• 0 Posts
  • 4 Comments
Joined 2 years ago
cake
Cake day: June 20th, 2023

help-circle
  • I mean yeah it’s all very complex for sure. Managing a cluster is very involved and k8s administration is typically a completely separate role from dev/devops. I am comfortable with the idea and I still run my selfhosted setup on docker because it’s easier and I have no personal use for multi-node setups.

    However when you get down to it pretty much everything in k8s solves a real problem that in a “traditional” infra would require lots of ad-hoc bullshit. The ingress system of k8s is, at a high level, a standardized recreation of the typical “haproxy+nginx+ad-hoc provisioning” setup you’d find in a “classical” private cloud deployment. TLS in, send to nginx, nginx chooses a relevant healthy back-end and reverse proxies the request. K8s doesn’t really do anything crazy complex, the complexity is just inherent to having a many-to-many mapping of HTTP requests while optionally supporting multi-zone setups with local affinity and lifecycle management/awareness.

    But unlike with a traditional deployment there’s not a greybeard guru in the back who deployed it all and knows the ins-and-outs so it’s quite common that the complexity is not understood and underappreciated by the “admins”. That complexity is a blessing when you need to leverage it but a curse when you lack the expertise to understand what is happening holistically.

    Kind of like a linux distro… It’s amazing when it works but when libpam throws an error and you don’t even know what that library is or does, well you’re in for a fun evening.


  • The “problem” with k8s is not that it’s abstract-y (it’s not inherently any more abstract than docker), it’s that it’s very complex and enterprise-y.

    The need for such a complex orchestration layer is not necessarily immediately obvious, until you’ve worked on a complex infra setup that wasn’t deployed with kubernetes. Believe me when you’ve seen the depths of hell that are hundreds of separately configured customer setups using thousands of lines of ansible playbooks, all using ad-hoc systems for creating containers/VMs, with even more ad-hoc and hacked together development and staging environments, suddenly k8s starts looking very appetizing. Instead of an abominable spaghetti of bash scripts, playbooks, and random documentation, one common (albeit complex) set of tools understood by every professional which manages your application deployment & configuration, redundancy, software upgrades, firewall configs, etc.

    A small self-hosted production kubernetes cluster doesn’t have to be hard to operate or significantly more expensive than bare-metal; you can buy 3U of rack space, plop in 3 semi-large servers (think 128 GB plus a few TB of SSD RAID), install rancher and longhorn, and now you’ve got a prod cluster large enough for nearly every workload such that if you ever need to upgrade that means you have so many customers that hiring a k8s administrator will be a no-brainer.

    Or you can buy minutes from AWS because CapEx is the absolute devil and instead you pay several times as much in OpEx to make it someone else’s problem. But if you’re doing that then you’re not comparing against “installing things the old-fashioned way”.


  • I push for FOSS everywhere I can at work, but then we acquire a company and they casually drop “oh yeah we’ve built $solution on Azure Containers using Azure SDN with Azure API Gateway and Azure LoadBalancer and Azure Firewall and Azure Backups and Azure Georedundancy and we use Azure SAST and Azure pipelines (replace with microsoft marketing lingo as applicable - I don’t care to learn it). Aside from that we’re vendor-agnostic”.

    It’s astonishing how “we can use Azure/AWS but let’s not lock ourselves into proprietary solutions for which FOSS alternatives are readily available” is somehow a controversial statement in some software outfits. Ignoring the sovereignty concerns for a minute, from a business perspective you’re essentially putting all your eggs in one basket and hoping really hard that Microsoft or Amazon don’t pull a Broadcom and bankrupt you one day by hiking prices a few hundred percent.

    It boggles the mind how existentially reliant most of the digital world is on the whims of like, three unchecked billionaires.


  • Very hard disagree. Hearts and minds.

    Dafuq else do you expect a random French opposition member to do? Sit there quietly and look pretty? That seems to be the leading strategy for the US Dems and also an irredeemable dereliction of duty. If you are forced into the opposition, be performative. Be loud. Be ungovernable, if necessary.

    It’s nice to wish for a world where a fascist regime doesn’t have full control of the USA, but unfortunately we don’t live in that world so please don’t denigrate the work of politicians who at least are doing the bare minimum of saying something about it.