I'm curious about the best practices regarding VMs for development and production environments. Is it a good idea to have distinct VMs—essentially separate network interfaces—for the dev and prod setups? I've been looking at this guide: https://tailscale.com/kb/1147/cloud-gce, but I want to know if keeping them separate is truly necessary or just a precaution.
4 Answers
I think it's a must-have, especially if you have a few developers or teams involved. You definitely need that separation to prevent any cross-interference.
Having separate infrastructure for dev and prod is definitely the way to go. It ensures that the two environments don't interfere with each other, which is especially helpful for running pipelines and testing fixes without impacting production. Keeping them isolated reduces the risk of issues spilling over into the live environment.
Absolutely, full separation is essential. It's all about managing risk. If your dev environment starts hogging resources due to a bad process, it could take down production too. Always consider the potential impact of a compromise. What could go wrong and how bad would it be? Assess the risks carefully; you can’t eliminate them all, but understanding them is crucial.
I would recommend keeping dev and prod on separate VMs. While having distinct network interfaces isn't a must, enabling IP forwarding is key for routing between subnets. Using Tailscale makes managing encrypted traffic much easier too.
That's what I'm trying to figure out regarding the network setups.