this post was submitted on 07 May 2024
20 points (100.0% liked)

Homelab

683 readers
3 users here now

founded 1 year ago
MODERATORS
 

Starting a new Cloud/HomeLab blog at this domain - let me know if you want a contributor invite!

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 6 months ago (1 children)

Oh, dev namespaces are a good idea. Do you have a dev domain then too?

[–] [email protected] 1 points 6 months ago* (last edited 6 months ago) (1 children)

I toyed with dev domain but ended up using namespace.tld and postfixing -dev to my namespace so it works out to service.tld and service-dev.tld.

[–] [email protected] 2 points 6 months ago (1 children)

Ah okay that makes sense, you’re using the internal cluster domain to route to services

[–] [email protected] 1 points 6 months ago (1 children)

I have automated traefik to route the traffic, it sets the dns and ingress route. I’m also doing as you suggested for service to service connections.

[–] [email protected] 2 points 6 months ago (1 children)

That makes sense!

Have you played with anything like Istio to secure in-cluster communications? I think Hashicorp Consul can do something similar to encrypt service to service communications.

[–] [email protected] 1 points 6 months ago (1 children)

I looked into it but I felt at the time it was too complex, maybe I’ll look at it again. Currently I am using wireguard for all cluster node-to-node traffic. It seemed like a reasonable tradeoff at the time, but it is at the network layer instead of application, so I really should revisit that at some point.

[–] [email protected] 2 points 6 months ago

Yeah it very adds some extra complexity and it’s more important for if you are hosting in public clouds anyways IMO.