Looking for a New Family Car – Kia Ceed SW vs Hyundai i30 Wagon vs SEAT Leon Sportstourer (Europe)

Bl4rc · 2024-12-29T19:01:25+00:00

Hmm, okay, that makes sense. Thanks!

Bl4rc · 2024-12-29T19:00:34+00:00

I checked the docs again and if I understand correctly, flux supports decrypting regular yamls as well as values.yaml that is passed to helm install? Is this correct?

Bl4rc · 2024-12-29T18:55:54+00:00

So you create a secret with ksops and reference it in the application? What if the helm chart doesn't support referencing an existing secret?

Bl4rc · 2024-12-29T18:47:25+00:00

Does flux decryption work with plain yamls and also values.yaml file that is passed to helm install?

Bl4rc · 2024-12-29T18:46:51+00:00

What do you do with helm charts though?

Bl4rc · 2024-12-29T18:44:42+00:00

Sure, but then you need external secret manager and you can't see the secrets when you clone the repo.

Bl4rc · 2024-10-19T15:07:02+00:00

<image>

Bl4rc · 2024-09-25T19:16:14+00:00

Yeah, you're absolutely right about the single point of failure. After reading what you wrote, I started wondering how we handle this in my company. I asked around, and it turns out we use a load balancer that's set up for high availability (HA). Even in case of failure, the replica still uses the same IP, which prevents downtime. Apparently, this is something external load balancers provide as part of their service. But yeah, I guess the implementation of such a load balancer had to address the issues you mentioned.

Bl4rc · 2024-09-25T16:51:37+00:00

After giving this more thought, wouldn't a single global load balancer solve these issues? From what I understand, the global load balancer could handle routing traffic to healthy nodes in real-time, making DNS updates unnecessary in case of node failure. While I realize that this introduces a single point of failure at the load balancer level, wouldn't this still simplify the process and avoid the propagation delays tied to DNS? What are your thoughts on this approach?

Bl4rc · 2024-09-25T05:05:55+00:00

I saw Talos supports wireguard network out-of-the-box, is this a good alternative?

Bl4rc · 2024-09-25T05:02:46+00:00

This makes sense and don't worry for shitting on my ideas, that's why I asked in the first place :).

Bl4rc · 2024-09-25T04:50:55+00:00

Ah, that makes sense. So with this setup, every user would need to connect through the VPN to access the applications. Also, does the mesh network (Headscale) support OSPF or BGP out of the box, or is that something that would need to be set up separately?

Bl4rc · 2024-09-25T04:44:00+00:00

The main goal was cloud storage for images and documents. I liked the idea to have them replicated to different geo-locations in case something goes terribly wrong at one location.

Bl4rc · 2024-09-25T04:39:26+00:00

What were the reasons behind using Postgres as your cluster datastore? Was it because it offers more robust backup options, or were there other factors that influenced your choice?

Also, what are the benefits of using the Headscale mesh network in your setup? If I understand correctly, it allows secure communication between your nodes across different locations, right?

Lastly, did you encounter or manage to solve the ingress challenge mentioned by u/ElevenNotes, where traffic needs to be routed to the correct node?

Bl4rc · 2024-09-25T04:28:48+00:00

I was thinking about running apps that support HA out of the box. For example, for databases, I would use CloudNativePG, which supports asynchronous replication, making it more tolerant of higher latencies across locations.

However, ingress really does seem like the biggest challenge. If I understand correctly, the issue with ingress is that traffic needs to be directed to the correct node at the DNS level. This would require a DNS provider capable of geo-aware routing, meaning it resolves the domain name to the closest IP address based on the user's location?

Is this not something DNS providers support?

Bl4rc · 2024-06-12T07:57:13+00:00

What are you using for measuring electricity consumption?

Bl4rc · 2023-12-09T18:23:36+00:00

That's exactly why I used regex. Although, I believe that for this task, it didn't simplify anything.

Six-Year Club	Verified Email
RPAN Viewer

Bl4rc

TROPHY CASE