Hello all! We’re starting a platform co-op that offers alternatives to big tech services. What are your thoughts on the following operating philosophy? (any other advice/recommendations is appreciated too)
Operating Philosophy
Choose the most boring option that meets business needs. This has several reasons:
- We’re providing services, not learning or playing.
- Boring works. They’re either battle tested or stupidly simple.
- Much easier to maintain and onboard.
- We’re not a FANG company; we should just do what everybody does and call it a day.
- Easier to debug.
- More portable if we ever need/want to switch VPSs.
Case study
Debian with Docker containers reverse proxied through NGINX
- Debian – very boring; not even Ubuntu
- Docker – boring. not even Podman, and certainly not Kuberneties
- NGINX – boring. most widely used reverse proxy by a long shot
Using Debian means that we will have very long term support, which means less downtime and easier maintanence . Also everything is available for Debian, whereas [obscure distro] won’t have a broad application support.
Docker has been the de-facto standard for a long time. It’s portable and has widespread application support, and it’s scalable. We don’t actually need swarms of instances running everywhere communicating with each other, so Kuberneties would be overkill. Docker allows us to have an instance running and create a second instance when upgrading to avoid downtime.
NGINX is extremely common. It’s battle tested, and it’s so widely deployed that if there’s a security vulnerability there will be many bigger fish to catch than us. Also most sysadmins will have experience with NGINX, so onboarding and maintaining will be easy.
k8s will be a given when your containerizations grow beyond whatever devops git magic you’re doing. I would reconsider that, and throw in something like argocd. The rest is just standard.
I guess this is a question of scale, ultimately.
Good point with raising, though
Without knowing more about your use case, seems fine I guess.
I see you are throwing security out the window by not running rootless containers via podman so when your application gets popped the attackers will have root access.
We’re not a FANG company; we should just do what everybody does and call it a day.
But everyone else is trying to be fang so you still need your hyperconverged infrastructure and geo redundant clusters.
Debian is good, but the point of containers is to deal with applications and hosts like cattle not pets so your underlying OS doesn’t matter. With Debian specifically you are several major versions behind current releases so you are missing performance gains if you don’t add extra repos, with that said Debian will backport security patches.
