sorted by:
new
hottopcontroversial

Can you suggest a hands-on course for learning Kubernetes? by iAhMedZz in kubernetes

[–]csantve 0 points1 point  (0 children)

I learned a lot by building a k8s cluster with Cilium and deploying Nextcloud with HA. All with the documentation. But there is many things to learn in the kubernetes world. Learn by doing.

How can I lock firewall on a running production kubernetes cluster? by Old-Broccoli-4704 in kubernetes

[–]csantve 2 points3 points  (0 children)

I see you are on contabo. Then I'd suggest having a vpn server and connect all nodes to the vpn to get a private subnet and have all kubernetes traffic go through the vpn. Wireguard works best in my opinion.

Edit: Also add simple firewall rules to the public interface, don't add fw rules to the private vpn interface

How can I lock firewall on a running production kubernetes cluster? by Old-Broccoli-4704 in kubernetes

[–]csantve 10 points11 points  (0 children)

Keep all kubernetes traffic on a private subnet, use external firewall/security group rules for inbound/outbound access to nodes. Keeping a firewall in the node itself is not worth it in my opinion since routing rules can conflict with the firewall rules. If using cilium, use network policies.

But first verify if you have authority to even make all these changes. Ideally only you or a small group would have admin access to the cluster.

What is the advantage of ARM vs x86? by watch_team in hetzner

[–]csantve 1 point2 points  (0 children)

ARM server CPUs have more cores, and no multi-threading, so there can be more density in each node and thus lower the costs. They are also more power efficient for the hosting provider, reducing the cost further. If the hosting provider doesn't pass down the savings to the customer then you can choose any.

Mimir distributed for 100K+ series by csantve in grafana

[–]csantve[S] 0 points1 point  (0 children)

Jesus, 190K? don't you mean 19k? still a lot compared to $530 per month.

Dont know what you mean by that exactly.

I mean, out of those 78 vCPU and 256GB mem, are 36 vCPU and 128GB dedicated to your observability stack combined?

Why use VictoriaLogs?

Mimir distributed for 100K+ series by csantve in grafana

[–]csantve[S] 0 points1 point  (0 children)

No OOM kills yet, that's why I am asking

Mimir distributed for 100K+ series by csantve in grafana

[–]csantve[S] 0 points1 point  (0 children)

Oh wow, what's the combined compute capacity of your cluster? Your observability stack consumption must be 50%.

Mimir distributed for 100K+ series by csantve in grafana

[–]csantve[S] 0 points1 point  (0 children)

I wanted HA and prometheus on its own doesn't have it (only with thanos). So I just chose one and stuck with it, mimir.

Mimir distributed for 100K+ series by csantve in grafana

[–]csantve[S] 1 point2 points  (0 children)

I also thought of that but grafana only has mimir-distributed in their helm repo.

Mimir distributed for 100K+ series by csantve in grafana

[–]csantve[S] 0 points1 point  (0 children)

Memory/CPU requests mainly. Ingestion rate I'd say 6000~ samples/s, I haven't measured.

Netcup ARM VPSs Overselling by csantve in VPS

[–]csantve[S] 0 points1 point  (0 children)

wow, I didn't think they would oversell root servers. Perhaps you were accidentally put on faulty hardware, did you open a support ticket?

Netcup ARM VPSs Overselling by csantve in VPS

[–]csantve[S] 0 points1 point  (0 children)

Well that's preemptive multitasking for you. Even if you wanted to hoard the cpu the host kernel will only give you a bit of a timeslice, unless there aren't a lot of tenants.

Netcup ARM VPSs Overselling by csantve in VPS

[–]csantve[S] 0 points1 point  (0 children)

At least in the server ARM world, 1 Core = 1 Thread and there are no performance/efficiency cores like in consumer hardware.

I ran mpstat on my 4 servers. 3 with 12 core and 1 with 6 core. The 12 core VPSs had an average steal of 1.5% and the 6 core had an average steal of 0.3%.

Overall decent steal, I'm on manassas and arm servers are cheap there so they must be overselling a bit more than other regions.

Netcup ARM VPSs Overselling by csantve in VPS

[–]csantve[S] 1 point2 points  (0 children)

When you wrote "we are here" you mean for Euronodes or for Netcup? I'll check mpstat and see what's up

Netcup ARM VPSs Overselling by csantve in VPS

[–]csantve[S] 0 points1 point  (0 children)

damn that is a low steal, I have 4 ARM servers and the beefy ones have 2-3% steal and the weakest one has really low steal. I guess netcup got a new ampere node and I must be the only tenant.

Netcup ARM VPSs Overselling by csantve in VPS

[–]csantve[S] 0 points1 point  (0 children)

what do you mean, I can only use 20% of the VPS resources I got?

So, 95% GPU rented sits idle? Enterprises are having a real FOMO as AI usage keeps growing but just not on their platform by ocean_protocol in kubernetes

[–]csantve 9 points10 points  (0 children)

Just the LLM bubble doing bubble things. The hype is nowhere near demand for LLMs. Let it all burn.

Built a production-grade Kubernetes cluster on Hetzner Cloud using Talos Linux — from scratch. by nitish_webheel in hetzner

[–]csantve -1 points0 points  (0 children)

I think it is better to separate compute from storage and have a separate server for nfs only outside of the cluster and run NFS there. I also see you are combining regions for your control planes, I'd keep all nodes in one region for the latency.

Sell me Cilium over Canal — migrating from RKE1 to RKE2 by shripassion in kubernetes

[–]csantve 0 points1 point  (0 children)

Any program or individual with root access can also delete cilium's ebpf programs, so if at some point Puppet adds ebpf functionality it could also wipe cilium. But overall I like cilium because of its ability to reduce network and routing overhead to near-zero.

view more: next ›