So I have rebuilt my Production rack with very little in terms of an actual software plan.
I host mostly docker contained services (Forgejo, Ghost Blog, OpenWebUI, Outline) and I was previously hosting each one in their own Ubuntu Server VM on Proxmox thus defeating the purpose.
So I was going to run a VM on each of these Thinkcentres that worked as a Kubernetes Cluster and then ran everything on that. But that also feels silly since these PCs are already Clustered through Proxmox 9.
I was thinking about using LXC but part of the point of the Kubernetes cluster was to learn a new skill that might be useful in my career and I don’t know how this will work with Cloudflared Tunnels which is my preferred means of exposing services to the internet.
I’m willing to take a class or follow a whole bunch of “how-to” videos, but I’m a little frazzled on my options. Any suggestions are welcome.
I just recently tried to setup k3s in proxmox LXC containers. I had to do everything again after I learned it was not possible to make this setup without comproimising security and isolation. Now I run kubernetes inside virtual machines in proxmox.
That’s what I was thinking too. Ijust feel better having another layer between the open web an my server
To setup kubernetes inside lxc you have to enable quite some capabilities inside host kernel and lxd containers that can be used to escalate privileges from beeing root in container to root in proxmox. Not completely sure but since even containerd containers share the same kernel, attacker might escalate directly from pod to proxmox host. But this last par I am not sure about.