4 posts tagged with "kubernetes"

If you run Kubernetes and want a wildcard TLS cert from Let's Encrypt — say *.example.com — you need a DNS-01 challenge. HTTP-01 cannot prove control over a wildcard. That single fact rules out the easy path most tutorials show.

This post is what we actually run at Hostim.dev for our shared *.region.hostim.dev wildcard. We use cert-manager for per-app certs and a plain certbot Ansible playbook for the wildcard. Two different tools for two different jobs. We will explain why, then show the code for both.

Most small teams hit the same question at some point: should we move to Kubernetes? The honest answer for the majority of them is no, but that answer alone is not very helpful. So here is the longer version, with real prices and a clear line where the answer flips to yes.

When running Kubernetes on Hetzner Dedicated, there is no cloud load balancer. But you can provide public LoadBalancer IPs by attaching a routed IP range to a vSwitch and letting MetalLB announce addresses over L2.

Our setup:

• Calico (VXLAN + WireGuard)
• kube-proxy IPVS with strictARP
• ingress-nginx for ingress traffic

Building a PaaS as a solo founder means making choices. Some deliberate, some accidental, all of them tradeoffs.

Every tool comes with pros and cons, and the deciding factor is usually the most expensive resource of all: time.

If I can get the job done with something I already know, I'll take that path. I'll learn new tools when the project pays for it. Until then, it's all about moving forward with what works.

Here's how Hostim.dev is put together today – the stack that runs every app, database, and service behind the scenes.