Starting a new Cloud/HomeLab blog at this domain - let me know if you want a contributor invite!

  • notfromhere@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    6 months ago

    Upgrades to services - that’s why I run dev namespaces and copy over my production shares to dev and utilize zfs snapshotting.

    I haven’t set up testing yet and only just started with prometheus monitoring but so far things run pretty well.

      • notfromhere@lemmy.ml
        link
        fedilink
        arrow-up
        0
        ·
        edit-2
        6 months ago

        I toyed with dev domain but ended up using namespace.tld and postfixing -dev to my namespace so it works out to service.tld and service-dev.tld.

          • notfromhere@lemmy.ml
            link
            fedilink
            arrow-up
            0
            ·
            6 months ago

            I have automated traefik to route the traffic, it sets the dns and ingress route. I’m also doing as you suggested for service to service connections.

            • jax@lemmy.cloudhub.socialOPM
              link
              fedilink
              arrow-up
              0
              ·
              6 months ago

              That makes sense!

              Have you played with anything like Istio to secure in-cluster communications? I think Hashicorp Consul can do something similar to encrypt service to service communications.

              • notfromhere@lemmy.ml
                link
                fedilink
                arrow-up
                0
                ·
                6 months ago

                I looked into it but I felt at the time it was too complex, maybe I’ll look at it again. Currently I am using wireguard for all cluster node-to-node traffic. It seemed like a reasonable tradeoff at the time, but it is at the network layer instead of application, so I really should revisit that at some point.

                • jax@lemmy.cloudhub.socialOPM
                  link
                  fedilink
                  arrow-up
                  0
                  ·
                  6 months ago

                  Yeah it very adds some extra complexity and it’s more important for if you are hosting in public clouds anyways IMO.