Rodrigo Gruber

Albeit restricted to only a few places worlwide compared to its peers in the cloud segment, I am yet to find another provider capable of delivering a score over 5000 (Geekbench) in a benchmark on a single CPU machine, and each machine costs $6 a month. For homelab and experienced users who don't need DBaaS or IaaC's, it's a pretty straightforward choice. A more comprehensive review of Vultr's HF machines can be found here.

Helm is a great tool overall, especially when we're talking about infrastructure in larger scale. That being said, this does not apply to a homelab setup, especially when required to create a few environments that don't really interact with each other nor have similar configurations. Most of the time Kustomization is more than capable of fulfilling this role as a more minimalistic approach to deployment configuration, while preserving older manifestos. It is a very useful tool on the belt of most SREs.

Tailscale is not only running Wireguard on background, which is faster, lighter and well maintained than OpenVPN's, it also improves connectivity options for no cost at all until enterprise levels of infrastructure. I highly recommend it. The company also received its Series A investment recently, so they're scaling up faster and being able to experiment with new, very interesting features is a part of the experience that has a negative note to me, but not this time.

• Tailscale has two unique features where I didn't seem to find anywhere else. First, it creates a network between devices that allows to call all of them by their hostname. This is important because of the second most important unique feature.
• It allows you to broadcast your VPN to a subnet providing acces to your Tailscale network in scenarios where this wouldn't be possible, since accessing the VPN would require it to be installed on some sort. This allows me to bypass and at the same time fix a lot of security issues.

All these changes would result in a diagram like this one

And that's even more important to my workflow, as the way I manage IAM and connect to each pod is through a central pod deployed to Kubernetes using this broadcast mode, whereas I only transmit to the subnet pods use. This allows me to call Kubernetes pods by their hostname outside the cluster without having to use any other tool, such as Telepresence, for example. As they have clients for all OSes's, I avoid exposing my cluster to the internet and enjoy Tailscale's capabilities of enhancing my infrastructure security and accessibility. (Disclaimer: I don't work for Tailscale nor know someone who does.)