Hey! I have been using Ansible to deploy Dockers for a few services on my Raspberry Pi for a while now and it’s working great, but I want to learn MOAR and I need help…

Recently, I’ve been considering migrating to bare metal K3S for a few reasons:

  • To learn and actually practice K8S.
  • To have redundancy and to try HA.
  • My RPi are all already running on MicroOS, so it kind of make sense to me to try other SUSE stuff (?)
  • Maybe eventually being able to manage my two separated servers locations with a neat k3s + Tailscale setup!

Here is my problem: I don’t understand how things are supposed to be done. All the examples I find feel wrong. More specifically:

  • Am I really supposed to have a collection of small yaml files for everything, that I use with kubectl apply -f ?? It feels wrong and way too “by hand”! Is there a more scripted way to do it? Should I stay with everything in Ansible ??
  • I see little to no example on how to deploy the service containers I want (pihole, navidrome, etc.) to a cluster, unlike docker-compose examples that can be found everywhere. Am I looking for the wrong thing?
  • Even official doc seems broken. Am I really supposed to run many helm commands (some of them how just fails) and try and get ssl certs just to have Rancher and its dashboard ?!

I feel that having a K3S + Traefik + Longhorn + Rancher on MicroOS should be straightforward, but it’s really not.

It’s very much a noob question, but I really want to understand what I am doing wrong. I’m really looking for advice and especially configuration examples that I could try to copy, use and modify!

Thanks in advance,

Cheers!

  • atzanteol@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    2
    ·
    4 months ago

    Microk8s manages to install with a snap. I know that snap is “of the devil” around these parts but it’s still better than a custom bash script.

    Custom bash scripts will always be worse than any alternative.

    • moonpiedumplings@programming.dev
      link
      fedilink
      English
      arrow-up
      1
      ·
      4 months ago

      I’ve tried snap, juju, and Canonical’s suite. They were uniquely frustrating and I’m not interested in interacting with them again.

      The future of installing system components like k3s on generic distros is probably systemd sysexts, which are extension images that can be overlayed onto a base system. It’s designed for immutable distros, but it can be used on any standard enough distro.

      There is a k3s sysext, but it’s still in the “bakery”. Plus sysext isn’t in stable release distros anyways.

      Until it’s out and stable, I’ll stick to the one time bash script to install Suse k3s.

      • atzanteol@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        2
        ·
        4 months ago

        You’re welcome to make whatever bad decisions you like. I can manage snaps with standard tooling. I can install, update, remove them with simple ansible scripts in a standard way.

        Bash installers are bad. End of.

        • moonpiedumplings@programming.dev
          link
          fedilink
          English
          arrow-up
          1
          ·
          4 months ago

          Canonical’s snap use a proprietary backend, and comes at a risk of vendor lock in to their ecosystem.

          The bash installer is fully open source.

          You can make the bad decision of locking yourself into a closed ecosystem, but many sensible people recognize that snap is “of the devil” for a good reason.

              • atzanteol@sh.itjust.works
                link
                fedilink
                English
                arrow-up
                2
                ·
                4 months ago

                Ah - you have discovered my complaint.

                That is precisely why I went with microk8s instead. I don’t install software from people who can’t be bothered to package their software using standard deployment tools which has been the correct way to distribute Linux software for decades.

                • moonpiedumplings@programming.dev
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  4 months ago

                  So instead you decided to go with Canonical’s snap and it’s proprietary backend, a non standard deployment tool that was forced on the community.

                  Do you avoid all containers because they weren’t the standard way of deploying software for “decades” as well? (I know people that actually do do that though). And many of my issues about developers and vendoring, which I have mentioned in the other thread I linked earlier, apply to containers as well.

                  In fact, they also apply to snap as well, or even custom packages distributed by the developer. Arch packages are little more than shell scripts, Deb packages have pre/post hooks which run arbitrary bash or python code, rpm is similar. These “hooks” are almost always used for things like installing. It’s hypocritical to be against curl | bash but be for solutions like any form of packages distributed by the developers themselves, because all of the issues and problems with curl | bash apply to any form of non-distro distributed packages — including snaps.

                  You are are willing to criticize bash for not immediately knowing what it does to your machine, and I recognize those problems, but guess what snap is doing under the hood to install software: A bash script. Did you read that bash script before installing the microk8s snap? Did you read the 10s of others in the repo’s used for doing tertiary tasks that the snap installer also calls?

                  # Try to symlink /var/lib/calico so that the Calico CNI plugin picks up the mtu configuration.

                  The bash script used for installation doesn’t seem to be sandboxed, either, and it runs as root. I struggle to see any difference between this and a generic bash script used to install software.

                  Although, almost all package managers have commonly used pre/during/post install hooks, except for Nix/Guix, so it’s not really a valid criticism to put say, Deb on a pedestal, while dogging on other package managers for using arbitrary bash (also python gets used) hooks.

                  But back on topic, in addition to this, you can’t even verify that the bash script in the repo is the one you’re getting. Because the snap backend is proprietary. Snap is literally a bash installer, but worse in every way.

                  • atzanteol@sh.itjust.works
                    link
                    fedilink
                    English
                    arrow-up
                    2
                    ·
                    edit-2
                    4 months ago

                    Dude - you gotta get off the snap hate train for a bit.

                    Do you not understand the difference between “hey, run this rando shell script on the internet” and “hey, use this standardized installer which may run some shell scripts”?

                    I don’t give a shit about all the canonical hate. For me snap does what I want:

                    1. Installs things in a standardized way using a standard interface i can easily script with ansible
                    2. Provides a similarly standardized way of upgrading and uninstalling that can also be automated easily with ansible
                    3. Works “just fine”.
                    4. Edit - I’ll add in a fourth - creates a fucking binary I can run (no flatpak run something.something.something BS)

                    It’s not bash I’m criticizing. Do you understand that? Because stop reading if you don’t and go back through my list. I’ll wait.

                    So good - you get that bash isn’t the problem. It’s the bespoke unstructured installer/upgrader/unisntaller part that is bad. You could write your installer in C, Python, etc. and I’ll levy the same complaints. You want me to install your python app? It should be available through pypi and pip. Not some rando bespoke installer.