I make use of the following pieces of software and infrastructure:
- Minisforum UM580 (Ryzen 7 5800H)
- Synology DS420+ NAS
- UniFi Dream Machine router + various UniFi switches and access points
- Convenient way to run a bunch of services in containers
- You can easily scale out by adding more nodes (e.g. old hardware)
- Searching for Kubernetes related error messages online often brings up useful help
- Large ecosystem of readily available packages and solutions
- Surprisingly little in terms of configuration can accomplish complex things
- Virtual machine management platform (among other things)
- Makes it possible to perform reinstalls and spin up various toy environments without physical access to the hardware each time.
- Linux distro specifically designed for running a Kubernetes cluster
- Minimal configuration involved in getting cluster up and running
- Cluster configuration is described by a declarative configuration in a git
repository (this one)
git push
automatically reconciles cluster to match new configuration- Rollbacks normally amount to running
git revert
- Discord notifications on reconciliation errors
- Auto updates with Renovate
- Safely commit secrets to git thanks to Mozilla SOPS
- In case of emergency, redeployment of the entire cluster (including OS installations, assuming configuration is already adapted to environment) takes < 30 min
- Services get their own IP addresses allocated in my home network under a separate subnet
- Every container can use whatever TCP/UDP ports it wants, there are no collisions
- It's possible to run multiple duplicate services on their default ports
- Every service gets their IP address added to Cloudfront DNS records
- For example, the
podinfo
hostname resolves the podinfo service, reachable both inside the cluster and from my home network
- For example, the
- HTTP services will have their subdomains reverse proxied automatically
- For example, accessing
podinfo.example.org
will hit theingress-nginx
service (thanks to wildcard CNAME & router port forwarding) ingress-nginx
will check theHost
HTTP header and proxy the request to thepodinfo
service
- For example, accessing
- All subdomains get auto-renewing Let's Encrypt certificates
- iSCSI/NFS mounts on separate NAS for persistent storage
- Nothing of value resides on the compute nodes' disks and as such they can be considered "throwaways"
- Detailed Grafana dashboards & metrics