This read more like an advert than a comment, and that is certainly the most loaded question I've ever seen in written English.
Giant centralized troves of personal data are a huge risk to everyone. Civilization pivots and mutates rapidly, and it's clear to nobody at any particular time which way it may lean next, or whether it will lean toward them or on top of them. If anyone had told you there'd be global mass beheadings of century-old statues 3 weeks ago, I suppose you'd have been laughing then too.
Unsurprisingly for a spec from Fastly & CloudFlare, the privacy offered is predicated on the existence of large centralized providers that due to their size cannot be blocked. One outcome of this design is that if you want to offer truly private service to an end user, you must have a relationship with one of these providers, otherwise your traffic, even if it implements the spec, becomes easily identifiable as its EKR config was served by some unique non-shared infrastructure.
In practical terms I guess it is reasonable, but viewed from the angle of how the Internet was originally intended to work, it is obviously abhorrent and self-serving.
Far from it. It's quite likely going to be over 5 years if not a decade before it would be possible to run a pure-HTTP3 service without risking connectivity problems
The problem is similar to the IPv6 transition, except thanks to the browser monopolies, it's possible at least for network providers to quickly feel significant pressure to fix their networks. But there will always be some networks that will never be fixed
edit: for those inexplicably downvoting this, please pay attention to the parent comment's question, and the Internet's long chequered history of adopting new protocols in any setting. TCP port 443 isn't going to magically disappear overnight, or indeed any time soon. This is evidently true because it has been true for all prior transitions. Mail still flows to many places unencrypted despite the standardization of STARTTLS 21 years ago. The long tail has only gotten much longer in those intervening 21 years.
> Now all those traffic shaping middle-boxes are worthless
No reasonable implementation of encrypted SNI has been proposed or standardized. Those middleboxes are still more than useful
AFAIK in QUIC there is some light obfuscation of the ClientHello, but it is not intended to be an anti-filtering measure, middleboxes can still fish out any presented name with a little bit of new code
The EU could build support for this 1000 different ways. They need only shake another GDPR-shaped stick that gently encourages business to buy local and the rest would be history. But they can't really do that yet, because there is no viable local market.
Look at Huawei to see how effective government bureaucracies can be when they decide to compete with efficient business.
This isn't the first route leading straight to satellites. I forget the name of the provider, but there is at least one big allocation where whatever you're sending to it is basically coming straight back down as radio.
Pretty hilarious, 32gb sodimms are only 150 GBP in the UK, Apple charging 200 for 16. Similarly, 2TB disk for 800 GBP, open market it's 219.
Some PC laptop vendor could do a whole TV campaign based around the idea of turtle-necked folk setting fire to money and smiling, because it makes them feel better, and that's really all that matters[.. right?]
Basically most of what runs on k8s, including most of the k8s control plane, lives in a container. So for the most part, the only material concern about the host machine and OS is what kernel it is running, because that may limit what kind of jobs you can run in the containers.
I don't understand all this angst. In a well run infrastructure, Kubernetes basically just boils down to a new config file to describe some proxy rewrite rules, and how much RAM your thing needs.
If you want to run VPS-sized pods full of untracked mutable state with their own ghetto logging / monitoring / deployment / configuration management baked in, nothing is stopping you, but by the time we're "maintaining production systems", and we discover that crumby little $5 VPS has been touched by 7 people over 2 years, nobody knows what is on it any more, turns out the default logrotate configuration was shredding audit logs, and nobody has a clue how to reinstall it without literally starting over, things start to look a little different.
- "I wish I had a list of all the jobs that were supposed to be on this VPS"
- "I wish I didn't have to setup random log archiving cronjobs for all these apps"
- "I wish I knew what directories I need to back up"
- "I wish I could split this one job off the VPS without having to rewrite and retest its config"
- "I wish I could run a separate deployment environment on the VPS without having to set up a whole new VPS"
- "I wish I could rotate this API key but I haven't a clue where it is stored or what is referencing it"
- "I wish I could give the intern access to deploy the web site without letting him also take a copy of the HR database"
- "I wish I could deploy this new job version and roll it back if I fuck things up"
- "I wish I could run this ancient proprietary tool that needs 32bit libs from Debian 0.4 without installing them globally and potentially bricking the whole VPS"
- "I wish I didn't have to go install and configure a bunch of monitoring plugins every time I deploy a new app"
You can set all that up by hand of course, after all it does represent years of fruitful low-intellect busywork for idle hands, or you can come up with your own self-assembled collection of third party tools to do it for you, investing the research, installation and configuration time that entails, and accepting the cost of having created an ad-hoc system only you understand, or you could simply pick one big framework that does it all at once and try to make it work.
The nice thing with the one-big-framework approach is that you also get a common language and operational model understood by thousands of people you can hire on the open market. They understand how your configs are laid out, they know how to discover mutable state and query the health of all your existing jobs. And by the time they leave the company, you can understand all that about the work they've done.
This is only addressing Kubernetes as an operational methodology. Containerization as an architectural style is an entirely different topic.
Managing self-installed k8s is a pain in the ass right now, but not much more than trying to manually install Linux without using e.g. the Ubuntu installer. Would that put you off using Linux?
Speaking as a daily Linux user since 1996, there are so many parts of the system I still don't understand, but it's not necessary for me to e.g. understand exactly how the font catalog and text rendering works to write a document. The same is true here.
There are quite a few companies in this space trying to improve the self-hosted experience, just give it some time
As for all the tools you supposedly need, the only one you actually need is kubectl, and it's more than enough to accomplish everything. New ecosystems always endure this abundance of "helpful tools" before consolidating on a few important choices.