I Cannot SSH into My Server Anymore (and That's Fine)
4 months ago
- #DevOps
- #Containerization
- #Infrastructure
- The author decommissioned their expensive VPS (moana) and set up a more cost-effective successor (tinkerbell).
- Tinkerbell operates without SSH access, automating updates via container image pushes to a registry.
- The setup uses Fedora CoreOS, Ignition, Podman Quadlets, and Terraform for a container-centric, declarative, and low-maintenance approach.
- The author explored alternatives like Docker Compose, Ansible, and Kubernetes before settling on CoreOS for its immutable infrastructure benefits.
- Podman Quadlets and auto-updates were key in simplifying container orchestration and ensuring automatic updates.
- The final setup includes a reverse proxy (Caddy) and a static website container, with communication facilitated via a shared pod network.
- The author acknowledges the trade-offs of immutable infrastructure, such as redeploying for changes, but finds it manageable for their use case.
- Future plans include improving observability and possibly moving TLS certificates to block storage.