Tower of Kubes

Home Assistant on Kubernetes

2025-11-13T00:00:00Z

Today I learned Home Assistant can run on K8s using this Helm Chart: pajikos/home-assistant-helm-chart: Helm Chart for Home Assistant

Quote

This Helm chart bootstraps a Home Assistant instance on Kubernetes, supports configurable persistence, controller types, add-ons (e.g. code-server), and is auto-updated with new Home Assistant releases.

Telegram: View @KubeBuilders

My Opinion

For over two years, I have been running Home Assistant on Home Assistant Green, which comes pre-installed with Home Assistant OS.

The device has been working perfectly well for all of my smart home needs. Even though it is not the most cost-effective way to run Home Assistant, it is a well-designed device, fast enough for my needs and power efficient.

If I were buying a new dedicated device for Home Assistant today, I may have preferred to get a mini PC instead, since some mini PCs are similar in price to the HA Green but significantly more powerful (though maybe not as power efficient). However, I would still strive to run Home Assistant with Home Assistant OS.

Why standalone device for Home Assistant

On recent podcast episodes of Linux Unplugged (including LINUX Unplugged 637: Chris’ Smart Home Disaster), Chris talked about considering a move away from the Home Assistant Yellow (which is more powerful than the HA Green), perhaps towards a mini PC running multiple services (rather than just a mini PC). Chris also debated the benefits of running Home Assistant on NixOS vs Home Assistant OS. Nevertheless, I tend to agree with Chris’s long-standing stance that it’s best to give Home Assistant its own device, because of how essential it can be to a home.

Why Home Assistant OS

I run all my other self-hosted services in containers. Why not Home Assistant as well? The reason is that Home Assistant OS makes everything easy. Notably, Home Assistant Container installations don’t have access to add-ons.

Quote

Add-ons are additional standalone third-party software packages that can be installed on Home Assistant OS. \[Learn more\]

Installation - Home Assistant

Although Add-ons are really just containers, and many Home Assistant users manage to install them as separate containers, this requires elaborate configurations to make the different containers work together with Home Assistant. Even though I’ve been doing Docker Compose stacks (for example, applications that have multiple containers including a database), the moment I found out that HAOS allows one-click installation of Add-ons, I immediately gravitated towards that simplicity. Some examples of Add-ons that I use and rely on are Matter Server, Zigbee2MQTT and Music Assistant.

Backups are also fairly simple on HAOS.

Benefits of the Home Assistant Helm Chart

Nevertheless, I do find the idea of this Home Assistant Helm Chart compelling. Features such as replicas and partial add-ons support make this an interesting alternative to HAOS. I may run a test deployment in my parent’s home, since that’s where my homelab cluster is.

Featured image by Jakub Żerdzicki on Unsplash.

Grebedoc

2025-11-13T00:00:00Z

Today I learned about Grebedoc — static site hosting for git forges.

Note

Grebedoc is Codeberg spelled backwards. I find this name very clever, especially since it has “doc” in it (static site hosting can be used for Markdown Documentation|documentation).

This is a new option for Static Website Hosting, which can serve as an alternative to GitHub Pages. Codeberg already a similar solution called Codeberg Pages, though Codeberg Pages had a big scary warning that says it is in maintenance mode. Grebedoc is using new software, git-pages, so does not rely on Codeberg/pages-server (which is the part of the Codeberg Pages stack that is in maintenance mode).

Origin Story

Quote

One of Grebedoc maintainers here! I came up with the idea for Grebedoc (and its underlying software, git-pages) when I realized that I have an extreme degree of dependency on GitHub Pages from many years of using GitHub, but it also seemed pretty likely that sooner or later, GitHub will stop subsidizing my efforts one way or another, and I need a backup plan.

I originally wanted to just use Codeberg Pages, but it had some significant scaling and uptime issues (that I don’t want to rehash here). I ended up concluding that the reasonable way forward is a redesign, which is what I’ve built and deployed with a small team of other volunteers. It took about a month of work and the whole thing, anycast and all, costs about 35€/mo to run. Also, Codeberg Pages is currently trialing the use of git-pages as the new pages backend, and you should be able to use it on the *.codeberg.page domain already (it responds to the same POST/PUT requests as Grebedoc)/

whitequark’s comment on Grebedoc — static site hosting for git forges | Lobsters

The fact that the entire global stack “costs about 35€/mo to run” is impressive. Though, I wonder what the increase in cost will be when more people start using Grebedoc.

Can I use Grebedoc for my personal projects?

One of my concerns was that Grebedoc sites would have to use a Codeberg repository. Codeberg looks good, though it is more limiting than GitHub or GitLab since they require every repo to use an open source license. This also raises concerns when creating a website/blog of my own, will any content hosted on a Codeberg repo also have to be licensed for the public domain?

However, based on grebedoc.dev, using Codeberg is not mandatory. There is a small learning curve to understanding how to host a site on Grebedoc, but the main page explains different scenarios clearly. There is a size limitation:

Quote

The size of a website is currently limited to 1 GiB. We are aiming to eventually raise this to 10 GiB.

Note

UPDATE: Originally, the size limit was 768 MiB, but this has recently been raised to 1 GiB.

Based on all of that, it looks like I should be able to host small websites (up to 1 GiB) on Grebedoc, no matter which Git forge I choose to use and the repo can also remain private. I can use my own domains if I want, though Grebedoc also allows using *.grebedoc.dev or *.codeberg.page subdomains. All of this is free, as far as I can tell there is no paid-tier (Codeberg is a non-profit, they can be supported, but this is not required for using anything they offer).

Resources

Featured image by Tina Rolf on Unsplash.

Lima and Colima

2025-10-16T00:00:00Z

Today I learned about Lima and Colima, which help run Linux VMs and containers on macOS.

I learned about these tools while writing How To Install Docker. Although I’ve heard about them in the past, I kept forgetting what they were called, which is one reason I am writing about them now.

Lima

Lima launches Linux virtual machines with automatic file sharing and port forwarding (similar to WSL2).

Lima: Linux Machines | Lima

As this description states, Lima is similar to WSL. When using Windows, I have gotten used to a workflow based around WSL, both for Docker and with Git. I have not used macOS yet but expect to one day get a MacBook as a work laptop, and will have to learn an effective workflow for macOS.

Colima

Colima - container runtimes on macOS (and Linux) with minimal setup.

GitHub - abiosoft/colima: Container runtimes on macOS (and Linux) with minimal setup

Differences between Lima and Colima

How does Colima compare to Lima?

Colima is basically a higher level usage of Lima and utilises Lima to provide Docker, Containerd and/or Kubernetes.

colima/docs/FAQ.md at main · abiosoft/colima · GitHub

“How does Lima relate to Colima?”

Colima is a third-party project that wraps Lima to provide an alternative user experience for launching containers.

The key difference is that Colima launches Docker by default, while Lima launches containerd by default.

Colima (third-party project) | Lima

It’s worth noting that current versions of Lima also support using Docker as a container runtime, and the same is true the other way: Colima supports using containerd as a container runtime.

Installation

Install Lima

Installation | Lima

Example

# Homebrew
brew install lima

# MacPorts
sudo port install lima

# Nix
nix-env -i lima

Install Colima

Colima is available on Homebrew, MacPorts, and Nix. Check here for other installation options.

Example

# Homebrew
brew install colima

# MacPorts
sudo port install colima

# Nix
nix-env -iA nixpkgs.colima

Using Docker with Lima and Colima

Docker with Lima

Documentation / Examples / Containers / Docker | Lima

Lima Docker Rootless

limactl start template://docker
export DOCKER_HOST=$(limactl list docker --format 'unix://{{.Dir}}/sock/docker.sock')
docker run -d --name nginx -p 127.0.0.1:8080:80 nginx:alpine

Lima Docker Rootful

limactl start template://docker-rootful
export DOCKER_HOST=$(limactl list docker-rootful --format 'unix://{{.Dir}}/sock/docker.sock')
docker run -d --name nginx -p 127.0.0.1:8080:80 nginx:alpine

Docker with Colima

Docker client is required for Docker runtime. Installable with brew brew install docker.

You can use the docker client on macOS after colima start with no additional setup.

brew install docker
colima start

Linux Support

Both run on Linux hosts. Lima also supports non-macOS hosts (Linux, NetBSD, etc.) and Colima’s README lists Linux as supported.

There’s less reason to use Lima/Colima on Linux than on macOS, but it may still be useful in certain cases, since it is another way to run VMs on Linux.

Apple Container

After years of mac users using projects such as Lima, Colima and others in order to run containers on macOS, Apple released their own solution a few months ago: Container. This seems like a good solution that likely has good performance. Notably, this solution is not based on Docker, but can nevertheless run OCI containers.

Featured image by Aarom Ore on Unsplash.

Diátaxis framework for technical documentation

2025-10-05T00:00:00Z

Today I learned about Diátaxis, a framework for technical documentation.

Quote

Diátaxis is a way of thinking about and doing documentation. It prescribes approaches to content, architecture and form that emerge from a systematic approach to understanding the needs of documentation users.

Diátaxis identifies four distinct needs, and four corresponding forms of documentation - tutorials, how-to guides, technical reference and explanation. It places them in a systematic relationship, and proposes that documentation should itself be organised around the structures of those needs.

Diátaxis solves problems related to documentation content (what to write), style (how to write it) and architecture (how to organise it).

As well as serving the users of documentation, Diátaxis has value for documentation creators and maintainers. It is light-weight, easy to grasp and straightforward to apply. It doesn’t impose implementation constraints. It brings an active principle of quality to documentation that helps maintainers think effectively about their own work.

I Need To Write Documentation

I’ve been thinking a lot about documentation recently, experimenting with software such as Material for MkDocs and Docusaurus. These frameworks solve the problems of how and where to write documentation (Markdown files served as a static site by one of these frameworks together with static website hosting). However, they don’t solve the much more important problem of what to write about. There’s an entire field of technical writing.

I am now in a situation where I need to write several pieces of documentation. My client requested I create documentation for them based on what I’m working on, to both on-board new users/developers on how to work on the codebase and run pipelines, as well as two explain in-depth to any future DevOps Engineers or admins about how I set up our cloud infrastructure, repositories, custom tools and pipelines. Two pieces of documentation are needed. For the client, I will use Confluence; I am not a fan of Atlassian, but the alternative for this client is to write Word documents. Confluence will do. Besides, I’m not going to setup Docusaurus for this client.

At the same time, I also want to write documentation for my “homelab-as-code” project and to help write documentation for CALMe (together with Josh, who works as a technical writer).

Diátaxis

I learned about Diátaxis from Khue’s Homelab: Updating documentation (this website) - Khue’s Homelab

Khue’s Homelab is one of the most impressive homelab projects that I’ve seen. “Fully automated homelab from empty disk to running services with a single command”. It is also well documented. It uses the Diátaxis technical documentation framework:

Quote

There are 4 main parts:

Getting started (tutorials): learning-oriented
Concepts (explanation): understanding-oriented
How-to guides: goal-oriented
Reference: information-oriented

These four parts are the basis of Diátaxis:

Quote

At the core of Diátaxis are the four different kinds of documentation it identifies. If you’re encountering Diátaxis for the first time, start with these pages.

Tutorials - learning-oriented experiences
How-to guides - goal-oriented directions
Reference - information-oriented technical description
Explanation - understanding-oriented discussion

Diátaxis prescribes principles that guide action. These translate into particular ways of working, with implications for documentation process and execution. Once you’ve made your first start, the tools and methods outlined here will help smooth your way.

The compass - a simple tool for direction-finding
Workflow in Diátaxis

Should I Adopt Diátaxis?

On first impressions Diátaxis looks great. Writing it may be somewhat challenging at first as I learn to structure technical writing in this way, but the results may well be worth it. I am having a hard time finding alternative documentation frameworks (though I’m sure they exist). The alternative for me to using Diátaxis would be free-flow documentation based on the topics that I think I should cover; this is how I have been writing documentation until now which does work but may end up a bit messy. Of course, Diátaxis is not perfect either and there are criticisms for it: My Problem With the Four-Document Model.

Featured image by Sigmund on Unsplash.

Bitbucket versus the Competition

2025-09-30T00:00:00Z

TIL that Bitbucket is the slowest of the major software forges according to Software Forge Performance Index.

forgeperf.org is maintained by SourceHut, who are not impartial. SourceHut just so happen to lead most of the performance results. I can believe that the benchmarks are accurate, though the benchmarks may have been designed in a way that favors SourceHut.

Even so, performance is not everything. SourceHut’s UI is noticeably basic, which might be good for performance but not necessarily the most pleasent to use. SH patchsets are sent over email, an antiquated workflow (even if it’s still how Linux kernel development works).

The reasons I dislike Bitbucket have little to do with its subpar performance. Bitbucket, like most of Atlassian’s suite, just feels aggressively average. I wouldn’t go as far as to say Bitbucket is bad, it functions fine as a git forge. It does the basics decently well and many enterprises successfully use it. However, when compared to its main competitors, Bitbucket feels objectively worse. It kind of sucks.

The Competition

I would consider the main competitors to be GitHub and GitLab. Both of these have many more features than Bitbucket. Bitbucket is falling behind and playing catch-up, slowly implementing features that the competitors had years ago. Here are several examples.

Artifact Registry

There was a recent announcement of Bitbucket Packages. This will be Bitbucket’s own solution for an artifact registry, starting with a container registry. GitHub and GitLab already had artifact registry solutions for years, for example GitHub launched GitHub Package Registry in 2019 and GitHub Container Registry in 2021. Even when Bitbucket Packages does launch it will be limited to containers only at first. I also noticed that Bitbucket is missing a Releases feature, which both GitHub and GitLab have.

CI/CD

Atlassian has had several different CI/CD solutions over the years. Bamboo used to be the main one, and many companies used (or still use) a Bitbucket+Jenkins combo. Nowadays, Bitbucket Pipelines is the main solution that Atlassian tries to push onto its customers. One of these customers is my current client. I came into the client having to deal with the hacky Bitbucket pipelines that the previous team left me. We are using self-hosted Bitbucket Runners running on EC2 instances, because the hosted Bitbucket Runners are underpowered. Overall, I got the pipeline working, although the entire time I wished I was using GitHub Actions instead. To be fair, it’s clear Bitbucket Pipelines is being actively developed and is getting new features. However, it’s also clear that it’s playing catch-up against others CI/CD solutions (including GHA and GitLab CI/CD). There are all sorts of weird limitations, some of which have been fixed and others which still haven’t. For example, until recently, Bitbucket Pipeline steps were limited to only 2 hours. This has thankfully been fixed, and now the max-time can be set up to 720 (12 hours), enough to most (but not all) jobs. Other limitations continue to exist. GitHub has the Actions Marketplace full of community actions that can be easily integrated into GHA workflows, often completely for free (many actions are FOSS). Bitbucket works with the Atlassian Marketplace and Bitbucket Pipes integrations | Bitbucket, but this is much more limited and harder to use with Pipelines, and the majority of Apps are paid.

SSH commit signature verification

I was excited about SSH commit signature verification this feature when I learned about it during my bootcamp in late 2022. GitHub was quick to implement it and GitLab not long after. I then started working with clients that used Bitbucket and was surprised to find this feature missing! Only in 2025 did Bitbucket Cloud release SSH commit signature verification, more than two years after both GitHub and GitLab.

Bitbucket CLI

Bitbucket has no official CLI tool in the style of GitHub CLI or GitLab CLI. Of course, the standarad Git CLI does work well with Bitbucket, but the gh and glab CLI tools go beyond that and allow to do many actions directly using commands. Bitbucket does have REST APIs (The Bitbucket Data Center REST API and The Bitbucket Cloud REST API) which do work, but are harder to use than an equivalent CLI tool would be.

Cloud Development Environments

GitHub has Codespaces and GitLab has Workspaces. Both are Cloud Development Environments based on VS Code. Microsoft maintains both GitHub and VS Code. VS Code itself remains open source under the MIT license. GitLab maintains their own VS Code fork.

Bitbucket offers to use Cloud IDE add-ons Bitbucket Integrations, but doesn’t have anything built-in.

Automatic Dependency Updates

Dependabot is built into GitHub. GitLab uses Renovate GitLab Bot. Renovatebot can work with Bitbucket, either self-hosted or supported by Mend, however there is nothing built-in to Bitbucket.

Fragmented Hosting Solutions

A major point of confusion for me when using Bitbucket has been the the differences between Bitbucket Data Center and Bitbucket Cloud. While both look like Bitbucket, they are essentially two different products with different features and development cycles. Every time I look up Bitbucket documentation, I have to make sure that I am following docs for the right product. There are even two different Bitbucket REST APIs.

In comparison, GitLab operates under a single codebase for Community and Enterprise editions and the same codebase is used to run GitLab.com:

Quote

The largest known GitLab instance is on GitLab.com, which is deployed using our official GitLab Helm chart and the official Linux package.

GitLab architecture overview | GitLab Docs

Bitbucket Kills Self-Hosting

Bitbucket Server reached end of support in 2024. My clients at the time were already using Bitbucket Data Center so they weren’t affected. However, Bitbucket recently announced that Data Center will reach end of life in 2029. The solution going forward will be only Bitbucket Cloud. While this solves the fragmentation problem, it does so at the expanse of any self-hosted solutions. I believe there are still organizations for whom self-hosting is non-negotiable. Atlassian is essentially giving up on these customers. Perhaps they’ve done their cold calculations and decided that continuing to develop and support Bitbucket Data Center is no longer worth it even if they do lose some customers.

Meanwhile, GitLab continues to to offer a self-hosted solution, that can even run for free with GitLab Community Edition. GitHub offers GitHub Enterprise Server.

Featured image by Courtney Moore on Unsplash.

KYAML

2025-08-11T00:00:00Z

Today I learned, in Kubernetes v1.34, kubectl will also support a new strict subset of YAML called KYAML.

Resources

Shell Script

I coded a simple script to convert all Kubernetes manifests in a directory from YAML to KYAML.

Initially, I wanted to code my own converter, but then found out that the upstream Kubernetes project already has a new yamlfmt tool (different from google/yamlfmt).

#!/bin/sh
# kyamlify.sh — Rename *.yaml -> *.kyaml then format to KYAML (POSIX)
# Usage: ./kyamlify.sh [ROOT_DIR]
# Env: YAMLFMT_VERSION (default: master)

set -eu

ROOT_DIR="${1:-kubernetes}"
YAMLFMT_VERSION="${YAMLFMT_VERSION:-master}"

# Require Go
command -v go >/dev/null 2>&1 || { echo "error: Go not found in PATH" >&2; exit 1; }

echo "→ Installing yamlfmt @ $YAMLFMT_VERSION"
go install "sigs.k8s.io/yaml/yamlfmt@${YAMLFMT_VERSION}"


echo "→ Formatting all YAML files under ${ROOT_DIR} as KYAML"
find "${ROOT_DIR}" -type f -name '*.yaml' -print0 \
  | xargs -0 -n1 "$(go env GOPATH)/bin/yamlfmt" -o kyaml -w

KYAML Rules

Quote

KEP-5295 introduces KYAML, which tries to address the most significant problems by:

Always double-quoting value strings
Leaving keys unquoted unless they are potentially ambiguous
Always using {} for mappings (associative arrays)
Always using [] for lists

Support for KYAML: a Kubernetes dialect of YAML | Kubernetes v1.34 Sneak Peek | Kubernetes

These rules are similar in practice to JSON5. However, while JSON5 is a superset of JSON (as well as a subset of ES5), KYAML is a subset of YAML.

In fact, I suspect that by adding --- to the first line of a JSON5 file, it would be valid KYAML.

By the way, starting the file with --- is required for KYAML (while it’s optional in YAML).

Experimentation and Additional Observations

I was initially excited about converting all my Kubernetes manifests to the “safer” KYAML format.
I ran my script then followed it by running yamllint, which introduced a few warnings post-conversion.
After fixing all yamllint warnings, I had well-formatted KYAML files.
I considered whether to rename all converted manifest files to use a *.kyaml suffix. I decided against this since I couldn’t find any evidence of this file extension.
KYAML files are 100% valid YAML files, and work with existing tooling. This includes existing Kubernetes versions and tooling.
The main thing introduced with Kubernetes v1.34 is a kubectl get -o kyaml option.
Keeping the *.yaml file extension makes sense since KYAML is still valid YAML and existing tools expect *.yaml or *.yml file extensions, not *.kyaml
After running the script, fixing formatting, and deciding to keep the filenames the same, I could add all modified files in homelab-as-code to a new kyaml branch and make a commit.
I considered opening a Pull Request, however, am still undecided.
My main consideration is whether the KYAML format would impact usability, making it harder for me to write and edit manifests.
I am not sure whether KYAML solves any real problems for me.
I understand YAML limitations but know how to avoid them by quoting values when needed, using linting and formatting tools (manually, with pre-commitand in CI).

My Opinion on the Format

In a way, KYAML is itself “yet another markup language” (despite using existing YAML rules). It is far from the first solution to problems with existing markup languages.

One notable limitation of standarad JSON is no comments. Both JSON5 and Microsoft’s JSONC (JSON with comments, primarily used in VS Code’s setttings.json file) previously addressed this. KYAML has the benefit of being a subset of YAML and designed to work with all existing YAML tooling.

In theory, KYAML could be a “safer” way to write production-grade manifests. However, this was already possible to do with JSON files. Kubernetes manifests can all be written in JSON, but there is a reason that this is rarely done in practice.

JSON files are arguably less readable and harder to work with (for humans, not machines) than YAML. At the same time, JSON files are very much machine-parsable with a lot of existing tooling like jq (though YAML tooling exists as well).

In imitating JSON but staying YAML, KYAML can feel like the worst of both, rather than the best of both world. Not as clean as JSON, and not as “human-readable” as YAML.

Featured image by Marvin Meyer on Unsplash.