Starting a new Cloud/HomeLab blog at this domain - let me know if you want a contributor invite!

  • jax@lemmy.cloudhub.socialOPM
    link
    fedilink
    arrow-up
    2
    ·
    7 months ago

    That makes sense!

    Have you played with anything like Istio to secure in-cluster communications? I think Hashicorp Consul can do something similar to encrypt service to service communications.

    • notfromhere
      link
      fedilink
      arrow-up
      1
      ·
      7 months ago

      I looked into it but I felt at the time it was too complex, maybe I’ll look at it again. Currently I am using wireguard for all cluster node-to-node traffic. It seemed like a reasonable tradeoff at the time, but it is at the network layer instead of application, so I really should revisit that at some point.

      • jax@lemmy.cloudhub.socialOPM
        link
        fedilink
        arrow-up
        2
        ·
        7 months ago

        Yeah it very adds some extra complexity and it’s more important for if you are hosting in public clouds anyways IMO.