If you’re running a shared observability platform, you’ve probably faced this question: How do I stop Team A from seeing Team B’s data? Grafana is fantastic for visualization, but the datasources behind it (Prometheus, Loki, Tempo, and their derivatives) weren’t designed with fine-grained multi-tenancy in mind. You typically get one of two options: Basic authentication: Everyone with access sees everything Separate instances: Operational overhead multiplied by N teams Neither scales well. Enterprise solutions exist, but they’re expensive and often locked to specific vendors. Building custom authorization middleware means maintaining bespoke code for each query language. Most organizations end up with some combination of “trust people not to query the wrong namespaces” and “hope for the best.” Read more

MinIO, once a darling of the open-source object storage world, has followed a path we’ve seen before: slowly pulling the rug on its OSS community. It started subtly, features were stripped from the community edition, leaving users with a barebones experience. Now, MinIO has taken it a step further by ceasing distribution of pre-built binaries altogether. The project is now source-only, as confirmed in their GitHub README. This move significantly raises the barrier to entry for users who relied on the simplicity of ready-to-run binaries. One of MinIO’s biggest selling points was its sleek UI. With that gone from the OSS version and enterprise pricing remaining steep, it’s time to consider alternatives. Read more

Because I didn’t want to push all my custom images and sourcecode to public repos like hub.docker.com, I was looking for a self-hosted solution. After checking out the features of the official Docker registry, I was a bit underwhelmed by the missing repo based auth and the lack of combining the use as repository and cache. Read more

Having to log into all of your VKS clusters one by one sucks as you either have to export your vSphere Password as an environment variable (which is kinda insecure) or enter the Password for each of your Clusters over and over again. As we got annoyed with that one of my Customers (Ralf Dahmen) and I decided to fix this by developing a little bash script that automatically detects all clusters in your vSphere Namespaces and logs you in to them, to do so you only ned to enter your Password once. Read more

When using NSX-T for networking in combination with NSX ALB for load balancing in the vSphere IaaS Control Plane, the ALB Service Engines attach to each Tier-1 Router (vSphere Namespace) with one vNIC. Naturally, there’s a limit of 10 vNICs per Service Engine, meaning we can connect up to 8 Tier-1 routers to one Service Engine, as one vNIC is needed for management and another for frontend traffic. We were curious to see how NSX ALB would handle more than 8 vSphere Namespaces in this setup. My colleague Steven Schramm and I decided to test this in our lab. Read more