Posts on Hallblazzar: Dev Journal

DNS Resolution Issue Caused By NetBird

Sat, 23 May 2026 00:00:00 +0000

If you use NetBird as VPN solution and occasionally encounter DNS resolution issue, this topic could help.

Background Link to heading

I’ve been using NetBird to access my homelab for a while. There are few reasons I chose it:

Sovereignty - I can deploy and gain control over all components.
Run Out-Of-Box - NetBird provides good web-based GUI to manage clients and certs. I can control everything through the well-designed web interface without having to interact with config files and CLIs
Custom DNS - To provide HTTPs/TLS to my homelab services, I want to bind public domains map to service IPs. However, DNS providers like CloudFlare restrict DNS rebinding to public domains and private IPs. Therefore, an alternative approach is binding private IPs to private DNS records, and mapping them to public DNS records via CNAME. This approach requires VPN solutions to support custom private DNS. Though some people might compelely rely on private DNS and private IP, that means they need to manage certificates by themselves as generally modern SSL issuers like Let’s Encrypt require DNS validation, where public domains are necessary (especially for free solutions).

Other VPN solutions also support some features above like ZeroTier and TailScale, but their control plane are basically non-open-sourced and cannot be self-hosted.

My Experienc About Kubernetes CNI Plugin Migration

Sat, 02 May 2026 00:00:00 +0000

Tip

TL;DR: If you’re a developer looking for alternatives and migration plans for CNI plugin on your Kubernetes cluster, Cilium is a good choise which supports live-migration from almost any CNIs, NetworkPolicies and comprehensive observability ecosystems.

CNI plugin migration for a running Kubernetes cluster, especially in production environment, is never a trivial task. One simple strategy is Blue/Green deployment, which provisions a new cluster with target CNI and moving workloads from current cluster to the new one. This approach ensures the least downtime(still need extra setup, e.g., loadbalancer, to ensure availability) and ignores discrepancy between CNIs. However, what if in-place migration is necessary? This is not common but challenging senario, and mostly needed when operating a cluster with stateful or unmanaged workloads. For instance, a platform provides computing resource by Kubernetes but operators have no control to services deployed on it. If operators want to migrate CNI without letting users aware/involve, in-place migration will still be required.

Kubernetes Dynamic Client Requires Plural Resource Type

Fri, 01 May 2026 00:00:00 +0000

In GoLang, in addition to invoking kubectl, an alternative approach to access CRDs on a Kubernetes cluster via Dynamic client. It allows users to access CRDs programmatically without exec module and kubectl, which requires handling shells, exit code and STDIN/STDOU. However, it seems the module is not well document. An general error type users encounter often is resource type not found related error, which could be triggered by the code:

func GetNetworkPolicy(ctx context.Context, client dynamic.Interface, policy string) error {
	gvr := schema.GroupVersionResource{
        Group:    "cilium.io",
        Version:  "v2",
        Resource: "ciliumclusterwidenetworkpolicy",
    }

    policy, err := client.Resource(gvr).Get(ctx, policy, metav1.GetOptions{})
    if err != nil {
        return fmt.Errof("Error getting policy: %v", err)
    }
	// ... snipped
}

The issue here is the resource type. I didn’t find documents mention that directly, but value ofResource member in the GroupVersionResource structure should be plural. To make code above work correctly, ciliumclusterwidenetworkpolicy should be ciliumclusterwidenetworkpolicies. This is different from writing K8s objects in yaml format which singular is used. By contrary, if the problem is target objects not found, then users should get errors like ciliumclusterwidenetworkpolicy not found.

Adopting Dev Container In Development Workflow

Mon, 20 Apr 2026 00:00:00 +0000

This is a brief introduction about the way I adopt Dev Container in my development workflow. If you’re interested in free yourself from managing different development environments across different programming languages/framworks while using modern IDEs. Dev Container could be a good choice for you.

If you’re a software developer work across multiple projects, sometimes you might need to switch between different versions of programming languages/framwork. Though modern programming languages support multiple version managers like NVM for NodeJS and Virtual Environment for Python, users still need to carefully setup/select environments to avoid changing global runtime. asdf is a great all-in-one solution but requires extra setup for projects.

How Did I Choose OS For My Laptop?

Sun, 19 Apr 2026 00:00:00 +0000

Tip

TL;DR: If you’re a developer who is struggling on selecting Linux based desktop environment for your laptop/workstation, Debian can be the most reliable solution for you. Otherwise, consider pickup and test from DistroWatch to find most suitable one for you.

It’s a story about how I chose OS for my new laptop, which is also a 2 + 3 months journey.

Last November (2025), I spent about $1,200 on a Dell Pro 14 Laptop (64 GB RAM, AMD Ryzen 5 220) with Black Friday deal to replace my Surface Laptop 3 (32 GB RAM, i7-1065G7). The Surface Laptop 3 was pretty good for developers, but Windows 11 and recent desktop applications (plus WSL2) seems too heavy to it. It just ran slower from time to time even after re-install the whole system. As a result, by the end of last year, I decided to replace it.

Watchout Cloud Run With Cloud Storage Volumes

Mon, 13 Apr 2026 00:00:00 +0000

Few things I recently encountered while deploying Cloud Run services with Cloud Storage volumes on GCP, which I think worth of sharing.

Container Exit Without Reporting Errors Link to heading

In general, when creating a Cloud Run service with Cloud Storage volume, the Service Account used to perform the service creation operation should have Storage Object User or Admin role. If not, you might see:

lbhepler: A Python Based Wrapper For Debian Live Build

Sun, 12 Apr 2026 00:00:00 +0000

Tip

TL;DR: If you’re trying to build your own Debian image(especially for desktop environment), I created a Python3 based library, lbhelper, could help you simplify the work.

Online document - https://hallblazzar.github.io/lbhelper/source/index.html
GitHub - https://github.com/HallBlazzar/lbhelper
A Debian Image based on this library, which is also the OS I run on my laptop - https://github.com/HallBlazzar/myos
PyPi page - https://pypi.org/project/lbhelper/

Image Customization Options Link to heading

If you’re trying to build your own Debian image for your desktop/laptop, you might have hard time on finding a suitable solution. In general, people tend to run shell scripts or Ansible playbooks after first boot, which is simple and straightforward. But these scripts are rarely performed and handy, which are broken easily as packages/configs out-of-date. Though the Penguin’s Egg is a good approaches to package your system, result image is easily become non-reproducible as changes to packages/configs are missing. Some people might consider FAI, but it doesn’t provide customizations more than install packages. Packer seems makes result more reliable and reproducible, but is too heavy as it requires VMs to build images.