| 22 Sep 2021 |
 edrex | so we gotta be scrappy hackers and band together to build something better :) | 21:03:31 |
 6aa4fd | It's good to pin down what decentralized means. Does it mean high and variable latency? Does it mean variable levels of host access? | 21:03:55 |
| 6aa4fd | Kubernetes can solve issues with variable hardware specs and latency by assigning jobs based on host flags | 21:05:05 |
| edrex | decentralized, to me, means the infrastructure nodes are controlled by a variety of agents without full mutual trust. | 21:05:13 |
 toonn | Let's just go with the worst case, P2P with heterogeneous nodes : ) | 21:05:26 |
| 6aa4fd | But if we mean decentralized in terms of authority... why would you want to have a single source of truth? | 21:05:55 |
| edrex | distributed is more about physical latency, bandwidth etc | 21:06:15 |
| 6aa4fd | Latency is probably key then, because consensus algos generally do not like latency | 21:06:56 |
| 6aa4fd | And if every legal entity owning boxen in the network wants to be involved in those decisions, they need to be a management node | 21:07:46 |
| 6aa4fd | Probably getting some of these names wrong, I don't use kubernetes regularly | 21:08:11 |
| toonn | Uhm, the containers and the host are bridged but toxvpn is a separate interface. At least I think so. | 21:08:17 |
| edrex | oh right, there would have to be a bridge for mDNS to work from the remote containers to your local host | 21:11:19 |
| edrex | In reply to @6aa4fd:tchncs.de
However the orthodox way to do it with kubernetes for ingress and service discovery would probably be traefik and coredns i was going to mention traefik which is what I was using before (although tbh i had to search around a bit to remember the name). Coredns I had forgotten about. reading | 21:14:24 |
| edrex | https://coredns.io/explugins/mdns/ | 21:16:55 |
| 6aa4fd | In reply to @toonn:matrix.org
Uhm, the containers and the host are bridged but toxvpn is a separate interface. At least I think so. You can probably improve this setup a lot if you put everything on the docker host, honestly | 21:17:15 |
| 6aa4fd | If you host your tunnel service, proxy, and services all in the same place | 21:17:49 |
| 6aa4fd | You can only give the vpn container access to the proxy | 21:18:22 |
| 6aa4fd | More secure, doesn't require a third node | 21:18:43 |
| 6aa4fd | You can also host a vpn on your router and route certain subnets through it transparently to your clients,
Then behave as if this is all one network | 21:19:40 |
| 6aa4fd | Which is pretty much how i would implement any mesh network long term | 21:19:57 |
| edrex | In reply to @6aa4fd:tchncs.de
You can probably improve this setup a lot if you put everything on the docker host, honestly systemd-nspawn | 21:20:34 |
| 6aa4fd | Okay, container host | 21:21:25 |
| 6aa4fd | You can also switch your setup from mDNS to zookeeper or consul | 21:22:36 |
| 6aa4fd | Which traefik has a discovery backend for | 21:22:54 |
| 6aa4fd | And if you only run traefik on one node, you can use any dns setup you want or drop entirely | 21:23:29 |
| 6aa4fd | https://doc.traefik.io/traefik/providers/consul-catalog/ | 21:24:34 |
| 6aa4fd | For example | 21:24:40 |
| edrex | or etcd. i'd love to see some service registration functionality targetting systemd-nspawn. could just be a parameterized unit that registers/deregisters | 21:25:43 |
| edrex | consul preferrable to etcd? I remember zookeeper being kinda old and crusty like 15 years ago. it's still used? | 21:26:43 |
| 6aa4fd | You can make any service discovery work with systemd nspawn right, i mean its a container, just write service files for registering and deregistering | 21:26:52 |
