I've been doing HomeLab and HomeLab-adjacent things for over 10 years at this point (based on the ago of Pi-hole and Raspberry Pi 2, this would be closer to 8+ years). My first experience in the space was a Raspberry Pi 2 that I used for a few years to
Starting a new Cloud/HomeLab blog at this domain - let me know if you want a contributor invite!
Have you played with anything like Istio to secure in-cluster communications? I think Hashicorp Consul can do something similar to encrypt service to service communications.
I looked into it but I felt at the time it was too complex, maybe I’ll look at it again. Currently I am using wireguard for all cluster node-to-node traffic. It seemed like a reasonable tradeoff at the time, but it is at the network layer instead of application, so I really should revisit that at some point.
Oh, dev namespaces are a good idea. Do you have a dev domain then too?
I toyed with dev domain but ended up using namespace.tld and postfixing -dev to my namespace so it works out to service.tld and service-dev.tld.
Ah okay that makes sense, you’re using the internal cluster domain to route to services
I have automated traefik to route the traffic, it sets the dns and ingress route. I’m also doing as you suggested for service to service connections.
That makes sense!
Have you played with anything like Istio to secure in-cluster communications? I think Hashicorp Consul can do something similar to encrypt service to service communications.
I looked into it but I felt at the time it was too complex, maybe I’ll look at it again. Currently I am using wireguard for all cluster node-to-node traffic. It seemed like a reasonable tradeoff at the time, but it is at the network layer instead of application, so I really should revisit that at some point.
Yeah it very adds some extra complexity and it’s more important for if you are hosting in public clouds anyways IMO.