jax

joined 1 year ago
[–] [email protected] 1 points 6 months ago

I should look into how to do that on my instance probably. Pictrs always seemed like a bit of a security nightmare.

[–] [email protected] 1 points 6 months ago (2 children)

I disabled Pictrs around the time of CSAM attacks and have yet to bother enabling it again

Uhh… what?? When did that happen? I thought pictrs was a requirement also…

[–] [email protected] 1 points 6 months ago (4 children)

Huh, do you have your lemmy config documented somewhere? I keep running into issues with it and I'm not sure which component exactly is failing, but it's annoying. I'm using this helm chart currently: ananace/lemmy It works, but I don't have pict-rs setup in HA either.

[–] [email protected] 1 points 6 months ago (6 children)

They store the secrets in a file? Gross. What a poor way of handling that. Pretty sure environment variables would be more secure. Especially in Kubernetes.

[–] [email protected] 2 points 6 months ago (8 children)

Yeah, I used to host a Matrix instance - could do that for this one too.

The issue is more about setting up the Kubernetes manifests and templating them. I usually use the chart's built-in postgres and redis config, though using an operator would make it more scalable for sure.

I'm using Authentik for auth, but I do also like Keycloak.

[–] [email protected] 1 points 6 months ago

I've seen that around, but I prefer to run my own services instead of relying on a ready-built system like that. I find they don't offer that much customization options usually.

[–] [email protected] 1 points 6 months ago* (last edited 6 months ago)

I think both of the ones I mentioned have docker-compose files, which I think I can convert with kompose convert? I guess from there I would follow your steps and then start parameterizing it once it's running properly.

Thanks! I think I'll start trying out PixelFed tomorrow.

[–] [email protected] 2 points 6 months ago (2 children)

That's actually super helpful! I haven't done much custom Helm chart-ing, and was kinda lost where to start. That really helps break the process down, and the tip about skipping state to start is very wise.

[–] [email protected] 1 points 6 months ago (6 children)

Yeah, that's the pain point - building and maintaining the charts.

Also, I know the charts likely wouldn't have to be super complex, but I'm used to working with Bitnami's charts that are massively complex - I just don't have the time to go that in-depth.

[–] [email protected] 1 points 6 months ago (1 children)

Oh, I know I could get them to run with enough work. I just don't have that much time to spend on initial implementation and upkeep of the charts.

I'm using FluxCD, which I believe can do deployments of plain Kubernetes manifests, but that still requires a decent amount of overhead to keep up to date.

 

cross-posted from: https://lemmy.cloudhub.social/post/347779

I am running a Kubernetes cluster for this domain, and I'm looking at more services to run (right now I have Mastodon and Lemmy).

I was considering WriteFreely and PixelFed, but they don't seem to have an easy solution for running on Kubernetes (WriteFreely doesn't even have a production-ready docker image).

Is anyone else running federated services in their lab? Do you run any of them on Kubernetes?