A cautionary tale of a person who didn’t take a step back and consider what they were intending to accomplish before falling down a rabbit hole of technical details.
the goal: Migrate my Tautulli installation from my OSX machine to my k3s cluster to separate it from the Plex server it is monitoring.
where i started: Tautulli’s Docker installation guide, naturally.
As soon as I saw:
docker create \
I eagerly ran off to author some manifests, without reading the rest of the installation guide or double checking the actual requirements for running Tautulli.
At first glance, most things would be trivial to work out in Kubernetes, I’d need a Deployment, a Service, and a PVC to store configuration, via the local path provisioner baked into k3s. That left only the logs directory.
Making Plex’s log directory on my OSX machine available to my Tautulli installation hosted on my k3s cluster seemed relatively straight-forward:
- Make the log directory available over the network as a Samba share point in OSX.
- Mount the Samba share on the worker node that will host Tautulli.
- Make the mounted share available to my Tautulli Pod via a
I went the extra mile and configured a dedicated user on my OSX machine for the Pi to authenticate as to limit the exposed surface area and make some feeble-minded attempt at the principle of least privilege, as well as disabling guest access in the share point configuration.
I then spent the next several hours falling down the
mount.cifs man pages and other random podunks trying to discern what has laid waste to my best-laid plans:
- making the share user own the directory
- verifying and forcing the SMB protocol version, per some random guy on Reddit
- opening up guest mode (a microcosm of why principle of actually works always trumps principle of least privilege)
- every value value for the
mount.cifslisted in its man pages
- turned off packet signing requirements, per Apple support documentation
- floundered around trying to get the changes to take effect until I found some random gist on GitHub
- [ … ]
After I exhausted every thread I could pull, I finished reading the Tautulli documentation and realized that access to Plex’s log directory wasn’t remotely close to required for core Tautulli functionality. It is literally not required at all – Tautulli simply provides a web view for observing your Plex server’s logs and nothing else. I have never used this feature. I had no idea this feature existed. I dedicated a night of my life to it.
I eventually solved the general form of my problem (worker node access to files managed by my OSX machine) by circumventing SMB entirely and setting up a NFS server on my cluster that is mounted by both the OSX machine and various services running on-cluster. That brought its own set of challenges, a few of which I was more prepared to investigate and resolve because of the hours I spent lost in Sambaland. Shit, maybe we should just go wherever the trail takes us and let working on the right thing be damned, because time is a flat circle and the loop always closes. Saddle up. Drink Coors, the banquet beer.