Recently I was playing with Kubernetes to power my tiny blog. I am back on a Virtual Machine powered by openSUSE Leap.

The trigger

The xz backdoor meant that I immediately nuked the server from the Internet. While MicroOS itself uses SELinux .. the Kubernetes is known for running everything as a root by default.

Leap forward

Frankly speaking I am not a devops guy and Kubernetes is a hell of layers and indirections. I was actually quite surprised when realizing how little vanilla Kubernetes does and how many things you have to get from the broader ecosystem.

Even the Ingress - the way you assign public URLS to your services - is not provided and you must select and learn an external Ingress controller. And configuring it is no fun.

{{ < highlight yaml > }} metadata: annotations: “^*)” “$1" {{ < /highlight > }}

And do not try to start with Helm. That is a horrible abstraction, that has become an industry standard for some reason. All in all managing the Kubernetes is a full time job. Which I do not enjoy doing.

Web server

You can use Apache httpd or nginx as your web server. I found the Caddy to be much easier to configure and it comes with some bells and whistles like a built-in acme protocol support, so https via letsencrypt is automatically configured. Setting up this blog was as easy as {
	root * /srv/www/htdocs/
	encode zstd gzip

And sudo systemctl reload caddy.service and voila!

curl --head
HTTP/2 200 
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000
content-type: text/html; charset=utf-8
etag: "sb7i6ejr7"
last-modified: Sun, 31 Mar 2024 09:54:14 GMT
server: Caddy
content-length: 25603
date: Wed, 03 Apr 2024 20:34:05 GMT