}-vd${disk}.
If you want to be useful, learn a trade In trying to keep up with the latest in technology and staying relevant, it’s easy to forget that each one of these emerging technologies is built upon a bedrock of simple, reliable tools. Simple tools that you can learn, and then use everywhere you go because they’ll never be obsolete. For my case (and yours, if you’re reading this), that means that the fundamentals include (but are certainly not limited to):