And no one was surprised.

Reading the Docs, it seems like PodMan is the replacement for docker. You could try containerd/nerdctl, but podman is likely the best way for you. RHEL10 docs even say it supports the older docker config options

Oh, but it does. It helps soooo much. Something about the pinpoint pressure in just the right spot just hits so good… But you can’t just keep biting it forever, and generally the itch comes back again soon after.

Tailscale/headscale/wire guard is different from a normal vpn setup.

VPN: you tunnel into a remote network and all your connections flow through as if you’re on that remote network.

Tailscale: your devices each run the daemon and basically create a separate, encrypted, dedicated overlay network between them no matter where they are or what network they are on. You can make an exit node where network traffic can exit the overlay network to the local network for a specific cidr, but without that, you’re only devices on the network are the devices connected to the overlay. I can setup a set of severs to be on the Tailscale overlay and only on that network, and it will only serve data with the devices also on the overlay network, and they can be distributed anywhere without any crazy router configuration or port forwarding or NAT or whatever.

Honestly, that sounds like a keepalived replacement or equivalent. I went with keepalived because I’m also using the IP for the proxmox cluster itself so it had to be outside kube, but the idea is the same. If all you’re using the IP for is kube, go with kube-vip! But let us know how it works!

You’ll want to look into “keepalived” to setup a shared IP across all worker nodes in the cluster and either directly forward, or setup haproxy on each to do the forwarding from that keepalived IP to the ingresses.

I’m running 6 kube nodes (running Talos) running in a 3node proxmox cluster. Both haproxy and keepalived run on the 3 nodes to manage the IP and route traffic to the appropriate backend. Haproxy just allows me to migrate nodes and still have traffic hit an ingress kube node.

Keepalived manages which node is the active node and therefore listens to the IP based on backend communication and a simple local script to catch when nodes can’t serve traffic.

I’ve tried them all and in the last year or so, none of worked anymore. They fixed the glitch.