Considering I am the operations team, just goes to show how much I have left to learn. I didn’t know about the external-dns operator.

Unfortunately, my company is a bit strange with certs and won’t let me handle them myself. Something to check out at home I guess.

I agree with you about the LVM. I have been meaning to set up Rook forever but never got around to it. It might still take a while but thanks for the reminder.

Wow. That must have been some work. I don’t have these certs myself but I’m looking at the CKA and CKS (or whatever that’s called). For sure, I loved our discussion. Thanks for your help.

I am using a reverse proxy in production. I just didn’t mention it here.

I’d have to set up a DNS record for both. I’d also have to create and rotate certs for both.

We use LVM, I simply mounted a volume for /usr/share/elasticsearch. The VMWare team will handle the underlying storage.

I agree with manually dealing with the repo. I dont think I’d set up unattended upgrades for my k8s cluster either so that’s moot. Downtime is not a big deal: this is not external and I’ve got 5 nodes. I guess if I didn’t use Ansible it would be a bit more legwork but that’s about it.

Overall I think we missed each other here.

No idea. I personally use PVs and PVCs with k3s and it’s trivial there with some downtime

There’s a GUI for containerd?

By more moving parts I mean:

Running ElasticSearch on RHEL:

• add repo and dnf install elasticsearch.
• check SELinux
• write config
• firewall-cmd to open ports.

In k8s:

• grab elasticsearch container image
• edit variables in manifest (we use helm)
• depending on if the automatically configured SVC is good, leave it alone or edit it.
• write the VS and gateway (we use Istio)
• firewall-cmd to open ports

Maybe it’s just me but I find option 1 easier. Maybe I’m just lazy. That’s probably the overarching reason lol

Ah thanks, I’ll go through it!

I prefer some of my applications to be on VMs. For example, my observability stack (ELK + Grafana) which I like to keep separate from other environments. I suppose the argument could be made that I should spin up a separate k8s cluster if I want to do that but it’s faster to deploy directly on VMs, and there’s also less moving parts (I run two 50 node K8S clusters so I’m not averse to containers, just saying). Easier and relatively secure tool for the right job. Sure, I could mess with cgroups and play with kernel parameters and all of that jazz to secure k8s more but why bother when I can make my life easier by trusting Red Hat? Also I’m not yet running a k8s version that supports SELinux and I tend to keep it enabled.

Sometimes, VMs are simply the better solution.

I run a semi-production DB cluster at work. We have 17 VMs running and it’s resilient (a different team handles VMWare and hardware)

QEMU is legacy? Pray tell me how you’re running VMs on architectures other than x86 on modern computers without QEMU

Not calling you out specifically OP, but can someone tell me why this is a thing on the internet?

multiple 12GB drives

GB??? I assume TB automatically when people say this but it still is a speedbreaker when I’m thinking about the post.

Xe is insanely talented. If she is who I think she is, then I’ve watched her speak and her depth of knowledge across computer science topics is insane.

I look forward to TOR’s PoW coming out for FOSS WAFs

I don’t think AI companies care, and I wholeheartedly support any and all FOSS projects using PoW when serving their websites. I’d rather have that than have them go down

FreshRSS or TinyRSS

I would like account credits too, but I don’t know if they do that for single users. I do think they have something like that for enterprises

I’ve always wondered if Backblaze B2 would accept advance payments. I would love that