I've been doing HomeLab and HomeLab-adjacent things for over 10 years at this point. My first experience in the space was a Raspberry Pi 2 that I used for a few years to run various services such as Pi-Hole, CUPS, and numerous other software. Since then, my lab has had

Starting a new Cloud/HomeLab blog at this domain - let me know if you want a contributor invite!

  • jaxOPMA
    2·
    2 months ago

    Oh, dev namespaces are a good idea. Do you have a dev domain then too?

    • notfromhere@lemmy.ml
      1·
      2 months ago

      I toyed with dev domain but ended up using namespace.tld and postfixing -dev to my namespace so it works out to service.tld and service-dev.tld.

      • jaxOPMA
        2·
        2 months ago

        Ah okay that makes sense, you’re using the internal cluster domain to route to services

        • notfromhere@lemmy.ml
          1·
          2 months ago

          I have automated traefik to route the traffic, it sets the dns and ingress route. I’m also doing as you suggested for service to service connections.

          • jaxOPMA
            2·
            2 months ago

            That makes sense!

            Have you played with anything like Istio to secure in-cluster communications? I think Hashicorp Consul can do something similar to encrypt service to service communications.

            • notfromhere@lemmy.ml
              1·
              2 months ago

              I looked into it but I felt at the time it was too complex, maybe I’ll look at it again. Currently I am using wireguard for all cluster node-to-node traffic. It seemed like a reasonable tradeoff at the time, but it is at the network layer instead of application, so I really should revisit that at some point.

              • jaxOPMA
                2·
                2 months ago

                Yeah it very adds some extra complexity and it’s more important for if you are hosting in public clouds anyways IMO.