| 22 Sep 2021 |
 edrex | distributed is more about physical latency, bandwidth etc | 21:06:15 |
 6aa4fd | Latency is probably key then, because consensus algos generally do not like latency | 21:06:56 |
| 6aa4fd | And if every legal entity owning boxen in the network wants to be involved in those decisions, they need to be a management node | 21:07:46 |
| 6aa4fd | Probably getting some of these names wrong, I don't use kubernetes regularly | 21:08:11 |
 toonn | Uhm, the containers and the host are bridged but toxvpn is a separate interface. At least I think so. | 21:08:17 |
| edrex | oh right, there would have to be a bridge for mDNS to work from the remote containers to your local host | 21:11:19 |
| edrex | In reply to @6aa4fd:tchncs.de
However the orthodox way to do it with kubernetes for ingress and service discovery would probably be traefik and coredns i was going to mention traefik which is what I was using before (although tbh i had to search around a bit to remember the name). Coredns I had forgotten about. reading | 21:14:24 |
| edrex | https://coredns.io/explugins/mdns/ | 21:16:55 |
| 6aa4fd | In reply to @toonn:matrix.org
Uhm, the containers and the host are bridged but toxvpn is a separate interface. At least I think so. You can probably improve this setup a lot if you put everything on the docker host, honestly | 21:17:15 |
| 6aa4fd | If you host your tunnel service, proxy, and services all in the same place | 21:17:49 |
| 6aa4fd | You can only give the vpn container access to the proxy | 21:18:22 |
| 6aa4fd | More secure, doesn't require a third node | 21:18:43 |
| 6aa4fd | You can also host a vpn on your router and route certain subnets through it transparently to your clients,
Then behave as if this is all one network | 21:19:40 |
| 6aa4fd | Which is pretty much how i would implement any mesh network long term | 21:19:57 |
| edrex | In reply to @6aa4fd:tchncs.de
You can probably improve this setup a lot if you put everything on the docker host, honestly systemd-nspawn | 21:20:34 |
| 6aa4fd | Okay, container host | 21:21:25 |
| 6aa4fd | You can also switch your setup from mDNS to zookeeper or consul | 21:22:36 |
| 6aa4fd | Which traefik has a discovery backend for | 21:22:54 |
| 6aa4fd | And if you only run traefik on one node, you can use any dns setup you want or drop entirely | 21:23:29 |
| 6aa4fd | https://doc.traefik.io/traefik/providers/consul-catalog/ | 21:24:34 |
| 6aa4fd | For example | 21:24:40 |
| edrex | or etcd. i'd love to see some service registration functionality targetting systemd-nspawn. could just be a parameterized unit that registers/deregisters | 21:25:43 |
| edrex | consul preferrable to etcd? I remember zookeeper being kinda old and crusty like 15 years ago. it's still used? | 21:26:43 |
| 6aa4fd | You can make any service discovery work with systemd nspawn right, i mean its a container, just write service files for registering and deregistering | 21:26:52 |
| 6aa4fd | They still use mainframes, i am sure they still use zookeeper. I don't know which is more hip, but I would probably pick the one with the best documentatiln | 21:27:38 |
| toonn | Put everything on the host? Do you mean taking the containers out of the equation? They all do run on the same host. | 21:27:52 |
| edrex | just putting the reverse proxy on the same host as the containers. but i get why you're putting them on the other side of the VPN, so local hosts can access those services | 21:29:13 |
| edrex | really it seems like a bridged VPN is what you want, right? | 21:34:16 |
| edrex | In reply to @6aa4fd:tchncs.de
You can also host a vpn on your router and route certain subnets through it transparently to your clients,
Then behave as if this is all one network this is what i'm planning to do with my various sites, via wireguard on the gateway nodes. | 21:39:20 |
| toonn | I think so yeah. Making two LANs act like one. | 21:40:10 |
