Back to the Virtual Machine
Recently I was playing with Kubernetes to power my tiny blog. I am back on a Virtual Machine powered by openSUSE Leap.
The trigger
The xz backdoor meant that I immediately nuked the server from the Internet. While MicroOS itself uses SELinux .. the Kubernetes is known for running everything as a root by default.
Leap forward
Frankly speaking I am not a devops guy and Kubernetes is a hell of layers and indirections. I was actually quite surprised when realizing how little vanilla Kubernetes does and how many things you have to get from the broader ecosystem.
Even the Ingress - the way you assign public URLS to your services - is not provided and you must select and learn an external Ingress controller. And configuring it is no fun.
{{ < highlight yaml > }} metadata: annotations: ingress.kubernetes.io/redirect-regex: “^https://vyskocil.org/?(.*)” ingress.kubernetes.io/redirect-replacement: “https://vyskocil.me/$1" {{ < /highlight > }}
And do not try to start with Helm. That is a horrible abstraction, that has become an industry standard for some reason. All in all managing the Kubernetes is a full time job. Which I do not enjoy doing.
Web server
You can use Apache httpd or nginx as your web server. I found the
Caddy to be much easier to configure and it comes
with some bells and whistles like a built-in acme protocol support, so https
via letsencrypt is automatically configured. Setting up this blog was as easy
as
vyskocil.me {
tls email@example.net
root * /srv/www/htdocs/vyskocil.me/miblog/public/
encode zstd gzip
file_server
}
And sudo systemctl reload caddy.service and voila!
curl --head https://vyskocil.me
HTTP/2 200
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000
content-type: text/html; charset=utf-8
etag: "sb7i6ejr7"
last-modified: Sun, 31 Mar 2024 09:54:14 GMT
server: Caddy
content-length: 25603
date: Wed, 03 Apr 2024 20:34:05 GMT