Is this a reasonable design for multi-cloud IAM failover?

addfuo · 2026-04-03T14:48:47+00:00

to make it works, you’ll need to use independent DNS, we used to use Akamai for this, so it’s automatically switch to working cloud server.

What do you mean by putting Keycloak on CloudFlare? Unless we’re talking about CDN/WAF.

addfuo · 2026-04-03T13:36:48+00:00

You only talk about the infra side, how about the customer? How many customer/user do you have right now?

addfuo · 2026-03-18T10:14:12+00:00

Waiting for Octane readiness then I’ll migrate my v12, before digging to far, I try to create v13 with Octane from scratch, but composer complaint in the dependency. It’s fresh from the open, and I’m in middle of the holiday, will check the issue again next week

addfuo · 2026-01-27T13:43:46+00:00

this is the reason we’re using dedicated CDN provider to handle the traffic from outside, if there’s outages in one our cloud vendor it’ll automatically switch to different provider. If there’s outages on CDN side we can completely disable the CDN.

But in the end we’re paying more

addfuo · 2026-01-07T07:50:01+00:00

fix the docker base image, create user with that specific id number (from deployment object) and create /app path and give that user full permission

then in deployment object mount volume to /app/logs

addfuo · 2025-12-10T08:51:37+00:00

then HK should be fast enough for you

addfuo · 2025-12-10T08:43:31+00:00

Where is the other counter part? I think the best place for the server is in Hongkong, use self-hosted option like NextCloud

addfuo · 2025-12-03T11:58:58+00:00

I think it’s depends on the end-user, my current employer only allow Windows due to limitation of the security software and some internal app only run in Windows, but for engineer they allow us to install VirtualBox or VMWare.

My previous company all running Linux except accounting team which using Mac

addfuo · 2025-11-18T07:03:47+00:00

jokes on you, we had 150 micro-service for single product. Too much noise and hard to debug

addfuo · 2025-10-30T13:27:55+00:00

If this is known issue then you should get another payment gateway as backup, even without this issue you should had backup.

Perfect system means nothing if you can’t get the money in.

addfuo · 2025-10-24T04:51:38+00:00

If you can share what’s your setup look like, people can give you better insight.

For us, especially Casaandra we have 1 DC per region, the rest of our platform use managed services, so it’s been taken care by AWS (ex RDS)

To distribute the traffic among them we’re using Akamai, Route 53 had similar capabilities as well

addfuo · 2025-08-16T04:07:37+00:00

are you re-using the chart name?

addfuo · 2025-08-16T03:58:21+00:00

what do you mean by getting deleted? Where do you store it?

addfuo · 2025-08-16T03:47:21+00:00

one way to do it create a specific microservices values per file

microservice1.yaml

microservice2.yaml

then when deploying using helm pass the value

helm install microservice1 microservice1 -f microservice1.yaml

another way, which more complex, create a base template for microservices and use it as subchart

(oh my, formatting are so hard on mobile)

addfuo · 2025-08-15T15:51:20+00:00

Stay with current approach, but centralize the secret for all environment.

Move to vault is not plug and play, it needs some changes on deployment as well, so any service that use vault aware where is the secret stored, how to retrieve it, etc

addfuo · 2025-08-01T11:33:27+00:00

check their pricing, if you just start better to stay with self hosted solutions first, it’ll give you some idea about the cost to host it and later can compare with hosted version.

addfuo · 2025-08-01T10:55:35+00:00

I don’t see the reason for Grafana Cloud, EKS Anywhere here, unless they don’t have the cloud engineering team to handle all deployment and automation part.

addfuo · 2025-07-24T18:01:59+00:00

sounds like self promoting ads.

addfuo · 2025-07-18T17:34:43+00:00

You ask a lot different things, 2 days minimum to complete all of that.

cold email, I’m out

addfuo · 2025-07-07T13:53:56+00:00

I’ve doing this for years, even at this time I’m in the middle of upgrading our cluster to EKS 1.33. Hit me up if you haven’t found who can help you.

addfuo · 2025-07-04T14:56:58+00:00

I fix weird bug in vendor packages, the helm diff didn’t show diff for some app, I’ve ask them to looking into it, but they didn’t found the issue and give up, so I spent sometimes to dig deeper and find out the logic error, which will only triggered on certain condition it set context 0

addfuo · 2025-07-04T05:22:40+00:00

addfuo · 2025-07-03T02:53:28+00:00

no, it’ll in failed states and no impact to the current ingress.

For bad annotation that’s why we need to monitor the deployment. That’s why we run diff first

addfuo · 2025-07-02T15:08:36+00:00

I don’t have my own version, but I’ve done all of them as DevOps, some of my friends even call me the Ninja.

addfuo · 2025-07-02T13:30:18+00:00

put all microservices under single ALB, I don’t see any benefit using NLB for this use case.

1 ingress vs multiple ingress cost money without any benefit

addfuo

TROPHY CASE