That’s awesome.

Dude - you gotta get off the snap hate train for a bit.

Do you not understand the difference between “hey, run this rando shell script on the internet” and “hey, use this standardized installer which may run some shell scripts”?

I don’t give a shit about all the canonical hate. For me snap does what I want:

1. Installs things in a standardized way using a standard interface i can easily script with ansible
2. Provides a similarly standardized way of upgrading and uninstalling that can also be automated easily with ansible
3. Works “just fine”.
4. Edit - I’ll add in a fourth - creates a fucking binary I can run (no flatpak run something.something.something BS)

It’s not bash I’m criticizing. Do you understand that? Because stop reading if you don’t and go back through my list. I’ll wait.

So good - you get that bash isn’t the problem. It’s the bespoke unstructured installer/upgrader/unisntaller part that is bad. You could write your installer in C, Python, etc. and I’ll levy the same complaints. You want me to install your python app? It should be available through pypi and pip. Not some rando bespoke installer.

Ah - you have discovered my complaint.

That is precisely why I went with microk8s instead. I don’t install software from people who can’t be bothered to package their software using standard deployment tools which has been the correct way to distribute Linux software for decades.

You’ve made this about snap. Flatpak, rpm, deb, etc. all work too.

You’re welcome to make whatever bad decisions you like. I can manage snaps with standard tooling. I can install, update, remove them with simple ansible scripts in a standard way.

Bash installers are bad. End of.

Microk8s manages to install with a snap. I know that snap is “of the devil” around these parts but it’s still better than a custom bash script.

Custom bash scripts will always be worse than any alternative.

I really want to push back on the entire idea that it’s okay to distribute software via a curl | sh command. It’s a bad practice. I shouldn’t be reading 100’s of lines of shell script to see what sort of malarkey your installer is going to do to my system. This application creates an uninstall script. Neat. Many don’t.

Of the myriad ways to distribute Linux software (deb, rpm, snap, flatpak, AppImage) an unstructured shell script is by far the worst.

curl -sfL https://get.k3s.io/ | sh -

Never, ever install anything this way. The trend of “just run this shell script off the internet” is a menace. You don’t know what that script does, what repositories it may add, what it may install, whether somebody is typo-squatting the URL and you’re running something else, etc.

It’s just a bad idea. If you disagree then I have one question - how would you uninstall k3s after you ran that blackbox?

Yeah - I did come down a bit harder on helm charts than perhaps I intended - but starting out with them was a confusing mess for me. Especially since they all create a new ‘custom-to-this-thing’ config file for you to work with rather than ‘standard yml you can google’. The layer of indirection was very confusing when I was learning. Once I abandoned them and realized how simple a basic deployment in k8s really is then I was able to actually make progress.

I’ve deployed half a dozen or so services now and I still don’t think I’d bother with helm for any of it.

Yeah - k8s has a bit of a steep learning curve. I recentlyish make the conversion from “a bunch of docker-compose files” to microk8s myself. So here are some thoughts for you (in no particular order).

I would avoid helm like the plague. Everybody is going to recommend it to you but it just puts a wrapper on a wrapper and is MUCH more complicated than what you’re going to need because you’re not spinning up hundreds of similar-but-different services. Making things into templates adds a ton of complexity and overhead. It’s something for a vendor to do, not a home-gamer. And you’re going to need to understand the basics before you can create helm charts anyway.

The actual yml files you need are actually relatively simple compared to a helm chart that needs to be parameterized and support a bazillion features.

So yes - you’re going to create a handful of yml files and kubectl apply -f them. But - you can do that with Ansible if you want, or you can combine them into a single yml (separate sections with ----).

What I do is - for each service I create a directory. In it I have name_deployment.yml, name_service.yml, name_ingress.ymlandname_pvc.yml`. I just apply them when I change them, which isn’t frequent. Each application I deploy generally has its own namespace for all its resources. I’ll combine deployments into a NS if they’re closely related (e.g. prometheus and grafana are in the same NS).

Do yourself a favor and install kubens which lets you easily see and change your namespace globally. Gawd I hate having to type out my namespace for everything. 99% of the time when you can’t find a thing with kubectl get you’re not looking in the right namespace.

You’re going to need to sort out your storage situation. I use NFS for long-term storage for my pods and have microk8s configured to automatically create space on my NFS server when pods request a PV (persistent volume). You can also use local directories but that won’t cluster.

There are two basic types of “ingress” load balancing. “ClusterIp” means the cluster controller will act like a hostname-based router for HTTP. You can point your DNS entries at that server and it will route to your pods on their internal IP address based on the DNS name of the request. It’s easy to use and works very well - but it only works for HTTP traffic. The other is to use LoadBalancerIp that will give your pods an IP address on the network that you can connect to directly. The former only works for HTTP, the latter will let you use any ports (e.g. ssh for a forgejo instance).

“Good luck with that.”

I realize you’re inexperienced and excited, but this is truly no big deal. Port scans are quite common and aren’t even always malicious. You can use nmap to scan systems yourself - just to see what’s out there or to test if your firewalls are woking, etc.

You contacted Amazon over a port scan?

Many (most?) databases these days support some sort of full text search.

I don’t make the rules. If you’re on lemmy qnd nextcloud does exactly what you want you need to complain about it being “over engineered” or “bloated” because it does things you don’t need.

No, you have to complain about them. It’s the law.

Linus did 3 videos on “how to degoogle your life” and only 1 was taken down. That one told people how to circumvent YouTube’s platform and monetary system which violated the community guidelines.

It will stay up. Do you know how many YouTube videos there are badmouthing Google? They don’t care so long as you’re watching them.

Kids… You ever wonder how “rar” came about?

Usenet had limits on its text only post size as well.

Peers can connect to your subplebbit using any plebbit client, such as Plebchan or Seedit. They only need the subplebbit’s address, which is not stored in any central database, as plebbit is a pure peer-to-peer protocol.

Do I need a new plumbus or will my existing one work?

Uncompressed flac? That’s a shit ton of music…