[Bratmon]

> Instead of configuring domain names that may not resolve, we can just directly inject the appropriate IP address(ess) into configuration files

Because now you've replaced one single point of failure configuration system with caching and TTLs (DNS) with a higher maintenance and much less widely supported one.

[bot403]

Not to mention losing load balancing and failover.

[throw0101a]

Failover can be done with something like keepalived. VRRP/CARP are a thing.

For LB you'll need something in front of your service to bounce connections around, which is replacing one point of failure (DNS) for another (HAproxy, IPVS). Though I guess you can run the LB stack on your app service servers.

[dzr0001]

And making TLS more difficult, especially for HA systems. Guess you would just need one cert for 127.0.0.1 for all local services.

[louwrentius]

Certs support ip addresses? However, /etc/hosts would solve the issue probably, unless I’m missing something

[flumpcakes]

What has /etc/hosts got to do with valid TLS certificates? I think that’s a non-sequitur.

[louwrentius]

You don't need to setup one cert for 127.0.0.1 as stated by the parent comment.