19
Teachings from years of HomeLab (blog.cloudhub.social)

Starting a new Cloud/HomeLab blog at this domain - let me know if you want a contributor invite!

you are viewing a single comment's thread
view the rest of the comments
[-] jax@lemmy.cloudhub.social 2 points 6 months ago

Ah okay that makes sense, you’re using the internal cluster domain to route to services

[-] notfromhere@lemmy.ml 1 points 6 months ago

I have automated traefik to route the traffic, it sets the dns and ingress route. I’m also doing as you suggested for service to service connections.

[-] jax@lemmy.cloudhub.social 2 points 6 months ago

That makes sense!

Have you played with anything like Istio to secure in-cluster communications? I think Hashicorp Consul can do something similar to encrypt service to service communications.

[-] notfromhere@lemmy.ml 1 points 6 months ago

I looked into it but I felt at the time it was too complex, maybe I’ll look at it again. Currently I am using wireguard for all cluster node-to-node traffic. It seemed like a reasonable tradeoff at the time, but it is at the network layer instead of application, so I really should revisit that at some point.

[-] jax@lemmy.cloudhub.social 2 points 6 months ago

Yeah it very adds some extra complexity and it’s more important for if you are hosting in public clouds anyways IMO.

this post was submitted on 07 May 2024
19 points (95.2% liked)

Homelab

683 readers
3 users here now

founded 1 year ago
MODERATORS