Please set up Tailscale or a Wireguard VPN before you start forwarding ports on your router.
Your configuration as you have described it so far is setting yourself up for a world of hurt, in that you are going to be a target for hackers from literally the entire world.
There is a lot of complexity and overhead involved in either system. But, the benefits of containerizing and using Kubernetes allow you to standardize a lot of other things with your applications. With Kubernetes, you can standardize your central logging, network monitoring, and much more. And from the developers perspective, they usually don’t even want to deal with VMs. You can run something Docker Desktop or Rancher Desktop on the developer system and that allows them to dev against a real, compliant k8s distro. Kubernetes is also explicitly declarative, something that OpenStack was having trouble being.
So there are two swim lanes, as I see it: places that need to use VMs because they are using commercial software, which may or may not explicitly support OpenStack, and companies trying to support developers in which case the developers probably want a system that affords a faster path to production while meeting compliance requirements. OpenStack offered a path towards that later case, but Kubernetes came in and created an even better path.
PS: I didn’t really answer your question”capable” question though. Technically, you can run a kubernetes cluster on top of OpenStack, so by definition Kubernetes offers a subset of the capabilities of OpenStack. But, it encapsulates the best subset for deploying and managing modern applications. Go look at some demos of ArgoCD, for example. Go look at Cilium and Tetragon for network and workload monitoring. Look at what Grafana and Loki are doing for logging/monitoring/instrumentation.
Because OpenStack lets you deploy nearly anything (and believe me, I was slinging OVAs for anything back in the day) you will never get to that level of standardization of workloads that allows you to do those kind of things. By limiting what the platform can do, you can build really robust tooling around the things you need to do.
I used to be a certified OpenStack Administrator and I’ll say that K8s has eaten its lunch in many companies and in mindshare.
But if you do it, look at triple-o instead of installing from docs.
I wish I could fully endorse Escalidraw, but it only partially works in self-hosted mode. For a single user it’s fine, but not much works beyond that.
It’s like all the vegans vs the people that bitch about vegans.
Is there a cannonball sized hole in its chest where the sunlight comes through?
Yeah, I totally get that. I think that there is this insatiable desire for the upstart site to topple the previous site. On Digg we made fun of Usenet and Fark, on Reddit we made fun of Digg, on Lemmy people are always saying “fuck Spez”.
I think that people are worried that if Lemmy doesn’t keep growing (at Reddit’s expense), then it will collapse under its own weight. I hope the federated model works out. I could easily host a Lemmy or KBin instance on my homelab.
But yeah, the depressing truth is that as soon as someone invents a profit motive, it’s only a matter of time before it’s ruined.
Lemmy feels like the internet used to. Not about ads and algorithms, but just people interested in things asking questions and engaging naturally.
Realistically, yes. But it’s a phrase and it’s important that they start doing that first. Maybe it’s their intention to do it publicly.
Also, sure, but a Wireguard installation is going to be much more secure than a Nextcloud that you aren’t sure if it’s configured correctly. And Tailscale doubly so.