this post was submitted on 07 May 2024
20 points (100.0% liked)

Homelab

683 readers
3 users here now

founded 1 year ago
MODERATORS
 

Starting a new Cloud/HomeLab blog at this domain - let me know if you want a contributor invite!

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 6 months ago (9 children)

I get what the author is talking about with losing trust in your services when they are unavailable. I have found that a Raspberry Pi 3/4 cluster running k3s utilizing NAS storage has very good uptime and honestly I think my internet service goes down more than my homelab services.

[–] [email protected] 2 points 6 months ago (8 children)

Thanks! I find most of the issues occur during upgrades to services, but that is to be expected.

My internet service is usually more of an issue than most services I run. Though some things take longer to get tweaked and running well and that can cause issues.

[–] [email protected] 1 points 6 months ago* (last edited 6 months ago) (7 children)

Upgrades to services - that’s why I run dev namespaces and copy over my production shares to dev and utilize zfs snapshotting.

I haven’t set up testing yet and only just started with prometheus monitoring but so far things run pretty well.

[–] [email protected] 2 points 6 months ago (1 children)

Oh, dev namespaces are a good idea. Do you have a dev domain then too?

[–] [email protected] 1 points 6 months ago* (last edited 6 months ago) (1 children)

I toyed with dev domain but ended up using namespace.tld and postfixing -dev to my namespace so it works out to service.tld and service-dev.tld.

[–] [email protected] 2 points 6 months ago (1 children)

Ah okay that makes sense, you’re using the internal cluster domain to route to services

[–] [email protected] 1 points 6 months ago (1 children)

I have automated traefik to route the traffic, it sets the dns and ingress route. I’m also doing as you suggested for service to service connections.

[–] [email protected] 2 points 6 months ago (1 children)

That makes sense!

Have you played with anything like Istio to secure in-cluster communications? I think Hashicorp Consul can do something similar to encrypt service to service communications.

[–] [email protected] 1 points 6 months ago (1 children)

I looked into it but I felt at the time it was too complex, maybe I’ll look at it again. Currently I am using wireguard for all cluster node-to-node traffic. It seemed like a reasonable tradeoff at the time, but it is at the network layer instead of application, so I really should revisit that at some point.

[–] [email protected] 2 points 6 months ago

Yeah it very adds some extra complexity and it’s more important for if you are hosting in public clouds anyways IMO.

load more comments (5 replies)
load more comments (5 replies)
load more comments (5 replies)