the mastodon official docker images carry a lot of unnecessary attack surface, i’m working on creating a more minimal set of images for each of the services
for now these will be alpine based with apko (to build the images) and melange (to build mastodon itself), but will probably switch to $dayjob’s upstream distribution once it is released
the only thing i don't like about my current setup is that there are no managed kubernetes hosting services (other than GKE and EKS) that support IPv6, so i don't have horizontal pod autoscaling for my setup yet. instead i have some hacks i've made with linode stackscripts 🙃
which reminds me, i should open source my sidekiq load monitoring scripts (which allow kubernetes to autoscale sidekiq)
@ariadne melange is a spicy tool name
@ariadne I remember some news a few months ago that IPv6 support was added in EKS. Was it not?
@vwbusguy "other than GKE and EKS"
the problem with GKE and EKS is that you can go to sleep and wake up with a 8 figure bill
@ariadne My bad! I read it wrong. And you're absolutely right about that!
@ariadne I recently got our GKE bill down about 40% with some aggressive cleanup and instance type optimizations, which is a six-figure per year number. A little bit of laziness in implementation gets expensive fast at scale!
@ariadne It looks like LKE (Linode's managed version) now supports it: https://www.linode.com/blog/kubernetes/kubernetes-v1-21-1/
nah, it doesn't:
Please note ipv4/ipv6 dual-stack support is not currently available in the Linode Kubernetes Engine with the release of Kubernetes v1.21.1. This feature is under consideration with our product development team.
@ariadne Boo. I know it was at least added in k3s.
@ariadne please keep the Alpine builds available 😬🙏 
@RyuKurisu i don't really see why it matters 🙃
@ariadne what is your $dayjob's upstream distribution actually? 🤔
@RyuKurisu it will be released soon, it's alpine-like, but at the same time, not alpine-like 🙃
@ariadne I'll be very curious 
@RyuKurisu i think of it as "what if we did alpine, but knowing what we know now" basically
@ariadne that's why I dropped docker and went baremetal(vm)... could harden that better with my oldness.
@thegibson i almost have mastodon working without /bin/sh 🙃
@ariadne now that would be cool. :)
@thegibson @ariadne awesome indeed!
@ariadne i just spent a couple days getting my node up. The docs sucked!
this combined with knative will likely become the easiest way to deploy a secure fediverse node in the future