Hey! I have been using Ansible to deploy Dockers for a few services on my Raspberry Pi for a while now and it’s working great, but I want to learn MOAR and I need help…

Recently, I’ve been considering migrating to bare metal K3S for a few reasons:

  • To learn and actually practice K8S.
  • To have redundancy and to try HA.
  • My RPi are all already running on MicroOS, so it kind of make sense to me to try other SUSE stuff (?)
  • Maybe eventually being able to manage my two separated servers locations with a neat k3s + Tailscale setup!

Here is my problem: I don’t understand how things are supposed to be done. All the examples I find feel wrong. More specifically:

  • Am I really supposed to have a collection of small yaml files for everything, that I use with kubectl apply -f ?? It feels wrong and way too “by hand”! Is there a more scripted way to do it? Should I stay with everything in Ansible ??
  • I see little to no example on how to deploy the service containers I want (pihole, navidrome, etc.) to a cluster, unlike docker-compose examples that can be found everywhere. Am I looking for the wrong thing?
  • Even official doc seems broken. Am I really supposed to run many helm commands (some of them how just fails) and try and get ssl certs just to have Rancher and its dashboard ?!

I feel that having a K3S + Traefik + Longhorn + Rancher on MicroOS should be straightforward, but it’s really not.

It’s very much a noob question, but I really want to understand what I am doing wrong. I’m really looking for advice and especially configuration examples that I could try to copy, use and modify!

Thanks in advance,

Cheers!

  • atzanteol@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 day ago

    curl -sfL https://get.k3s.io/ | sh -

    Never, ever install anything this way. The trend of “just run this shell script off the internet” is a menace. You don’t know what that script does, what repositories it may add, what it may install, whether somebody is typo-squatting the URL and you’re running something else, etc.

    It’s just a bad idea. If you disagree then I have one question - how would you uninstall k3s after you ran that blackbox?

    • testgoofy@infosec.pub
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 day ago

      Yes, just running a random script from the internet is a very bad idea. You should also not copy and paste the command from above, since I’m only a random lemmy user. Nevertheless, if you trust k3s, and they promote this command on the official website (make sure it’s the official one) you can use it. As you want to install k3s, I’m going to assume you trust k3s.

      If you want to review the script, go for it. And you should, I agree. I for myself reviewed (or at least looked over it) when I used the script for myself.

      For the uninstallment: just follow the instructions on the official website and run /usr/local/bin/k3s-uninstall.sh source

      • atzanteol@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        23 hours ago

        I really want to push back on the entire idea that it’s okay to distribute software via a curl | sh command. It’s a bad practice. I shouldn’t be reading 100’s of lines of shell script to see what sort of malarkey your installer is going to do to my system. This application creates an uninstall script. Neat. Many don’t.

        Of the myriad ways to distribute Linux software (deb, rpm, snap, flatpak, AppImage) an unstructured shell script is by far the worst.

        • moonpiedumplings@programming.dev
          link
          fedilink
          English
          arrow-up
          1
          ·
          22 hours ago

          I think that distributing general software via curl | sh is pretty bad for all the reasons that curl sh is bad and frustrating.

          But I do make an exception for “platforms” and package managers. The question I ask myself is: “Does this software enable me to install more software from a variety of programming languages?”

          If the answer to that question is yes, which is is for k3s, then I think it’s an acceptable exception. curl | sh is okay for bootstrapping things like Nix on non Nix systems, because then you get a package manager to install various versions of tools that would normally try to get you to install themselves with curl | bash but then you can use Nix instead.

          K3s is pretty similar, because Kubernetes is a whole platform, with it’s own package manager (helm), and applications you can install. It’s especially difficult to get the latest versions of Kubernetes on stable release distros, as they don’t package it at all, so getting it from the developers is kinda the only way to get it installed.

          Relevant discussion on another thread: https://programming.dev/post/33626778/18025432

          One of my frustrations that I express in the linked discussion is that it’s “developers” who are making bash scripts to install. But k3s is not just developers, it’s made by Suse who has their own distro, OpenSuse, using OpenSuse tooling. It’s “packagers” making k3s and it’s install script, and that’s another reason why I find it more acceptable.

          • atzanteol@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            1
            ·
            15 hours ago

            Microk8s manages to install with a snap. I know that snap is “of the devil” around these parts but it’s still better than a custom bash script.

            Custom bash scripts will always be worse than any alternative.

            • moonpiedumplings@programming.dev
              link
              fedilink
              English
              arrow-up
              1
              ·
              15 hours ago

              I’ve tried snap, juju, and Canonical’s suite. They were uniquely frustrating and I’m not interested in interacting with them again.

              The future of installing system components like k3s on generic distros is probably systemd sysexts, which are extension images that can be overlayed onto a base system. It’s designed for immutable distros, but it can be used on any standard enough distro.

              There is a k3s sysext, but it’s still in the “bakery”. Plus sysext isn’t in stable release distros anyways.

              Until it’s out and stable, I’ll stick to the one time bash script to install Suse k3s.

              • atzanteol@sh.itjust.works
                link
                fedilink
                English
                arrow-up
                1
                ·
                15 hours ago

                You’re welcome to make whatever bad decisions you like. I can manage snaps with standard tooling. I can install, update, remove them with simple ansible scripts in a standard way.

                Bash installers are bad. End of.

                • moonpiedumplings@programming.dev
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  14 hours ago

                  Canonical’s snap use a proprietary backend, and comes at a risk of vendor lock in to their ecosystem.

                  The bash installer is fully open source.

                  You can make the bad decision of locking yourself into a closed ecosystem, but many sensible people recognize that snap is “of the devil” for a good reason.