• 0 Posts
  • 34 Comments
Joined 1 year ago
cake
Cake day: June 19th, 2023

help-circle




  • I still don’t really see the argument. OpenTofu exists because of internal drama about licensing on a tool that you don’t use…

    Someone building a different banana picker that looks just like another banana picker doesn’t need to explain their reasoning in terms a coal miner would understand…

    Also, literally just clicking the intro doc linked from the main page tells you everything you need to know…


  • If you’re asking why aren’t DevOps/SRE mentioned specifically on the OpenTofu front page, I don’t think you understand how common this software is… Like if someone forked Google, you wouldn’t need to describe what Google is. Everyone already knows it. For the people in this industry, terraform is essentially a defacto monopoly. Even if you don’t use it, if you’re working in SRE, you know what it is and what it does.



  • Not who you were responding to but, my company does this in AWS. To be fair, the entire platform is running in EKS so it’s not much more difficult than updating the CI build pipelines to build multi-arch containers, adding additional nodepools, and scaling down the amd64 ones. This was tedious but not difficult to do. I keep a small set of amd64 nodes for off the shelf software that doesn’t support arm… I think the only thing left on those now is newrelic agents. Once we move off of them the x86_64 nodes can be killed entirely.

    This ended up saving us tens of thousands of dollars per month. The next step is to move the bulk of workloads to spot instances. I’ll be preferring arm but if there is only capacity for x86_64, I’ll have that option because of the multi-arch containers. This is going to save even more money and force developers to build applications more tolerant of node failure in the process.











  • This would be nice because I don’t need a static ip and I don’t have to leak my ip address.

    How does the VPS know how to find your rpi?

    Could you not just use something like duck dns on a cronjob and give out that url?

    I would also need to figure out how to supply ejabberd with the correct certificates for the domain. Since it’s running on a different computer than the reverse proxy, would I have to somehow copy the certificate over every time it has to be renewed?

    Since the VPS is doing your TLS termination, you would need an encrypted tunnel of some sort. Have you considered something like Istio? That provides mTLS out of the box really… I’ve never seen it for this kind of use case but I don’t see why it wouldn’t work.