Posts on Jan 1970

Home 2025 September
Kestra 1.0: The Open-Source Orchestrator Embraces the AI Revolution
By Dimitri Bellini24 September, 2025Blog

Kestra 1.0: The Open-Source Orchestrator Embraces the AI Revolution

Good morning, everyone! Dimitri Bellini here, and welcome back to Quadrata, my channel dedicated to the world of open source and IT. If you’re a regular viewer, you know how much I love exploring powerful, community-driven tools. And if you’re new, please consider subscribing to join our growing community!

This week, we’re revisiting a product I’m incredibly excited about: Kestra. I covered it before, but now it has hit a major milestone with its 1.0 release, and the new features are too good not to share. Kestra has officially reached maturity, evolving into a tool that’s not just powerful but also incredibly intelligent. Let’s dive in!

What is Kestra? A Quick Refresher

For those who might be new to it, Kestra is an open-source, self-hosted solution for orchestrating and automating complex processes. Think of it as the central nervous system for your IT operations. It solves a problem we’ve all faced: managing countless scripts written in different languages, scattered across various machines. After a few months, it becomes a nightmare to remember where everything is, how it works, and who has access to it.

Kestra brings order to this chaos by providing:

  • A centralized platform to manage all your automation workflows.

  • A declarative language (YAML) to define tasks, making them easy to version control with tools like Git.

  • Flexible task management, allowing you to run jobs sequentially, in parallel, or based on dependencies.

  • A massive library of pre-built plugins for seamless integration with databases, cloud platforms, notification systems, and more.

  • An event-driven architecture that can be triggered manually, via API calls (webhooks), or on a schedule, just like a crontab.

Essentially, it’s a language-agnostic powerhouse that allows different teams—whether they prefer Bash, Python, or Perl—to collaborate on a single, intuitive platform.

The Game-Changers in Kestra 1.0

The 1.0 release isn’t just an update; it’s an evolution. Kestra is boldly stepping into the “agentic world,” integrating AI in ways that genuinely enhance its capabilities.

Stepping into the Agentic World with AI

The headline feature is, of course, AI. Kestra 1.0 introduces an AI Copilot designed to help you generate the YAML code for your tasks. While I found it to be a bit hit-or-miss in its current state (it uses a simple version of Gemini), the concept is promising. For more reliable results, I actually recommend using the “Ask Kestra AI” feature on their official documentation website—it works much better!

What’s truly exciting is Kestra’s ability to be controlled by AI agents and, in turn, use agents to perform tasks. This opens up a world of possibilities for creating dynamic, intelligent automation that can adapt and respond to complex triggers. You can even integrate with self-hosted models using the Ollama plugin, keeping your entire stack private and self-sufficient.

Developer Experience and Usability Boosts

Beyond AI, version 1.0 brings several quality-of-life improvements:

  • Playground: You can now test individual tasks or small segments of your workflow without having to run the entire thing. This is a massive time-saver during development and debugging.

  • Flow Level SLA: For more business-oriented needs, you can now define and monitor Service Level Agreements (SLAs) for your flows. If a task that should take an hour is running longer, Kestra can alert you.

  • Plugin Versioning: In complex enterprise environments, you can now pin specific versions of plugins to a workflow, ensuring stability and preventing unexpected breakages from updates.

  • No-Code Editor for Apps: This is a standout feature, though currently for the Enterprise version. It allows you to create simple, interactive web UIs (Kestra Apps) for your workflows. Instead of exposing complex options, you can give users a clean form with input fields to launch a job. It’s a fantastic way to democratize your automation.

A Guided Tour of the Kestra Interface

I set up my Kestra instance easily using a simple container setup. The first thing you see is a comprehensive dashboard showing the status of all your jobs: successes, failures, and currently running tasks. It’s your mission control center.

Crafting Your First Flow: Code, No-Code, and AI Assistance

Workflows in Kestra are organized into Namespaces (think of them as projects), and each workflow is called a Flow. When you edit a flow, you’re presented with a powerful interface.

On one side, you have the YAML editor where you define your tasks. But here’s the magic: as you work, a documentation panel appears right next to your code, providing examples, properties, and definitions for the specific task type you’re using. No more switching tabs to look up syntax!

And if you’re not a fan of YAML, Kestra 1.0 introduces a fantastic no-code wizard. This form-based interface guides you through creating each step of your workflow, simplifying the process immensely. You can build complex automation without writing a single line of code, and the YAML is generated for you in the background.

Monitoring and Control

Once your flow is running, Kestra provides incredible visibility:

  • Topology View: A visual graph of your workflow, showing how tasks connect and the real-time progress of an execution.

  • Revisions: Kestra automatically versions every change you make to a flow. If something breaks, you can easily compare versions and restore a previous working state.

  • Logs: A powerful, searchable log interface (similar to ElasticSearch) lets you drill down to find exactly what happened during an execution.

  • Metrics: You can expose metrics from your flows to monitoring tools like Zabbix or Prometheus to track performance over time.

My Final Thoughts

Kestra 1.0 is a truly impressive release. It has matured from a powerful orchestrator into an intelligent automation platform that is both developer-friendly and accessible to those who prefer a no-code approach. The focus on AI, combined with major usability enhancements, makes it a compelling choice for anyone looking to streamline their IT processes.

As it’s open-source, you can try it out at home without any cost. I’m personally considering using it to automate parts of my video creation workflow! It’s that versatile.

I highly encourage you to give it a try. Explore the official documentation, check out the pre-made “Blueprints” to get started quickly, and see how it can simplify your work.

What do you think of Kestra 1.0? Are there other automation tools you love? Let me know in the comments below—your opinion is incredibly valuable! If you found this overview helpful, please give the video a thumbs up and subscribe for more content on open-source technology.

See you next week!

– Dimitri Bellini

Stay Connected:

Read More

0

Pangolin VPN: Secure Your Internal Services with Zero Open Ports
By Dimitri Bellini17 September, 2025Blog

Pangolin VPN: Secure Your Internal Services with Zero Open Ports

Good morning and welcome, everyone! I’m Dimitri Bellini, and you’re here again with me on Quadrata, my channel dedicated to the world of open source and IT. This week, we’re diving into something new and exciting: a truly noteworthy tool that can help you in very specific situations.

We’re going to talk about Pangolin VPN, and its promise is right in the name: “Zero Open Ports.” While the concept of a secure tunnel isn’t new, Pangolin offers a unique, simplified approach. It’s an open-source, self-hosted solution that lets you create a reverse tunnel to your internal servers, all managed through a centralized, user-friendly platform. Let’s explore what makes it so special.

What is Pangolin VPN?

At its core, Pangolin is an open-source solution that allows you to install a complete secure access platform on your own machines. It’s built on top of WireGuard, but it’s not a classic VPN. Instead of manually configuring clients and punching holes in your firewalls, Pangolin centralizes everything. It acts as a secure gateway, protecting your internal web services and applications from direct exposure to the internet.

You essentially need two things to start:

  1. A machine with a public IP address (like a cheap VPS) to act as the central concentrator.

  2. A domain name to point to that machine.

From there, Pangolin handles the rest, creating a secure, elegant bridge to your private network without you having to mess with complex NAT or firewall rules.

Key Features That Make Pangolin Stand Out

Pangolin simplifies secure access by bundling several powerful features into one platform. Here are the most important ones:

  • Enhanced Security with Zero Exposure: This is the headline feature. You don’t expose any ports for your internal services (like Zabbix, Proxmox, or a custom web app) to the public internet. Everything is hidden behind the Pangolin platform and accessed securely over HTTPS.

  • Centralized Authentication and Permissions: Pangolin provides a robust system for managing user access. You can use simple password authentication, enable two-factor authentication (2FA), or integrate with an external Identity Provider (IDP) for Single Sign-On (SSO) with services like Google, Azure, and more.

  • Role-Based Access Control (RBAC): You have granular control over who can see what. Based on user roles, which can be pulled directly from your IDP, you can define policies to ensure users only have access to the specific applications they need.

  • Simplified Networking: Forget about complex firewall configurations. You simply install a lightweight agent on a machine inside your network, and it establishes a secure outbound connection to your public Pangolin server. That’s it.

  • Clientless Access for Users: For accessing web-based applications, your users don’t need to install any client software. All they need is a web browser. Pangolin acts as a reverse proxy, authenticates the user, and seamlessly connects them to the internal resource.

  • Full Control and Privacy: Since you host it yourself, you have complete control over your data and infrastructure. No third-party dependencies or data passing through external services.

How It Works: The Architecture

Pangolin is a suite of open-source tools working in harmony. The entire platform is packaged with Docker, making deployment a breeze. Here are the core components:

  • Pangolin: The central management console where you configure sites, resources, users, and policies.

  • Gerbil: A WireGuard management server developed by the Pangolin team to handle the underlying secure connections.

  • Traefik: A modern and powerful reverse proxy that handles incoming requests and routes them to the correct internal service.

  • Newt: A user-space WireGuard client. This is the agent you install on your internal network. The beauty of Newt is that it doesn’t require root privileges or kernel modules, and it runs on Linux, Windows, macOS, and more.

The workflow is simple: a user accesses a specific URL in their browser. The request hits your public Pangolin server, which uses Traefik to handle it. Pangolin checks the user’s authentication and permissions. If authorized, it routes the request through the secure WireGuard tunnel established by the Newt client to the correct service on your private network.

Getting Started: A Quick Installation Guide

Installing Pangolin is surprisingly straightforward. Here’s what you’ll need first.

Prerequisites

  • A host with Docker or Podman installed and a public IP address.

  • A domain name (e.g., yourdomain.com).

  • DNS records configured to point your domain and a wildcard subdomain (e.g., *.yourdomain.com) to your public host’s IP.

  • An email address for Let’s Encrypt SSL certificate generation.

  • The following ports open on your public host’s firewall: TCP 80, TCP 443, and the necessary UDP ports for WireGuard.

Installation Steps

The installation is handled by a simple script. Just run these commands on your public server:

curl -fsSL https://digpangolin.com/get-installer.sh | bash

sudo bash ./install.sh

The script will ask you a few questions:

  1. Your main domain: (e.g., quadrata.dev)

  2. The subdomain for the Pangolin service: It will suggest one (e.g., pg.quadrata.dev).

  3. Your email for Let’s Encrypt.

  4. Whether to use Gerbil to manage connections (say yes).

  5. A few other simple questions about email notifications and IPv6.

Once you answer, it will pull the necessary Docker containers and set everything up. At the end of the process, it will give you a registration token. Use this token to create your first admin user and password.

Configuring Your First Services

Once you’re logged into the Pangolin dashboard, the process is logical.

1. Create a “Site”

A “Site” in Pangolin represents your internal network. You’ll give it a name, and Pangolin will provide you with the command to deploy the Newt client agent inside that network. You can easily copy the docker run or Docker Compose configuration and deploy it on a machine within your LAN (I used my container management tool, Comodo, for this). Once the agent is running, it will connect to your Pangolin server, and the site will show as active.

2. Create a “Resource”

Next, you define the services you want to expose. Click on “Add Resource” and select “HTTPS Resource.”

  • Give it a name (e.g., “Ollama”). This will also become its subdomain (e.g., ollama.pg.quadrata.dev).

  • Select the “Site” you just created.

  • Enter the internal IP address and port of the service (e.g., 192.168.1.50:3000).

3. Assign Permissions

After creating the resource, you must define who can access it. In the resource’s “Authentication” tab, you can assign it to specific roles (like “Member”) or individual users. You can also enforce SSO for that specific application. Save your changes, and you’re done!

Now, when an authorized user navigates to ollama.pg.quadrata.dev, they will be prompted to log in via Pangolin and will then be seamlessly redirected to your internal Ollama service. It’s that simple!

What About a Full VPN?

Pangolin has recently introduced a beta feature for a more traditional VPN experience. You can create a “Client” in the dashboard, which is similar to creating a “Site.” This provides a configuration to run the Newt client directly on your laptop. Once connected, your machine becomes part of the secure network, allowing you to access any resource (not just web services) based on the permissions you define. You can even create “Client Resources” to open specific TCP/UDP ports for SSH, RDP, or other protocols, giving you fine-grained control.

Conclusion

Pangolin VPN is a fantastic and incredibly interesting product. It’s not trying to be a replacement for every VPN use case, but it excels at simplifying secure access to self-hosted web services. The combination of zero-exposure security, centralized SSO authentication, and role-based access control makes it a powerful tool for small businesses, homelab enthusiasts, and anyone looking to share internal applications without the headache of complex network configurations.

It’s a project that simplifies life in many circumstances, and I highly recommend giving it a try. The fact that it’s open source and self-hostable gives you the ultimate control and privacy.

Have you tried Pangolin or a similar tool? Let me know your thoughts and experiences in the comments below! I’d love to hear your opinion.

For more content on open-source and IT, make sure to subscribe to my channel!

➡️ YouTube Channel: Quadrata

➡️ Join the conversation on Telegram: Zabbix Italia Community

Thanks for reading, and see you next week. A greeting from Dimitri!

Read More

0

Revolutionize Your Zabbix Dashboards: RME Essential Custom Widgets
By Dimitri Bellini12 September, 2025Blog

Revolutionize Your Zabbix Dashboards: RME Essential Custom Widgets

Good morning and welcome, everyone! It’s Dimitri Bellini, back again on Quadrata, my channel dedicated to the open-source world and the IT that I love. It’s been a little while since we talked about our good friend Zabbix, and I’m excited to share something I stumbled upon that I think you’re going to love.

While browsing the Zabbix support portal, I came across a community member, Ryan Eberle, who has developed an incredible set of custom widgets. His GitHub repository is a goldmine of enhancements that bring a whole new level of functionality and clarity to our Zabbix dashboards. These aren’t just minor tweaks; they are game-changing improvements that address many of the limitations we’ve all faced.

So, let’s dive in and see how you can supercharge your monitoring setup!

Getting Started: How to Install These Custom Widgets

Installing these widgets is surprisingly simple. Just follow these steps, and you’ll be up and running in no time.

Important Note: These modules are designed for Zabbix 7.2 and 7.4. They leverage new functions not available in the 7.0 LTS version, so they are not backward compatible.

  1. Clone the Repository: First, head over to the developer’s GitHub repository. Find the widget you want to install (for example, the Graph widget), click on “Code,” and copy the clone URL.

  2. Download to Your Server: SSH into your Zabbix server console. In a temporary directory, use the `git clone` command to download the widget files. For example:
    git clone [paste the copied URL here]

  3. Copy to the Zabbix Modules Directory: This is a crucial step. In recent Zabbix versions, the path for UI modules has changed. You need to copy the downloaded widget directory into:
    /usr/share/zabbix/ui/modules/

  4. Scan for New Modules: Go to your Zabbix frontend and navigate to Administration → General → Modules. Click the “Scan directory” button. This is a step many people forget! If you don’t do this, Zabbix won’t see the new widgets you just added.

  5. Enable the Widgets: Once the scan is complete, you will see the new modules listed, authored by Ryan Eberle. By default, they will be disabled. Simply click to enable each one you want to use.

A Deep Dive into the New Widget Capabilities

Now for the fun part! Let’s explore what these new widgets bring to the table. I’ve been testing the enhanced Graph, Table, and Host/Group Navigator widgets, and they are phenomenal.

The Graph Widget We’ve Always Wanted

The default vector graph in Zabbix is good, but Ryan’s version is what it should have been. It introduces features that dramatically improve usability.

  • Interactive Legend: You can now click on a metric in the legend to toggle its visibility on the graph. Want to focus on just one or two data series? Simply click to hide the others. Hold the Ctrl key to select multiple items. This is fantastic for decluttering complex graphs.

  • Sorted Tooltip/Legend: No more hunting through a messy tooltip! The legend now automatically sorts metrics, placing the ones with the highest current value at the top. When you hover over the graph, you get a clean, ordered list, making it instantly clear which metric is which.

  • Hide Zero-Value Metrics: You can configure the widget to automatically hide any metrics that have a value of zero. This cleans up the tooltip immensely, allowing you to focus only on the data that matters.

  • Advanced Label Customization: Using built-in macros and regular expressions, you can customize the data set labels. If you have very long item names, you can now extract just the part you need to keep your graphs clean and readable.

  • Data Multiplication: Need to convert a value on the fly? You can now apply a multiplier directly within the widget’s data set configuration. This is perfect for when you need to change units of measurement for display purposes without creating a new calculated item.

The difference is night and day. A cluttered, hard-to-read Zabbix graph becomes a clean, interactive, and insightful visualization.

The Ultimate Table Widget

While Zabbix has widgets like “Top hosts,” they’ve always felt a bit rigid. The new Table widget is incredibly flexible and allows you to build the exact views you need for any scenario.

One of my favorite features is the “Column per pattern” mode. Imagine you want to see the incoming and outgoing traffic for all network interfaces on a host, side-by-side. With this widget, you can!

Here’s how it works:

  • You define an item pattern for your rows (e.g., the interface name using tags).

  • You then define a pattern for each column (e.g., one for `bits.sent` and another for `bits.recv`).

  • The widget intelligently organizes the data into a clean table with interfaces as rows and your metrics as columns.

You can also add a footer row to perform calculations like sum or average. This is incredibly useful for getting an overview of a cluster. For instance, you can display the average CPU and memory utilization across all nodes in a single, elegant table.

Improved Navigation Widgets

The new Host/Group Navigator and Item Navigator also bring welcome improvements. The Host Navigator provides better filtering and a more intuitive way to navigate through host group hierarchies, which is especially helpful for complex environments. The Item Navigator includes a search box that works on tags, allowing you to quickly find and display specific groups of metrics in another widget, like our new super-graph!

Final Thoughts and a Call to Action

These custom widgets have genuinely enhanced my Zabbix experience. They add a layer of polish, usability, and power that was sorely missing from the default dashboards. It’s a testament to the strength of the open-source community, and I hope the Zabbix team takes inspiration from this work for future official releases.

Now, I want to hear from you. What do you think of these widgets? Are there any features you’ve been desperately wanting for your Zabbix dashboards? Let me know in the comments below! Perhaps if we gather enough feedback, we can share it with the developer and help make these tools even better.

If you enjoyed this video and found it helpful, please give it a nice like and subscribe for more content. See you next week!

Stay Connected with Quadrata:

Read More

0

Gartner’s Magic Quadrant: A Crystal Ball for IT or an Illusion?
By Dimitri Bellini03 September, 2025Blog

Gartner’s Magic Quadrant: A Crystal Ball for IT or an Illusion?

Good morning, everyone! Dimitri Bellini here, and welcome back to Quadrata. I know I’ve been away for a few weeks—I managed to get a bit of a vacation in—and I’ve come back with a ton of ideas for new open-source software to share with you.

But today, I want to take a step back and have a more general chat. This is for anyone who works in a company that has to deal with much larger enterprise clients, or for anyone involved in the high-stakes decision of choosing which software to invest in. In the world of IT, there’s a powerful and often mysterious force that guides these decisions: the Gartner Magic Quadrant.

It’s often treated like a crystal ball, a tool that can predict the future of your tech empire and tell you exactly where to step next. While it’s certainly a useful instrument, it’s crucial to understand what it is, how it works, and most importantly, its limitations.

What Exactly Is the Gartner Magic Quadrant?

Simply put, the Magic Quadrant is a series of market research reports that provide a visual snapshot of a specific tech market. Whether it’s cloud computing, observability, or storage, Gartner maps out the main competitors, helping you understand the landscape at a glance. For a top manager who doesn’t have time to research hundreds of solutions, it simplifies the immense complexity of the IT world into a single, digestible chart.

Decoding the Four Squares

The “magic” happens within a four-square grid, where vendors are placed based on their “Ability to Execute” and “Completeness of Vision.” Here’s what each quadrant means:

  • Leaders (Top Right): These are the champions. They have a strong vision that aligns with Gartner’s view of the future and the resources to execute it. They are well-established, reliable, and considered the top players in their field.

  • Challengers (Top Left): These vendors dominate the market today and have a strong ability to execute, but their vision for the future might not be as clear or innovative. They are strong performers but may be less prepared for tomorrow’s shifts.

  • Visionaries (Bottom Right): These are the innovators. They understand where the market is going and have a compelling vision, but they may not have the resources or market presence to execute on that vision at scale just yet.

  • Niche Players (Bottom Left): These vendors focus successfully on a small segment of the market. They might be very good at what they do, but they lack either a broad vision or the ability to outperform others across the board.

Why the Magic Quadrant Is So Influential

If you’ve ever tried to sell a product to a large enterprise, you’ve likely been asked, “Are you in the Gartner Magic Quadrant?” If the answer is yes, the doors magically open. Why? Because it represents a safe choice.

There’s an old saying in IT: “No one ever got fired for buying IBM.” The Magic Quadrant works on a similar principle. A manager can point to it and say, “I chose a Leader. It was the best on the market according to the experts. If it doesn’t work out, what more could I have done?” It provides a shield of justification.

For vendors, being placed in the quadrant—especially as a Leader—is a powerful marketing tool. It validates their position in the market and instantly gives them credibility. It works for both the buyer and the seller.

The Hamlet-like Doubt: Is the Leader Always the Best Choice?

And here is where the critical thinking comes in. Just because a product is in the “Leaders” quadrant, does that automatically make it the right choice for your company? This is the fundamental question every manager should ask.

The process to get into the quadrant is incredibly complex and resource-intensive. It requires detailed reports on financials, sales strategy, customer feedback, marketing, and innovation. This creates a few potential issues:

1. It Favors the Already Favored

Large, multinational corporations have the money, specialized staff, and massive structures needed to provide Gartner with the exhaustive data required. This creates a high barrier to entry for small-to-medium-sized companies or innovative startups that might have a superior product but lack the corporate machinery to prove it according to Gartner’s specific methodology.

2. The Open Source Blind Spot

Open source solutions often don’t fit neatly into these corporate boxes. A powerful open-source tool might require more initial customization and “handiwork,” but in return, it offers unparalleled flexibility. The Magic Quadrant’s model can struggle to properly evaluate this trade-off, often overlooking solutions that could be a perfect fit for a company willing to invest in configuration over out-of-the-box features.

3. It’s Based on the Past, Not the Future

The analysis relies heavily on past performance and existing data. A truly disruptive, game-changing technology that doesn’t fit the standard parameters might not even make it onto the chart. By the time it does, it might be too late.

Conclusion: Use It as a Map, Not a Destination

So, what’s the takeaway? The Gartner Magic Quadrant is an excellent starting point. If you know nothing about a particular market, it gives you a fantastic overview of the key players. But your work doesn’t end there. The most critical step is due diligence.

You must dive deeper to understand your company’s unique, real-world needs. No two businesses are exactly alike, even if they’re in the same industry. To stay on the crest of the wave, you need a tool that is molded to your specific workflows, not a one-size-fits-all solution that’s beautiful and feature-packed but of which you’ll only use a fifth of its capabilities. Think about it: if you want the ultimate performance car, do you buy the best-selling Volkswagen, or do you seek out a niche masterpiece like a Ferrari or a Bugatti?

Choosing the Leader is the easy path. But putting in the passion and the effort to analyze, think, and then decide on the truly *right* tool—that’s what makes a great manager. Don’t just follow the chart; understand your needs, explore all options (even the niche ones!), and make an informed decision that will genuinely drive your business forward.

That’s all for today! I hope this discussion was useful. What are your thoughts on the Gartner Magic Quadrant? Have you used it to make decisions? Let me know in the comments below!

If you liked this post and the accompanying video, please give it a like and subscribe to the channel if you haven’t already. I’ll be back next week with a very interesting—and yes, niche—tool that I think you’ll love.

Bye everyone!

– Dimitri

Connect with me and the community:

Read More

0