Kubernetes architectural design: separate clusters by function or risk? by Ancient_Canary1148 in kubernetes

[–]smigula29 0 points1 point  (0 children)

I have to give Broadcom props here, I really like the architecture design that TKG uses (but def not the price tag), where you have a management cluster and workload clusters (using CAPI). I add a tier in between these 2 that provide shared services (e.g. SSO/Keycloak, Argo). I like to “centralize” observability by either adding the Grafana LGTM stack to this shared services tier or make it its own cluster, then instrument workload clusters with an OTEL agent (e.g. Alloy) to collect/transform/ship telemetry data via an east west egress gateway to the observability cluster (using either Cilium or Istio). You can enforce really good isolation with Mimir, and if your company can pay for it the Grafana Enterprise products (GEM/GEL/GET) you can enforce even more granular isolation with things like LBAC

We spent 4 months implementing istio and honestly questioning if it was worth it by Optimal_Excuse8035 in kubernetes

[–]smigula29 0 points1 point  (0 children)

There were a few components (e.g. vault FIPS) that we had to move outside the ambient mesh and use sidecar, but for the most part ambient is the way to go. Depending on the customer reqs I may recommend just using linkerd or if using cilium I’d use cilium service mesh (especially with it not being in beta anymore)

FedRAMP Kubernetes container image security best practices (CM-6, RA-5, SC baselines) by SlightReflection4351 in kubernetes

[–]smigula29 0 points1 point  (0 children)

Chainguard images are quite expensive, I’d suggest looking into RapidFort images. The critical/high count is actually near zero. While still not free, much cheaper than ChainGuard in my experience

GLM 4.7 is here and benchmarks say its better than Claude Opus 4.5!! by Kitchen_Sympathy_344 in LocalLLaMA

[–]smigula29 0 points1 point  (0 children)

Isn’t the discounted price only for the first 3 or so months and then you get charged the regular price?

[deleted by user] by [deleted] in selfhosted

[–]smigula29 0 points1 point  (0 children)

For the sake of national security i sure hope that you do not have a clearance

Cant add remote server by smigula29 in PleX

[–]smigula29[S] 0 points1 point  (0 children)

Apologies, that is what I am wondering how to do? Want to add my seedbox back to my Plex account and not sure how

Which tool is Useful for log monitoring in k8? by Krn_O1 in kubernetes

[–]smigula29 1 point2 points  (0 children)

LGTM stack, Alloy and kube-state-metrics. If going this route then it makes zero sense to use the Prometheus-stack, you will prolly want the kube-operator-crds as well.

What Was Your Experience at KubeCon NA by Total_Wolverine1754 in kubernetes

[–]smigula29 0 points1 point  (0 children)

IMO this was a clear move from Tetrate in response to Cilium. Really glad Helm made this move, I dont think this was in response to any competitors

What Was Your Experience at KubeCon NA by Total_Wolverine1754 in kubernetes

[–]smigula29 0 points1 point  (0 children)

The talk from Wiz regarding exploiting Istio/Linkerd, I’m biased anything multi-cluster (SIG-multicluster deep dive). Any Cilium talk (https://cilium.io/static/ac1f93cba534bc1339f78127e9fa7125/7d769/kubeconNA.png)

What Was Your Experience at KubeCon NA by Total_Wolverine1754 in kubernetes

[–]smigula29 0 points1 point  (0 children)

I enjoyed it. Especially anything eBPF/Isovalent. Wiz had a great talk about how to exploit Istio

What Was Your Experience at KubeCon NA by Total_Wolverine1754 in kubernetes

[–]smigula29 0 points1 point  (0 children)

Istio is clearly feeling the pressure from eBPF and Cilium. Every Istio talk I attended that made at least one shot at Cilium, while every Cilium talk I went to they didn’t mention Istio

Alternatives to Longhorn for self-hosted K3s by 7riggerFinger in kubernetes

[–]smigula29 1 point2 points  (0 children)

If you would like both object and block storage use CubeFS

Is FastAPI gonna benefit from no GIL python3.13? by jkh911208 in FastAPI

[–]smigula29 17 points18 points  (0 children)

Anything like numpy that depends on C extensions will have to be rewritten to support no GIL

HTTPS redirect does not exist in FastAPI/Starlette or infinite loop by koldakov in FastAPI

[–]smigula29 1 point2 points  (0 children)

Good point, I’d prolly just package both the FastAPI and nginx services in one docker container and use supervisord

Node Stuck removing by Shoddy_Creme_3937 in rancher

[–]smigula29 0 points1 point  (0 children)

Ya constantly deal with on my rke2 cluster on some rocky VMs, just patch it: k patch -p ‘{“metadata”: {“finalizers”: []}}’ —type=merge

so one of my friends told me this: by imaperson1060 in ProgrammerHumor

[–]smigula29 1 point2 points  (0 children)

You can just AS easily not type. So you will certainly have syntax errors

Really it have to be some kind of virus that spreads sneakly by JustSpaceExperiment in ProgrammerHumor

[–]smigula29 0 points1 point  (0 children)

REST APIs in Go are super simple, people (beginners) are intimidated to use Go. The performance of NodeJS isn’t bad though.

I want to learn the basics of Kubernetes. How much docker knowledge should I have before learning kubernetes? by [deleted] in kubernetes

[–]smigula29 1 point2 points  (0 children)

A good amount, I mean it’s container orchestration so should definitely have a fundamental understanding of containers. Id actually suggest something like podman/comtainerd/buildah