!ShMQGSWJUKvlFrnver:matrix.org

Homelab

651 Members
Generic Talk about homelab things. Hardware, OSs, Applications, Network, and everything in between.170 Servers

Load older messages


SenderMessageTime
25 May 2023
@james:jameskitt616.onejamesbut at some point in the future hopefully i can replace most of that with 3 VMs with my k3s nodes :P13:21:52
@james:jameskitt616.onejamesbut my kubernetes knowledge is not good enough to migrate13:22:12
@james:jameskitt616.onejamesthere is also probably much more to say about this topic. this was just a small overview and stuff to think about13:23:30
@chancem:mooreltd.netchancem
In reply to @james:jameskitt616.one

i guess you are referring to proxmox.
well there are a couple different ways on how to do id as you said urself. i guess it's sort of personal preference, security, how many resources u got etc.
- for each docker a dedicated vm -> good security -> high resource waste (ram) and ofc also more storage used due system images usually needing more space than the the average lxc image (also depending on your settings you do not have thin provisioning)
- for each docker a dedicated lxc -> lxc's are controversial security wise, also require to run priviliedged and you need to edit some cgroup2 stuff in the lxc config -> extremely light on resources (basically 0 overhead). so you got your docker containers nice and seperate, also can control backup jobs nice and easy, can restore or rollback one single app at a time. this ofc also applies to the vm.
- all containers in a vm -> no need to 'clone your template vm' everytime you wanna host a new service (no brainer tho). you only got one ip address for all docker services, you gotta play with ports a lot here. if one docker might have a exploit and breaks out, all others are compromised. poterial system fuckup or reboot brings down all your docker containers. hard planning on resources like storage, the storage of you vm might not be enough in the future. but since it's in a vm, good seperation from the host os (proxmox)

i personally run a mixture of dedicated lxc and dedicated vm for each docker

One VM does not limit you to a single IP. Are you saying storage is hard for the base VM or the docker containers? For me these are separate things.
13:44:30
@james:jameskitt616.onejames
In reply to@chancem:mooreltd.net
One VM does not limit you to a single IP. Are you saying storage is hard for the base VM or the docker containers? For me these are separate things.

One VM does not limit you to a single IP

well true, you can assign as many IPs to a vm as you want. i meant to say, you can only use e.g. port 80 once on that machine, so you gotta rebind all your services web ui's, different databased or whatever to different ports

13:47:00
@james:jameskitt616.onejames

Are you saying storage is hard for the base VM or the docker containers?

for the base VM, e.g. you create a VM with 10 gb storage, but it's not enough. you got extra work expanding it.
at a lxc you just click "add x gb" and done.

13:48:09
@james:jameskitt616.onejamesif it's an issue for you or not is i a different story13:48:21
@james:jameskitt616.onejames
In reply to@chancem:mooreltd.net
One VM does not limit you to a single IP. Are you saying storage is hard for the base VM or the docker containers? For me these are separate things.
ofc storage and ip assignment are different things. never said sth else
13:48:52
@chancem:mooreltd.netchancem
In reply to @james:jameskitt616.one
ofc storage and ip assignment are different things. never said sth else
Right I meant storage for the Containers is separate from the host VM. Not storage vs IP.
13:50:45
@james:jameskitt616.onejamesah13:50:52
@james:jameskitt616.onejamesthe storage point also depends on your setup, if u got some centralized place e.g. network storage, it doesnt matter as much13:52:26
@chancem:mooreltd.netchancem
In reply to @james:jameskitt616.one

One VM does not limit you to a single IP

well true, you can assign as many IPs to a vm as you want. i meant to say, you can only use e.g. port 80 once on that machine, so you gotta rebind all your services web ui's, different databased or whatever to different ports

True, I prefer to not expose the containers directly but through a reverse proxy. Sorry not trying to be contrariwise just trying to help further discussion in the hope of helping out the original poster.
13:55:17
@oscar:prutt.partyOscar
In reply to @rails11326206827:matrix.org
For docker people, do you have a linux VM that runs and stores all docker containers? Or do you have multiple VMs (or maybe LXCs) and each one of those has a docker container inside?
I'm just running on bare metal, but using different network namespaces for different containers (some go to the generic services VLAN, some in IoT vlan...)
13:59:07
@rails11326206827:matrix.orgTremorThanks for the insight guys! Maybe I'll look into separating my "exposed" apps like gitea and jellyfin,emby to a their own LXC or VM as if they got hacked I don't want them to spread.14:35:40
@rails11326206827:matrix.orgTremorI was also thinking of using a SSD drive just as a storage drive for the docker containers data. In theory, I could make snapshots and backup that SSD easier than backing up a whole VM's disk each time14:36:58
@oscar:prutt.partyOscarif you don't put the exposed apps into their own networking namespace it doesn't matter if they are lxc or vm or containers in general, then they will be able to contact other parts of your network. I've divided my network into a bunch of small VLANs with strict firewall rules for forwarding between them, but also have the lazy vlan for my generic services which aren't exposed outside of my lan14:43:09
@fascinated:matrix.fascinated.cc@fascinated:matrix.fascinated.cc left the room.19:44:03
27 May 2023
@climate_1900:matrix.orgclimate_1900 joined the room.14:21:58
29 May 2023
@teak.dev:matrix.orgteak joined the room.13:54:59
30 May 2023
@bulletpal:matrix.synistanai.comVariant #507 joined the room.07:07:23
@david:jtl.visionDJetelina joined the room.12:19:04
31 May 2023
@flovie:matrix.orgFloVie joined the room.08:25:31
@oscar:prutt.partyOscar set a profile picture.11:54:15
@hdhog:matrix.hdhog.ruhdhog joined the room.19:10:05
@ifiguero:matrix.orgifiguero So I have share point/one drive storage to backup. Any chance anyone knows of a Linux tool thst allow to upload backup files using a Microsoft storage solution 23:30:02
1 Jun 2023
@hashborgir:mozilla.org🍄 HB|A+,Net+,Sec+,ECES,ITILv4,SSCP,MCP,MCSE|🌿rclone or duplicity maybe00:19:12
@megashinyserperior:matrix.orgmegashinyserperiorYep. Rcone or Rsync 00:19:35
@ifiguero:matrix.orgifigueroNevermind, it gives more errors than desirable. 01:14:09
@ruby:isincredibly.gayruby changed their profile picture.07:08:17
@ruby:isincredibly.gayruby changed their profile picture.07:34:39

There are no newer messages yet.


Back to Room ListRoom Version: 1