@from-nibly - eviltoast
  • 0 Posts
  • 6 Comments
Joined 1 year ago
cake
Cake day: November 15th, 2023

help-circle
  • It sounds like you just want email auth. Also known as passwordless login. Also known as magic link.

    Fail2ban is a much more robust solution than automated up whitelisting. You are gonna have so many issues with that. What if someone opens your site from a coffee shop, or their isp changes their IP address with a router restart? You’d have to reauth that client. But then you’d also still be allowing the old ip.

    I don’t think automated whitelisting is “a thing”. Mostly because an IP is not an identity so it’s woefully insufficient to authenticate people.

    Also brute forcing should be handled by whatever handles auth by rate limiting auth requests by ip.


  • Your business should focus on what makes it special. Printers don’t make banks special so they should NOT make their own printers.

    Anything except what makes your business special is a DISTRACTION, that especially means software. Buy anything that is even remotely like a printer.

    Conversely if there is something that makes your business special, YOU must do it yourself. If that means self hosting some open source thing it ALSO means you need to become maintainers of that open source thing.

    Own the things you need to be good at outsource EVERYTHING ELSE, no exceptions.

    Here’s a really gray example to drive this home

    Let’s say there’s some part of your business that needs to print invoices on paper that’s as thick as blue jeans. You look and look and look and no one sells printers that print on that kind of paper. You have two options, 1. Realize that it’s probably dumb that you are trying to print on paper that thick and change your business to deal with regular paper, or 2. Decide that that’s what makes your business special and start manufacturing printers.



  • If you are just starting and messing around you can go a long way with a single node k3s cluster (I prefer nixos since it makes managing and replicating things REALLY repeatable, but it is it’s own rabbit hole)

    BUT if you need several 9s your going to need even more than just 1 server with k3s on it. Your gonna want redundancy, monitoring, and processes.

    1. 3 nodes while only using capacity of 2
    2. Shared volume infra like ceph or a nas
    3. Load balancing firewall like opnsense
    4. Multiplexed internet
    5. UPS for power issues
    6. Onsite backups + cloud backups
    7. Kube-prometheus-stack (or the contents of)
    8. KEDA (for auto scaling)

    (Not a day 0 recommendation)

    The reason kubernetes is complex (and hard to learn) is cause it kinda forces you to consider all kinds of reliability, and scaling issues, that you may not need for a while.

    If you only have one machine, it does feel like a bit much to NEED an autoscaler.

    You can create a vanilla cron job that runs a docker container command so you don’t have to “install” anything on your node. L

    You can use multiple docker compose files to manage stuff independently so you can upgrade stuff without affecting other things.

    I know you say you want auto scaling, but what are you autoscaling against? Like is something else scaling up at different intervals? I think a thing to question is if your extra instances ever need to scale down. Auto scaling is a cost saving measure and if you have static infrastructure with no other load then why ever scale down? Do your cron jobs take too many resources and you have to scale down your micro services? If so you’ve got way more to consider that just plain autoscaling, and maybe you need to scale your infrastructure in which case your back to questioning whether or not you need to scale down.

    I’m questioning your requirements only because if you are trying to just “get something done” k8s and nomad are going to be a distraction since you aren’t already familiar with them. If learning k8s or nomad is also part of your goal, then awesome, I would definitely suggest k3s.