pax_global_header 0000666 0000000 0000000 00000000064 14205470144 0014513 g ustar 00root root 0000000 0000000 52 comment=abf1b6d638bb9f8b372567e4cceb02c80bc62608 website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/ 0000775 0000000 0000000 00000000000 14205470144 0020316 5 ustar 00root root 0000000 0000000 website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/.dockerignore 0000664 0000000 0000000 00000000004 14205470144 0022764 0 ustar 00root root 0000000 0000000 .git website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/.gitignore 0000664 0000000 0000000 00000000021 14205470144 0022277 0 ustar 00root root 0000000 0000000 .DS_Store public/ website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/.gitlab-ci.yml 0000664 0000000 0000000 00000000317 14205470144 0022753 0 ustar 00root root 0000000 0000000 variables: BUCKET: k8s-libre-sh stages: - build - deploy include: - project: 'libre.sh/pipelines' file: '/hugo_build.yml' - project: 'libre.sh/pipelines' file: '/mirror_folder_to_s3.yml' website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/.gitmodules 0000664 0000000 0000000 00000000172 14205470144 0022473 0 ustar 00root root 0000000 0000000 [submodule "hugo-theme-learn"] path = themes/hugo-theme-learn url = https://github.com/matcornic/hugo-theme-learn.git website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/LICENSE.md 0000664 0000000 0000000 00000014402 14205470144 0021723 0 ustar 00root root 0000000 0000000 CC0 1.0 Universal Statement of Purpose The laws of most jurisdictions throughout the world automatically confer exclusive Copyright and Related Rights (defined below) upon the creator and subsequent owner(s) (each and all, an "owner") of an original work of authorship and/or a database (each, a "Work"). Certain owners wish to permanently relinquish those rights to a Work for the purpose of contributing to a commons of creative, cultural and scientific works ("Commons") that the public can reliably and without fear of later claims of infringement build upon, modify, incorporate in other works, reuse and redistribute as freely as possible in any form whatsoever and for any purposes, including without limitation commercial purposes. These owners may contribute to the Commons to promote the ideal of a free culture and the further production of creative, cultural and scientific works, or to gain reputation or greater distribution for their Work in part through the use and efforts of others. For these and/or other purposes and motivations, and without any expectation of additional consideration or compensation, the person associating CC0 with a Work (the "Affirmer"), to the extent that he or she is an owner of Copyright and Related Rights in the Work, voluntarily elects to apply CC0 to the Work and publicly distribute the Work under its terms, with knowledge of his or her Copyright and Related Rights in the Work and the meaning and intended legal effect of CC0 on those rights. 1. Copyright and Related Rights. A Work made available under CC0 may be protected by copyright and related or neighboring rights ("Copyright and Related Rights"). Copyright and Related Rights include, but are not limited to, the following: the right to reproduce, adapt, distribute, perform, display, communicate, and translate a Work; moral rights retained by the original author(s) and/or performer(s); publicity and privacy rights pertaining to a person's image or likeness depicted in a Work; rights protecting against unfair competition in regards to a Work, subject to the limitations in paragraph 4(a), below; rights protecting the extraction, dissemination, use and reuse of data in a Work; database rights (such as those arising under Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, and under any national implementation thereof, including any amended or successor version of such directive); and other similar, equivalent or corresponding rights throughout the world based on applicable law or treaty, and any national implementations thereof. 2. Waiver. To the greatest extent permitted by, but not in contravention of, applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and unconditionally waives, abandons, and surrenders all of Affirmer's Copyright and Related Rights and associated claims and causes of action, whether now known or unknown (including existing as well as future claims and causes of action), in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each member of the public at large and to the detriment of Affirmer's heirs and successors, fully intending that such Waiver shall not be subject to revocation, rescission, cancellation, termination, or any other legal or equitable action to disrupt the quiet enjoyment of the Work by the public as contemplated by Affirmer's express Statement of Purpose. 3. Public License Fallback. Should any part of the Waiver for any reason be judged legally invalid or ineffective under applicable law, then the Waiver shall be preserved to the maximum extent permitted taking into account Affirmer's express Statement of Purpose. In addition, to the extent the Waiver is so judged Affirmer hereby grants to each affected person a royalty-free, non transferable, non sublicensable, non exclusive, irrevocable and unconditional license to exercise Affirmer's Copyright and Related Rights in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "License"). The License shall be deemed effective as of the date CC0 was applied by Affirmer to the Work. Should any part of the License for any reason be judged legally invalid or ineffective under applicable law, such partial invalidity or ineffectiveness shall not invalidate the remainder of the License, and in such case Affirmer hereby affirms that he or she will not (i) exercise any of his or her remaining Copyright and Related Rights in the Work or (ii) assert any associated claims and causes of action with respect to the Work, in either case contrary to Affirmer's express Statement of Purpose. 4. Limitations and Disclaimers. No trademark or patent rights held by Affirmer are waived, abandoned, surrendered, licensed or otherwise affected by this document. Affirmer offers the Work as-is and makes no representations or warranties of any kind concerning the Work, express, implied, statutory or otherwise, including without limitation warranties of title, merchantability, fitness for a particular purpose, non infringement, or the absence of latent or other defects, accuracy, or the present or absence of errors, whether or not discoverable, all to the greatest extent permissible under applicable law. Affirmer disclaims responsibility for clearing rights of other persons that may apply to the Work or any use thereof, including without limitation any person's Copyright and Related Rights in the Work. Further, Affirmer disclaims responsibility for obtaining any necessary consents, permissions or other rights required for any use of the Work. Affirmer understands and acknowledges that Creative Commons is not a party to this document and has no duty or obligation with respect to this CC0 or use of the Work. website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/README.md 0000664 0000000 0000000 00000000072 14205470144 0021574 0 ustar 00root root 0000000 0000000 # website The website of the kubernetes.libre.sh project. website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/archetypes/ 0000775 0000000 0000000 00000000000 14205470144 0022465 5 ustar 00root root 0000000 0000000 website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/archetypes/default.md 0000664 0000000 0000000 00000000124 14205470144 0024430 0 ustar 00root root 0000000 0000000 --- title: "{{ replace .Name "-" " " | title }}" date: {{ .Date }} draft: true --- website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/config.toml 0000664 0000000 0000000 00000002313 14205470144 0022457 0 ustar 00root root 0000000 0000000 baseURL = "https://k8s.libre.sh/" languageCode = "en-us" title = "libre.sh - Kubernetes the libre way." theme = "hugo-theme-learn" # For search functionality [outputs] home = [ "HTML", "RSS", "JSON"] [[menu.shortcuts]] name = " Contribute" url = "/contribute/" weight = 10 [[menu.shortcuts]] name = " Forum" url = "https://talk.libreho.st/c/libre-sh" weight = 11 [[menu.shortcuts]] name = " Rocketchat Channel" url = "https://chat.liiib.re/channel/libre.sh-fr" weight = 20 [[menu.shortcuts]] name = " Sponsor" url = "https://opencollective.com/libresh" weight = 28 [[menu.shortcuts]] name = " Free training" url = "/training/" weight = 25 [[menu.shortcuts]] name = " Roadmap" url = "/roadmap/" weight = 26 [[menu.shortcuts]] name = " License" url = "/License/" weight = 28 [[menu.shortcuts]] name = " Credits" url = "/credits/" weight = 30 [params] editURL = "https://lab.libreho.st/libre.sh/kubernetes/website/tree/master/content/" themeVariant = "blue" website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/content/ 0000775 0000000 0000000 00000000000 14205470144 0021770 5 ustar 00root root 0000000 0000000 website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/content/Comparison/ 0000775 0000000 0000000 00000000000 14205470144 0024102 5 ustar 00root root 0000000 0000000 website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/content/Comparison/_index.md 0000664 0000000 0000000 00000000157 14205470144 0025675 0 ustar 00root root 0000000 0000000 --- title: Comparison to pre: "5. " weight: 5 --- - yunohost - cloudron - freedombox - libre.sh v1 website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/content/FurtherReading/ 0000775 0000000 0000000 00000000000 14205470144 0024701 5 ustar 00root root 0000000 0000000 website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/content/FurtherReading/_index.md 0000664 0000000 0000000 00000002743 14205470144 0026477 0 ustar 00root root 0000000 0000000 --- title: Further reading pre: "6. " weight: 6 --- - [The Illustrated Children's Guide to Kubernetes](https://www.youtube.com/watch?v=4ht22ReBjno) - a nice getting started - [Julia Evan's blog](https://jvns.ca/categories/kubernetes/) - a great resource to understand internals of kubernetes - [Know Kubernetes — Pictorially](https://medium.com/tarkalabs/know-kubernetes-pictorially-f6e6a0052dd0) A nicely illustrated post about how kubernetes runs! - [Kubernetes clusters for the hobbyist](https://github.com/hobby-kube/guide/) - a nice set of resources to deploy kubernetes - [CoreOS cluster OSI model](https://coreos.com/blog/cluster-osi-model.html) - one of the really inspiring article that started to make me dreaming - [Kubernetes Resource Management](https://docs.google.com/document/d/1RmHXdLhNbyOWPW_AtnnowaRfGejw-qlKQIuLKQWlwzs/edit#heading=h.sa6p0aye4ide) - a beautiful, almost academic paper - on how to run a distributed cluster that is in reallity kubernetes ;) - [Airbnb synapse - Registration Discovery pattern](https://airbnb.io/projects/synapse/) - Discovery/Registration pattern - [Kubernetes The hard way](https://github.com/kelseyhightower/kubernetes-the-hard-way) - a deep dive on what is needed to build a kubernetes cluster - this would help you understand the deep internals - [Kubernetes the not so hard way with ansible](https://www.tauceti.blog/post/kubernetes-the-not-so-hard-way-with-ansible-the-basics/) - a alternative to the previous link - wiht ansible website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/content/GettingStarted/ 0000775 0000000 0000000 00000000000 14205470144 0024720 5 ustar 00root root 0000000 0000000 website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/content/GettingStarted/Layers/ 0000775 0000000 0000000 00000000000 14205470144 0026157 5 ustar 00root root 0000000 0000000 website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/content/GettingStarted/Layers/_index.md 0000664 0000000 0000000 00000004367 14205470144 0027761 0 ustar 00root root 0000000 0000000 --- title: "Layers" --- ## Layer 0 - infra Create 9 machines on your favorite place. We'll not details the steps here. We use hetzner cloud. Deploy a debian or ubuntu or your favorite distrib. ## Layer 1 - network Then we need to prepare the Network: ### wireguard In term of network topology, we'll use 3 networks, all secured by wireguard: - management - Ceph backend - Kubernetes overlay Management will be used by kubernetes and ceph components. The ceph backend will be used for data heavy part of ceph. And the overlay to allow services running on top of kubernetes to discuss together. In this step, we'll only install the 2 first one. The overlay will be installed later. ## Layer 2 - kubespray Use [kubespray](https://github.com/kubernetes-sigs/kubespray) to deploy your components. It is a set of ansible roles to deploy an HA kubernetes cluster. Or deploy them by hand. We currently use kubespray, but think of not using it for the next iteration. We personnaly use the following: - containerd - It is the container runtime. Nowadays, the industry is moving from Docker to containerd, so do we. - kubeadm - It is developed upstream under kubernetes namespace. It is aimed at becoming the defacto installation tool for kubernetes. - canal with wireguard - it is the Kubernetes overlay network. - nginx-ingress - cert-manager ## Layer 3 - storage Storage with [ceph](https://codimd.indie.host/GoflbbtqT5uTgiZJOJoCKg?both) (Or [rook](https://rook.io/) if you are bold ;), it is almost production ready) ## Layer 4 - backing services This term is a reference to [12 factor app](https://12factor.net/), and it is not a coincidence! (If you don't know it, get there and read it!) This is our curated list of operators: - [Postgres operator](https://github.com/zalando/postgres-operator) - [Redis operator](https://github.com/spotahome/redis-operator) - [Stash](https://github.com/appscode/stash/) for backups/restore ## Layer 5 - upstream operators ## Layer 6 - libre.sh operator ## Layer 7 - web UI UI to let people self serve. The status of this is clearly [vaporware](https://en.wikipedia.org/wiki/Vaporware), but we hope to release an alpha by begining of 2021 (Except if you have skills and want to work on it already, this would be amazing ;) ). website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/content/GettingStarted/_index.md 0000664 0000000 0000000 00000002017 14205470144 0026510 0 ustar 00root root 0000000 0000000 --- title: "Getting started" pre: "3. " weight: 3 --- ## A layered and modular architecture Hopefully this becomes a Quickstart ;) (The idea is to build [a terraform template](https://github.com/libresh/kubespray/issues/1) with kubespray to automate this part) This is what we'll deploy: The reference architecture needs 9 machines: - 3 masters - 3 ingresses - 3 compute Masters are used to coordinate the cluster. They store the state in etcd. They make sure nodes are healthy. They schedule work on the nodes. They are the brain of your cluster. If they are down, the three of them, your workload still functions properly, but you couldn't change the state of you cluster. Ingresses are where https is terminated. They need to also be highly available. Depending on your hardware setup, you have to find a way to balance traffic. You could use MettalLB for instance. On Hetzner VMs, we use floating IPs. Compute nodes are where your workload is running. This is where your databases and application servers will run. website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/content/KubernetesOperators/ 0000775 0000000 0000000 00000000000 14205470144 0025776 5 ustar 00root root 0000000 0000000 website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/content/KubernetesOperators/BackingServices/ 0000775 0000000 0000000 00000000000 14205470144 0031040 5 ustar 00root root 0000000 0000000 _index.md 0000664 0000000 0000000 00000002355 14205470144 0032556 0 ustar 00root root 0000000 0000000 website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/content/KubernetesOperators/BackingServices --- title: Backing services weight: 1 --- [Backing services](https://12factor.net/backing-services) are necessary to any web application you deploy. In our example, we'll need a prostgres database. So, we'll need to deploy a postgres database on kubernetes. For that we'll use an operator. There are currently [around 5 different postgres operators](https://github.com/operator-framework/awesome-operators). Libre.sh curated one for you, the one developped by [Zalando](https://github.com/zalando/postgres-operator). Once you have [the operator running](https://github.com/zalando/postgres-operator/blob/master/docs/quickstart.md) in your cluster, we can deploy a postgres instance. With the kubernetes API that is declarative, this is how you'd do: ``` cat << EOF | kubectl apply -f - apiVersion: "acid.zalan.do/v1" kind: postgresql metadata: name: nextcloud-postgres namespace: fight-marketing spec: teamId: "nextcloud" volume: size: 1Gi numberOfInstances: 2 users: nextcloud: # database owner - superuser - createdb databases: nextcloud: nextcloud # dbname: owner postgresql: version: "11" EOF ``` After some minutes, you get a highly available Postgres cluster running. Nice right? Now let's deploy Nextcloud. website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/content/KubernetesOperators/LibreshOperator/ 0000775 0000000 0000000 00000000000 14205470144 0031102 5 ustar 00root root 0000000 0000000 _index.md 0000664 0000000 0000000 00000002205 14205470144 0032612 0 ustar 00root root 0000000 0000000 website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/content/KubernetesOperators/LibreshOperator --- title: Libre.sh operator weight: 20 --- As explained at the begining, libre.sh is a distribution where services are curated and integrated together. We assume that you use the zalando postgres operator. We also know the domain name from the annotation in the namespace. So then we can build a libre.sh Nextcloud operator (still to be built). And deploying a Nextcloud instance would look like this: ``` cat << EOF | kubectl -f - apiVersion: "nextcloud.libre.sh/v1" kind: cloud metadata: name: fight-marketing namespace: fight-marketing EOF ``` Or put differently: ``` curl https://yourkubernetes.cluster/nextcloud.libre.sh/v1/cloud/ -k -H "Content-Type: application/json" -XPOST -d ' { "apiVersion": "nextcloud.libre.sh/v1", "kind": "cloud", "metadata": { "name": "fight-marketing", "namespace": "fight-marketing", } }' ``` And yes, you can use an OpenIdConnect provider with RuleBasedAccessControl in front of the kubernetes api if you see where we are going ;) You could also imagine adding a spec, like `size: L`, and it would translate into a price and cpu and memory request for the different components. website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/content/KubernetesOperators/UpstreamOperator/ 0000775 0000000 0000000 00000000000 14205470144 0031312 5 ustar 00root root 0000000 0000000 _index.md 0000664 0000000 0000000 00000003540 14205470144 0033025 0 ustar 00root root 0000000 0000000 website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/content/KubernetesOperators/UpstreamOperator --- title: Upstream operator weight: 10 --- Now that Postgres is running, we can deploy our Nextcloud. But first we need to deploy the nextcloud upstream operator. This operator is low level because it would need every information about the backing services. It is a nice building block for projects like libre.sh. Here is the version alpha we are developing. The goal is to move its development upstream. We think that this belongs to Nextcloud community to own this. And we'll help bootstrap that. The same way we did with [some](https://github.com/RocketChat/Docker.Official.Image/commit/a951f488fb2a633fc89ad3048eb451aa05dc90ee) [official](https://github.com/nextcloud/docker/commit/8fa384bcd6619b9c19c5efbcdf7248d803e43727) [docker](https://github.com/matomo-org/docker/commit/e6538b90a4c7e7e3d6423d1e4740e674ee42eede) [images](https://github.com/idno/Known-Docker/commit/394e91c21d33914899dd2b0b211be2d7fe4e1837). Here is how the Nextcloud instance object would look like: ``` cat << EOF | kubectl apply -f - apiVersion: "nextcloud.com/v1" kind: nextcloud metadata: name: cloud namespace: fight-marketing spec: postgress: endpoint: nextcloud-postgres secret: nextcloud-postgres-secret volume: size: 1Gi numberOfInstances: 2 domainNames: - fight.marketing EOF ``` After some minutes, you'd get an up and running Nextcloud instance. Behind the scenes, it would have provisionned the following: - the deployment with 2 pods with a php container with Nextcloud code - a cron job - a web container to serve static assets - an ingress with a Let's Encrypt certificate - installed Nextcloud Upstream operators are already nice you'd say. But keep in mind that we are discussing about 7 backing services. So for each Nextcloud instance, you'd need to do the plumbing manually of each backing service manually. Let's go now to the libre.sh operator. website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/content/KubernetesOperators/WrapUp/ 0000775 0000000 0000000 00000000000 14205470144 0027214 5 ustar 00root root 0000000 0000000 website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/content/KubernetesOperators/WrapUp/_index.md 0000664 0000000 0000000 00000001031 14205470144 0030777 0 ustar 00root root 0000000 0000000 --- title: Wrap Up weight: 100 --- This concept of upstream and libre.sh operators enables us to build nice and reusable code upstream and also have a really tailored operator for our libre.sh needs. Once the 2 levels are built, it is not difficult to add a UI on top of it. You might also be frustrated by this need of 2 level operators, there must be a better solution for it. We do think so too, but it is a [long term goal that we have to work with the kubernetes community](https://github.com/kubernetes/enhancements/issues/706). website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/content/KubernetesOperators/_index.md 0000664 0000000 0000000 00000000430 14205470144 0027563 0 ustar 00root root 0000000 0000000 --- title: Kubernetes Operators pre: "2. " weight: 2 --- For a more in depth view of what is kubernetes or what are operators, you should read the [why kubernetes](/whykubernetes/). But first let's move on with our example to start to get a taste of what is our solution. website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/content/ProblemToSolve/ 0000775 0000000 0000000 00000000000 14205470144 0024704 5 ustar 00root root 0000000 0000000 website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/content/ProblemToSolve/IndieHostersTale/ 0000775 0000000 0000000 00000000000 14205470144 0030112 5 ustar 00root root 0000000 0000000 website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/content/ProblemToSolve/IndieHostersTale/_index.md 0000664 0000000 0000000 00000002156 14205470144 0031706 0 ustar 00root root 0000000 0000000 --- title: IndieHosters tale weight: 1 --- ## Once upon a time in Lisboa a young guy started to host WordPresses for his friends on a Raspberry. Then he teamed with a new friend to create IndieHosters. This project was about hosting free software for people. Little by little, they gained popularity and bigger and bigger organisations trusted them to host their software. There was some up and some down about how to pay the rent with this service. A new team member came along. And eventually, they finally managed to secure a bigger client and some nice smaller one. The rent was mostly paid. At this point, they realized that hosting for people is just not profitable at all, or they would need some volume. If they were capitalistic and rational, IndieHosters would have stopped hosting for the people and focused on the bigger clients. Some people say that startups start B2C and end up doing B2B, it is just plain easier. But IndieHosters was not a startup and the tale didn't end up like this. We think that this tale is what most small free software hosters are experiencing. We want to change this, and here it is how: website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/content/ProblemToSolve/TheExample/ 0000775 0000000 0000000 00000000000 14205470144 0026740 5 ustar 00root root 0000000 0000000 website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/content/ProblemToSolve/TheExample/_index.md 0000664 0000000 0000000 00000002043 14205470144 0030527 0 ustar 00root root 0000000 0000000 --- title: Nextcloud example weight: 3 --- Heard about [Nextcloud](https://nextcloud.com/)? Let's say that we want to deploy a Nextcloud instance for a nice association fighting marketing. Before deploying the Nextcloud, we'll need to list the backing services that would be necessary: - postgres database - redis cache - smtp relay to send email notifications - S3 compatible API for object store - OpenIdConnect provider for Single Sign On - libre office online This is to deploy a reliable and scalable Nextcloud instance. For the sake of simplicity, let's say that we just need Postgres. But keep in mind, that we have the other backing services too, and that we can use the same paradigms. We'll assume for the rest of the example that you already got a kubernetes cluster running. The domain name of the association is `fight.marketing`. You already created a namespace `fight-marketing` and added the annotation `domain-name: fight.marketing`. Let's now see how we solve our problem with the [kubernetes operators](/kubernetesoperators/). website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/content/ProblemToSolve/_index.md 0000664 0000000 0000000 00000001125 14205470144 0026473 0 ustar 00root root 0000000 0000000 --- title: Problem to solve pre: "1. " weight: 1 --- What is the problem to solve? It is always a great question to ask before starting a project. For libre.sh, since version 1, the problem to solve is the same, How do we : - host free software at scale? - make it cheaper in term of admin time? - improve reliability of our platform? - share our SysAdmin recipes? These are the questions we think we found answers in 2 words, [kubernetes](/whykubernetes/) operators. Let's detail what we envision about operators and why it is so great. But first, let's start with a little tale. website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/content/WhyKubernetes/ 0000775 0000000 0000000 00000000000 14205470144 0024567 5 ustar 00root root 0000000 0000000 website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/content/WhyKubernetes/Misc/ 0000775 0000000 0000000 00000000000 14205470144 0025462 5 ustar 00root root 0000000 0000000 website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/content/WhyKubernetes/Misc/_index.md 0000664 0000000 0000000 00000010047 14205470144 0027254 0 ustar 00root root 0000000 0000000 --- title: Misc weight: 2 --- ## Strengths of kubernetes Industry is moving to kubernetes, so we benefit from the best engineers developing the most amazing platform. We are living the same revolution as when industry moved from hardware to VM. Now we are moving from VMs to containers. The platform is highly available by design and also highly scalable. It can also run on a single host if you want. ## The green argument Another argument for using an orchestration platform like kubernetes is resource consumption. Once you run on a datacenter with green energy and use second hand hardware, what can you do to move further? You have to use more each cpu. Compared to classic virtualisation, you can put a lot more services with kubernetes. A VM gets a cpu and memory allocated whereas containers can grow dynamically (you can also reserve resources for critical workload). And because of this reason, kubernetes is greener than classic virtualisation. ## Complexity Kubernetes is made to [manage thousands of VMs and hundred of thousands of pods](https://docs.openshift.com/container-platform/4.2/scalability_and_performance/planning-your-environment-according-to-object-limits.html). At this scale, the underlying platform has to be somewhat complex. But once you understand kubernetes, you realize that it is actually beautifully simple inside. Everythings relies on the registration discovery pattern. Here is how to schedule a pod on a node for instance: - from cli, you execute `kubectl run --image=nginx nginx-app` to start an nginx pod - your cli goes to the API to make this POST request - the API registers in the central database that a pod has to run with this image - the scheduler discovers that a pod has to run and doesn't run yet - the scheduler finds an appropirate node to run the pod and registers it in the database - the node discovers that it has to run a pod and doesn't run yet - the node starts the pod and write back the status of the pod in the database - from your cli, you get the status of the pod Go to [Julia Evan's blog](https://jvns.ca/categories/kubernetes/) to discover more, it is amazing content ;) As you see, it is pretty simple, and that's why it is reliable, even at the google scale. In term of network, it is also complex, as you have to span an overlay network between different host and give an IP address to each pod. It is a complex problem to solve, but some smarter people already solved it, so we can rely on such solutions. ## Security Security depends a lot on your threat modeling. It is a fact that containers are less secured than VMs. But then it depends on what kind of isolation you need. If you want to run free software for people, we think that containers are more than secure enough. We know which code runs on our hardware, and we don't think we need VM level isolation. And if there is a bug in linux containers, we patch. ## Single host Kubernetes could also run on a single host. Some people might think it would be overkill to run so many processes, for just running one applciation, but why not? There is an effort called [k3s](https://github.com/rancher/k3s), and it is said to run on 150MB of RAM. Now imagine that you can shutdown the control plane, and run it with a cron once a night to update. It could make a good candidate to evolve [lollipopcloud](https://opencollective.com/lollipop-cloud-team/) or even [yunohost](https://yunohost.org/). ## Declarative API The kubernetes API is declarative. It means you declare how the world should look like. For instance, you can say, "My desire is to have a redis instance with these parameters". This is different from an imperative API. For our redis instance, it would mean to say instead: "Please create a redis instance, then create a service to expose it, and finally, create a secret and configure redis with that." In the declarative case, there is no need to detail the flow that modifies the different states. This is what allows us to build higher level objects, like Nextcloud instances, and hide all the logic in our operators, and make the end user desire happen. website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/content/WhyKubernetes/Operators/ 0000775 0000000 0000000 00000000000 14205470144 0026545 5 ustar 00root root 0000000 0000000 website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/content/WhyKubernetes/Operators/_index.md 0000664 0000000 0000000 00000003037 14205470144 0030340 0 ustar 00root root 0000000 0000000 --- title: Operators weight: 3 --- As we saw in the previous paragraph, kubernetes is now the standard cloud API. But kubernetes, the open source upstream project is really narrowed. It doesn't want to make everything, and want to stay focus on the good foundations. #### Resources A popular analogy is that kubernetes is providing the lego bricks so that you can build the Pirate ship yourself. These bricks are the resources. At the beginning, when you deploy kubernetes, you get these lego bricks, the resources that make a cloud API: - pods (compute and memory) - they are composed of containers - service (L4 load balancer) - ... One way to extend the kubernetes API, is with what is called Custom Resource Definition (CRD). #### History The concept of operator was first introduced by [CoreOS in this blog post](https://coreos.com/blog/introducing-operators.html), and we recommend you to read it. We got immediately excited, and now all the industry is speaking about it. There is even a WordPress operator (More on that later). #### Why is it so exciting Operators are a way to write as code the lifecycle of an hosted app, in our case a free software hosted app. It is probably the first time in IT history that we can collaborate about how to: - install - delete - update - backup - restore - scale - run highly available These recipes can now be code. It means they can be tested and shared with a Free Software license. The combination of kubernetes and operators is really appealing as a platform to run free software hosted apps. website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/content/WhyKubernetes/TheCloudAPI/ 0000775 0000000 0000000 00000000000 14205470144 0026630 5 ustar 00root root 0000000 0000000 website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/content/WhyKubernetes/TheCloudAPI/_index.md 0000664 0000000 0000000 00000007605 14205470144 0030430 0 ustar 00root root 0000000 0000000 --- title: The cloud API weight: 1 --- The main argument in favor of kubernetes is probably the fact that this is becoming The cloud API. ## A bit of history In 2006, Google contributed the code to the linux kernel to make linux containers possible. Then heroku started their PaaS business. And RedHat started their Open Source PaaS - OpenShift - to stay relevant in the business. Fast forward to 2015, RedHat joins Google to found the Cloud Native Computing Foundation and work together on Kubernetes, under the umbrella of the Linux Foundation. Between the lines, you can read that the intent behind kubernetes is to become, at least, a really good cloud API. ## Not the first abstraction to cloud APIs It is not the first time that open source project try to be an abstraction to popular cloud vendors. There are a few like ansible, or terraform. But they failed, because at the end of the day, you need to take care of the little variations of each provider. ## What is a cloud API But what is a cloud API anyway you can ask. It is a way to provision: - compute (CPU) - memory - disk - network (L4 and L7) With an API, in a self service fashion. The difference between terraform and kubernetes is the way this abstraction is made. Take disk for instance. In kubernetes, they are called Persistent Volumes (PV), and when you work with kubernetes, you manipulate these objects. Then, depending on your cloud provider (Google Cloud, AWS, ..) or even being in your own datacenter, you can have a different volume provider taking care of making your desire to have a Volume happen. Even better, you could have different volume providers on the same cluster, all nicely abstracted by this object. And kubernetes provides this nice abstraction for everything you need to run hosted free software, in a beautiful way. ## Google compete against AWS Another thing to keep in mind is that Google Cloud is a direct competitor of AWS. At the time of open sourcing Kubernetes, the docker orchestration war already started, and the world was desperatly in need of a nice orchestrator. Google had a bit of experience in this field. And they probably saw a nice opportunity to compete against AWS. Imagine, if the world adopts Kubernetes, which is what is happening. Then the barrier to exit AWS just became a lot cheaper. It is not a secret that AWS was one of the last big tech compagny to join the CNCF. And it is probably because kubernetes is a threat to their business model, to some extent. ## The last package manager? There is this nice read from Helm about [what is a package manager](https://github.com/helm/community/blob/master/helm-v3/009-package_manager.md). And if you think like [CoreOS that the future of the datacenter, or the cloud, is to build an Operating System](https://coreos.com/blog/cluster-osi-model.html). (Funnily this is also Mesos - another container orchestrator - Marketting [DataCenter OS](https://dcos.io/)). Whether you agree with what was said before, it has at least the merit to ask questions. How do we run cluster at scale? How do we deploy in a high availability manner? How do we backup and restore? And more importantly, how do we share these recipes, with a free software license attached. WordPress, the code is free software. Great you can install it on your php provider. But then installing and updating is left as an exercise to the reader. One component of Kubernetes is definitely to address that. To some extent, kubernetes, and/or tools around are becoming the standard package manager. Some popular proprietary vendors like SAP are now shipping their software as a kubernetes package. They tell their customers, just provide us a cluster, we take care of the rest. Even [OpenStack](https://github.com/openstack/openstack-helm) is shipped as a kubernetes package! For all these reasons, kubernetes is becoming The cloud API, and the OS of your infrastructure, and the package manager to deploy your FLOSS. website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/content/WhyKubernetes/_index.md 0000664 0000000 0000000 00000001602 14205470144 0026356 0 ustar 00root root 0000000 0000000 --- title: "Why Kubernetes" pre: "4. " weight: 4 --- We have an apriori that the free software community doesn't really like kubernetes, so this section is about why it is a such a great platform for hosting free software. Maybe it is just because this community doesn't really know it, or maybe we are just plain wrong. The only fact that this technology is trendy doesn't make it the best choice. But the fact that everybody is talking about it should at least question your beliefs. Some people complain about it, and maybe you do too: - containers are not secured - kubernetes is developed by google - it is really complex - it consumes too much resources - the network stack is crazy Let's try to address these, and try to convince you that kubernetes is a good platform to host free software. (If you still have some unanswered questions, feel free to come and get in touch) website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/content/_index.md 0000664 0000000 0000000 00000006351 14205470144 0023565 0 ustar 00root root 0000000 0000000 # Libre.sh - Kubernetes the libre way. ## Introduction The current status of the project is pre-alpha. It is mostly documentation but should already be helpful. The plan is to automatize more parts. Libre.sh is a kubernetes distribution aimed at hosting freesoftware for the people. Think of it as the debian of kubernetes distribution for hosted software, or as a distributed yunohost. - Currently contains documentation - From Hetzner to Nextcloud - No single point of faillure - Scallable - High density of services - Everything as code ## How it works It is an opinionated but modular kubernetes distribution. We don't have a strong opinion about lower layers, but we want to collaborate on top. The aim of this distribution is to host free software for people and organisation at scale. Like for libre.sh v1 - yet another docker-compose PaaS, we use the best FLOSS tools out there, put them together, add a bit of configuration, make upstream compatible and enjoy the ride. In our case, once you got kubernetes working, the rest is based on operators. We have one opinion on how to organize the cluster, is that, we namespace it by domain name, and we put this domain as an annotation, it allows us for some automation later. Then we curate a list of nice operators for the backing services (Think s3, postgres, redis, emails..). We also need to build/advocate for upstream operators for popular FLOSS projects. We already helped develop [some](https://github.com/RocketChat/Docker.Official.Image/commit/a951f488fb2a633fc89ad3048eb451aa05dc90ee) [official](https://github.com/nextcloud/docker/commit/8fa384bcd6619b9c19c5efbcdf7248d803e43727) [docker](https://github.com/matomo-org/docker/commit/e6538b90a4c7e7e3d6423d1e4740e674ee42eede) [images](https://github.com/idno/Known-Docker/commit/394e91c21d33914899dd2b0b211be2d7fe4e1837) on the v1, we now want to help develop this operators. Then we wrap these operators as libre.sh operators. These are the upstream operators, packaged with the necessary dependencies to make them work out of the box in libre.sh. Finally, we want to build a nice UI to let end user self serve these great FLOSS tools. The objective would be to have an alpha version of this UI by beginning of 2021. This is the general idea of the libre.sh kubernetes distribution. This is early and work in progress, feel free to get in touch to discuss about the different points. ## Who uses it It is currently used and developed at https://indie.host in production since more than a year. If you use it or plan to use it, feel free to add your organization here! ## Who is it for If you need to deploy just a couple of Nextcloud instances, then this is probably not for you. If you want to selfhost on a single host, it is probably not mature enough for you to have a seemless experience (but hopefully we'll get there). If you want to discover kubernetes, and you are a free software enthousiast, you are at the right place. If you need to build an infrastructure to host free software that would need to scale, it is also for you. If you need high availability and you are not allergic to containers, even for one Nextcloud instance, it could be for you. If you need to host hundreds of free software instances, like we do, it is definitely for you! website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/content/contribute.md 0000664 0000000 0000000 00000001624 14205470144 0024473 0 ustar 00root root 0000000 0000000 --- title: How to contribute --- Depending on your skills, there are many ways to contribute: - devops - improve docker images upstream - build pipelines to test them and ship them - build pipelines for our operators - go developper - develop operators upstream - develop libre.sh operators - make kubernetes ecosystem thrive - UI/UX designer/developer - help us shape what the UI will be like --> https://lab.libreho.st/libre.sh/kubernetes/ui - translate - not much yet, once we have the UI, it would make sense to translate it - documentation - improve this website - spread the word about this tool - write blog post - tweet and toot about it - discuss on reddit - discuss with your community - support - support people on the forum - support people over the matrix channel - learn - kubernetes - go - donate :) - https://opencollective.com/libresh website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/content/credits.md 0000664 0000000 0000000 00000000764 14205470144 0023756 0 ustar 00root root 0000000 0000000 We'd like to thanks the following that make building and hosting this website possible: - [Open Source Politics](https://opensourcepolitics.eu/) for sponsoring the french training. - Elio Quoshi and https://ura.design for the beautiful logo they designed us. - https://github.com/matcornic/hugo-theme-learn - https://getgrav.org - https://gohugo.io/ - https://gitlab.com - https://Kubernetes.io - https://github.com/GoogleContainerTools/kaniko - https://hub.docker.com - https://indie.host website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/content/license.md 0000664 0000000 0000000 00000001235 14205470144 0023735 0 ustar 00root root 0000000 0000000 --- title: License --- In case you wondered, it is a free software project, not open source. This is a project about human rights, privacy rights, freedom of speech (in the european sense), not about efficient development. This website is public domain and we use AGPL, [your company problably doesn't like](https://opensource.google/docs/using/agpl-policy/), and not MIT. We consider that the greatest freedom, shouldn't be a company freedom to be able to close the source code, but a user freedom to always have it free and libre. If you are aligned with these values, you are welcome to contribute. If you feel uncomfy, we are sorry, but this is not negociatable. website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/content/roadmap.md 0000664 0000000 0000000 00000002505 14205470144 0023737 0 ustar 00root root 0000000 0000000 ## Release management Let's first define what we call alpha, beta, and stable. ### Alhpa Alpha is just a proof of concept. It works on my machine, and it is freshly shipped. Use it at your own risk. ### Beta - It is deployed in production for some bold people - There is some rough documentation - Most bugs are corrected - There is an upgrade path - There are backups and restore ### Stable - It is observed - grafana dashboard - prometheus metrics - prometheus alerts - The documentation is nice - it is deployed in production for more than a dozen of people ## Roadmap - 1st of September libre.sh full stack alpha - Nextcloud libre.sh operator - RocketChat libre.sh operator - discourse libre.sh operator - release name - Louise Michel - 1st of January - graduate Nextcloud libre.sh operator to Beta - graduate RocketChat libre.sh operator to Beta - graduate the documentation of libre.sh to Beta - codimd libre.sh operator alpha - proposed release name - Ada Lovelace - 1st of May - graduate the documentation of libre.sh to stable - graduate Nextcloud libre.sh operator to stable - graduate RocketChat libre.sh operator to stable - graduate discourse libre.sh operator to stable - graduate codimd libre.sh operator to beta - proposed release name - Voltairine de Cleyre website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/content/training.md 0000664 0000000 0000000 00000003370 14205470144 0024130 0 ustar 00root root 0000000 0000000 --- title: Free training --- Thanks to our partner [Open Source Politics](https://opensourcepolitics.eu/) , they wanted to have a libre.sh training, and agreed to open it to the public. - [Docker - Basics 1](https://videos.lescommuns.org/w/deDEH9kdQ9yFrLw8x3KTvy) : Introduction, 12 Factor APP, What is Docker, Installation, Basics, Best practices - [Docker - Basics 2](https://videos.lescommuns.org/w/1A1gfJLgUEbXL21DK9A8yr) : Networks, Volumes, Builder, Alpine - [Docker - Advanced](https://videos.lescommuns.org/w/gaRx4ehK4HLDzhhqaRv9nx) : Advanced, Namespace, Multiprocess, 12 Factor App, VM School, Conclusion, User, Logs, Monitoring, Local Storage, Docker Exec - [Kubernetes - Basics 1](https://videos.lescommuns.org/w/sKoNZW78HCUscEtVaxfMRU) : k8s History, k8s resources, yaml structure, namespace, pod, ReplicaSet, Deployment, Actions, Proxy, Port forward - [Kubernetes - Basics 2](https://minio.k7.indie.host/live/training-05.mp4) : Annotations, labels, service yaml, service description, secrets, ingress, cert-manager, kustomize, scheduler, cluster autto scaler, configmap - [Kubernetes - Advanced 1](https://minio.k7.indie.host/live/training-06.mp4) : Architecture, benefits, package manager, Operators, helm, probes, cluster auto scaler - [Kubernetes - Operator](https://videos.lescommuns.org/w/2ABj8hjwx1PpmhRmNB49Sg) : Operator Maturity Model, Custom Resource, How to build an operator - [Kubernetes - Advanced 2](https://videos.lescommuns.org/w/pU9M5ZvJcYuhikxnkfYss9) : RBAC, Moar, Dev Side, Ops Side, Network side, Storage side We recommend you to be comfortable reading english and have [docker already installed](https://docs.docker.com/get-docker/) . If you want to sponsor an english training, feel free to contact at indie dot host. website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/layouts/ 0000775 0000000 0000000 00000000000 14205470144 0022016 5 ustar 00root root 0000000 0000000 website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/layouts/partials/ 0000775 0000000 0000000 00000000000 14205470144 0023635 5 ustar 00root root 0000000 0000000 website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/layouts/partials/logo.html 0000664 0000000 0000000 00000000111 14205470144 0025454 0 ustar 00root root 0000000 0000000 website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/layouts/partials/menu-footer.html 0000664 0000000 0000000 00000002420 14205470144 0026761 0 ustar 00root root 0000000 0000000
Site built with from Grav and Hugo
Project built, hosted and run in production by IndieHosters (join us :) ).
website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/static/ 0000775 0000000 0000000 00000000000 14205470144 0021605 5 ustar 00root root 0000000 0000000 website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/static/controller-utils 0000664 0000000 0000000 00000001074 14205470144 0025053 0 ustar 00root root 0000000 0000000 website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/static/images/ 0000775 0000000 0000000 00000000000 14205470144 0023052 5 ustar 00root root 0000000 0000000 website-abf1b6d638bb9f8b372567e4cceb02c80bc62608/static/images/favicon.png 0000775 0000000 0000000 00000036056 14205470144 0025222 0 ustar 00root root 0000000 0000000 h 6 ( 00 h&