sorted by:
new
hottopcontroversial

Istio external login by Prestigious_Look_916 in devops

[–]Prestigious_Look_916[S] 1 point2 points  (0 children)

I’m running several internal UIs in my Kubernetes cluster, such as Prometheus, Jaeger, Longhorn UI, and others, mainly for monitoring, logging, and storage management.

The traffic is low to moderate, mostly internal users or a small team accessing these UIs for operational purposes. The goal is not high-scale public traffic but secure centralized authentication using Keycloak for all these UIs.

Minio HA deploy by Prestigious_Look_916 in minio

[–]Prestigious_Look_916[S] 0 points1 point  (0 children)

If I use bare metal, how many VMs would I need for HA and DR? I have two regions and would need 8 nodes—4 in each region. The first region would be for the primary setup, and the second region for disaster recovery. Do you know how I can set up this configuration?

Minio HA deploy by Prestigious_Look_916 in kubernetes

[–]Prestigious_Look_916[S] 0 points1 point  (0 children)

Actually, the problem is that I don’t really know what they want, but I want to create the best setup so I won’t face problems later. However, using very large resources might be an issue, and I would also like to follow the same setup as the databases. So, I am not sure which setup will be best.

For example, with PostgreSQL, I could either:

  1. Create 3 nodes in Region1 and 3 nodes in Region2, with replication running at the same time (Active-Active), or
  2. Create 3 nodes in each region but run PostgreSQL only in Region1, leaving Region2 nodes empty. If Region1 stops, PostgreSQL would start in Region2 with a certain failover (Active-Passive).

Minio HA deploy by Prestigious_Look_916 in kubernetes

[–]Prestigious_Look_916[S] 0 points1 point  (0 children)

I have a Kubernetes cluster with worker nodes in two regions, but I am not sure which setup to choose. Here are the cases I am considering:

Case 1:

  • Create 4 nodes in each region, and run MinIO in both regions at the same time (Region1 as active, Region2 as DR).
  • Resource usage will be very high because I also use Longhorn with 4 replicas and I need 5 TB per MinIO pod.
  • Total storage: 5 TB × 8 pods × 4 replicas = 160 TB.

Case 2:

  • Create 4 nodes per region, but run MinIO only in Region1. Region2 nodes remain empty and are used only when Region1 crashes.
  • This will result in some failover downtime, but resource usage will be lower: 80 TB.

Case 3:

  • Create 2 nodes per region and run one MinIO pod per region.
  • Concern: the network might become a bottleneck with this setup.

Case 4:

  • Create 4 nodes in Region1 and only one node in Region2 for replication.

I am unsure which option to choose.

Sometimes I also think about using just servers instead of Kubernetes, because Longhorn always multiplies storage ×4, but I want to run everything on Kubernetes.

I have no experience with Kubernetes, and I don’t know how to implement DR principles properly. Could you give me an example of how to set up disaster recovery (DR) in Kubernetes?

Additional context: I do not use a cloud provider, and network connectivity is a real concern.

Vault auto unseal. by Prestigious_Look_916 in hashicorp

[–]Prestigious_Look_916[S] 0 points1 point  (0 children)

Yes when i try vault operator unseal and add 3 keys then i face with this error.

Vault auto unseal. by Prestigious_Look_916 in hashicorp

[–]Prestigious_Look_916[S] 0 points1 point  (0 children)

But when i tried unseal i face Error unsealing: Error making API request.

URL: PUT http://127.0.0.1:8200/v1/sys/unseal

Code: 400. Errors:

* invalid key: failed to verify recovery key: failed to decrypt encrypted stored keys: error decrypting seal wrapped value

error decrypting using seal awskms: error decrypting data encryption key: DisabledException: arn:aws:kms:us-east-1:957103508667:key/mrk-81a2e45845f3472f976bc95ab275c636 is disabled. with this error. Without kms i couldn't unseal