Reinventing the Cube
A look at the mainstream
According to some articles like:
one of the cheapest way to have Kubernetes running as a development environment is to have a single node . The described setup here accounts for about 13 dollars per week, that makes it a bit more than 50 dollars per month.
A nice way to reduce further costs is to keep it off when you're not using the setup. Such a configuration in a Stopped state would cost about 5 dollars per week, say around 20 dollars a week.
As a developer, I am not terribly focused on the minutiae of application containerization,
what I care the most is the overall business value of the project, and that is provided in the business layers of the application.
Sure, I can do Docker, I can do k8s crazy stuff, but the real value is in the application code, not in the tools. If the business core of the application does something useful, and provided it behaves well, then the application has a value,
You don't achieve value just by adding resources spending, quite the opposite I would say.
In a nutshell, I would argue that most things need to be in support of the business requirements of the application, not the other way round.
But let's say I have this golden piece of business logic that can be implemented in some clunky Java code, and I'm not that careful about spending, so I book 3 VPS from some german provider. In this case, since I am in Europe, I also have less concerns about GDPR, as eventually local customer data does not cross the borders.
And that is, I book 3 VPS, all with about 8G RAM and about 200G disks for about 15 dollars/month.
I am extremely wasteful here, I use the first machine with git and make an ugly build server out of it, with plenty of space for archiving older versions and logs.
The second one I use it to install a database, someone says Postgres or MySQL, InfluxDb, or it could be or a single node of Cassandra (it's a dev cluster, remember?)
The third one I use to run the application, and since I don't trust developers to do security well, I place a load balancer (HaProxy) in front of the application and do TLS termination on that. I shut every port closed apart from the HaProxy traffic intake, this way the HaProxy behaves like a real Web Application Firewall (WAF).
This means that clients from the web will enter from the network and land on the balancer, and will negotiate authentication with it, speaking TLS, possibly locking everything down with client certificates, and the business code doesn't need to do very much about it.
Also certificates renew is something independent from the application, and since it is a solved problem, I don't need to deal with it all the time, be it one single application or thousands: this is the very idea of scaling.
At the back of the load balancer, I will have 2 instances of my application with an Active-Passive setup, so that I am able to deploy new versions of my application without impacting Availability of the product.
What does future look like
If I'm successfull I will add new nodes as HaProxy backends, balanced in round-robin or by load. When I move the backends out of the main machine, I will probably have to encrypt the traffic between the nodes with TLS and a self-signed certificates.
I don't expect success to happen overnight, so auto-scaling is not really a thing, therefore in case I think N instances are not really going to cope with the traffic, maybe I can afford risking 6 dollars/month on having up an extra (N+1)th instance.
But I am digressing here, because we were saying: this 3-machine wasteful setup is up all the time, and costs me roughly 15 dollars/month, while the kubernetes single-node would cost about 50 dollars/month, while if you remember to off everything before going to vacation, it will only cost you 20 dollars/month.
I would not even stress enough that if, by any chance this becomes something slightly more than a development setup, you're really not going anywhere with a single kubernetes node.
I hope you get a picture, at this point: complexity comes at a cost, and don't let it come as a surprise for you.
Whatever you choose, just be intentional, do it because it's really what fits you, not because "everyone says it's cheaper, then it must be".
If you are interested in more details about the 'on premise' solution described above, you can always:
Keywords: [ backend ] [ git ] [ certificate ] [ security ] [ java ] [ gdpr ] [ cassandra ]