As I wrote in part 1, not only the license of Nomad was changed, but also the license of Vault. But more than this license change, I'd like to have a secrets solution that's not yet another deployment to manage. Here's the solution I'm currently using. Nothing is set in stone, but for now, it works great.

A few years ago I started using Nomad in my homelab. I've always liked Nomad, a lot. The simplicity of bootstrapping a cluster, the integrations with the entire Hashicorp suite, the ease of deploying new applications, ... But things have changed.

The spark-operator is a convenient way to start managing Spark applications in a Kubernetes native way. It does however miss some basic functionalities, like adding livenessProbes to name something. Let's see how we can overcome these shortcomings quite easily.

Deploying the Kubernetes Dashboard is quite easy. There's a Helm chart with good documentation. It gets harder when you want to limit the access to this dashboard. This post provides a way to setup readonly access to the dashboard.

In my previous blog post, I used skopeo to mirror upstream images to my local Docker Registry. This worked well, as long as I didn't need multi-arch images. Some images, like for log collection, need to be run on multiple architectures in my homelab, so this became a blocking issue.