I use one pod per app more or less. The reverse-proxy conf depends a bit on the specific app so that depends, but it will probably work for most by sharing a network and exposing the ports in the pods
Comment on Question about quadlets and kube play
sugar_in_your_tea@sh.itjust.works 5 weeks agoAwesome, thanks!
In terms of architecture, which is preferred:
- separate pod per “app” (e.g. NextCloud), but all one network
- separate pod and network per app
- everything in one pod
I’d like to have one gateway, Caddy, so my cert renewal and proxying are all in one place, and I’d like those proxy configs to look like http://<container>
I’d prefer my containers not be able to talk to each other unless I specifically allow it. The second option would get me that, but I think it would force me to expose ports for each app to the system.
TL; DR - Can I have a “Caddy” pod that can see exposed ports from other pods, but hide those ports from regular system users? If not, I’ll probably do the first option. I also want to be able to expose ports to the host on a per app basis if needed.
poVoq@slrpnk.net 5 weeks ago
Asparagus0098@sh.itjust.works 5 weeks ago
I ran a podman quadlet setup as a test some time ago. My setup was a little like this:
container_name:portorpod_name:port. This functionality is disabled in the default network by default.sugar_in_your_tea@sh.itjust.works 5 weeks ago
Awesome, that’s exactly what I want! I guess I missed where pods could be part of multiple networks.
I’m on podman 4.x, but I’m planning to upgrade the OS anyway soon, so it probably won’t be an issue.
Thanks, you’re a stud!