I read a lot of advice online for distros, but my main needs are not really discussed.

You’re not special and Linux distros aren’t that specialized. They differ in packaging, upgrade philosophy, etc. There is no Linux distro that can’t do the things others do.

You dabbled with Ubuntu. Stick with it, you’ll be fine. Unless you really want mint, then go for it you’ll be fine.

This needs to be pinned to every single “looking for a distro” post.

The official declined to comment further “out of respect for the privacy of the family and loved ones” of the reported victim.

The Trump administration doing something out of respect? 🤣

That’s awesome.

Nobody understands JavaScript. It’s the quantum mechanics of the software world.

As a proper “gray beard” myself the utility of systemd vs. sys-v init scripts has always been blindingly obvious. 🤷

Dude - you gotta get off the snap hate train for a bit.

Do you not understand the difference between “hey, run this rando shell script on the internet” and “hey, use this standardized installer which may run some shell scripts”?

I don’t give a shit about all the canonical hate. For me snap does what I want:

1. Installs things in a standardized way using a standard interface i can easily script with ansible
2. Provides a similarly standardized way of upgrading and uninstalling that can also be automated easily with ansible
3. Works “just fine”.
4. Edit - I’ll add in a fourth - creates a fucking binary I can run (no flatpak run something.something.something BS)

It’s not bash I’m criticizing. Do you understand that? Because stop reading if you don’t and go back through my list. I’ll wait.

So good - you get that bash isn’t the problem. It’s the bespoke unstructured installer/upgrader/unisntaller part that is bad. You could write your installer in C, Python, etc. and I’ll levy the same complaints. You want me to install your python app? It should be available through pypi and pip. Not some rando bespoke installer.

This is the classic conspiracy theory logic laid bare. A long string of facts tied together with plausible sounding but made-up reasons.

Just because your theory could explain it doesn’t mean it does explain it.

Ah - you have discovered my complaint.

That is precisely why I went with microk8s instead. I don’t install software from people who can’t be bothered to package their software using standard deployment tools which has been the correct way to distribute Linux software for decades.

That’s what an educated person sounds like Donald.

They try this every 5 years or so. Microsoft gives them some short term discounts and they come running back back.

You’ve made this about snap. Flatpak, rpm, deb, etc. all work too.

You’re welcome to make whatever bad decisions you like. I can manage snaps with standard tooling. I can install, update, remove them with simple ansible scripts in a standard way.

Bash installers are bad. End of.

Microk8s manages to install with a snap. I know that snap is “of the devil” around these parts but it’s still better than a custom bash script.

Custom bash scripts will always be worse than any alternative.

Does “not the onion” just mean “news”?

I really want to push back on the entire idea that it’s okay to distribute software via a curl | sh command. It’s a bad practice. I shouldn’t be reading 100’s of lines of shell script to see what sort of malarkey your installer is going to do to my system. This application creates an uninstall script. Neat. Many don’t.

Of the myriad ways to distribute Linux software (deb, rpm, snap, flatpak, AppImage) an unstructured shell script is by far the worst.

curl -sfL https://get.k3s.io/ | sh -

Never, ever install anything this way. The trend of “just run this shell script off the internet” is a menace. You don’t know what that script does, what repositories it may add, what it may install, whether somebody is typo-squatting the URL and you’re running something else, etc.

It’s just a bad idea. If you disagree then I have one question - how would you uninstall k3s after you ran that blackbox?

Yeah - I did come down a bit harder on helm charts than perhaps I intended - but starting out with them was a confusing mess for me. Especially since they all create a new ‘custom-to-this-thing’ config file for you to work with rather than ‘standard yml you can google’. The layer of indirection was very confusing when I was learning. Once I abandoned them and realized how simple a basic deployment in k8s really is then I was able to actually make progress.

I’ve deployed half a dozen or so services now and I still don’t think I’d bother with helm for any of it.

Yeah - k8s has a bit of a steep learning curve. I recentlyish make the conversion from “a bunch of docker-compose files” to microk8s myself. So here are some thoughts for you (in no particular order).

I would avoid helm like the plague. Everybody is going to recommend it to you but it just puts a wrapper on a wrapper and is MUCH more complicated than what you’re going to need because you’re not spinning up hundreds of similar-but-different services. Making things into templates adds a ton of complexity and overhead. It’s something for a vendor to do, not a home-gamer. And you’re going to need to understand the basics before you can create helm charts anyway.

The actual yml files you need are actually relatively simple compared to a helm chart that needs to be parameterized and support a bazillion features.

So yes - you’re going to create a handful of yml files and kubectl apply -f them. But - you can do that with Ansible if you want, or you can combine them into a single yml (separate sections with ----).

What I do is - for each service I create a directory. In it I have name_deployment.yml, name_service.yml, name_ingress.ymlandname_pvc.yml`. I just apply them when I change them, which isn’t frequent. Each application I deploy generally has its own namespace for all its resources. I’ll combine deployments into a NS if they’re closely related (e.g. prometheus and grafana are in the same NS).

Do yourself a favor and install kubens which lets you easily see and change your namespace globally. Gawd I hate having to type out my namespace for everything. 99% of the time when you can’t find a thing with kubectl get you’re not looking in the right namespace.

You’re going to need to sort out your storage situation. I use NFS for long-term storage for my pods and have microk8s configured to automatically create space on my NFS server when pods request a PV (persistent volume). You can also use local directories but that won’t cluster.

There are two basic types of “ingress” load balancing. “ClusterIp” means the cluster controller will act like a hostname-based router for HTTP. You can point your DNS entries at that server and it will route to your pods on their internal IP address based on the DNS name of the request. It’s easy to use and works very well - but it only works for HTTP traffic. The other is to use LoadBalancerIp that will give your pods an IP address on the network that you can connect to directly. The former only works for HTTP, the latter will let you use any ports (e.g. ssh for a forgejo instance).

“Good luck with that.”

I realize you’re inexperienced and excited, but this is truly no big deal. Port scans are quite common and aren’t even always malicious. You can use nmap to scan systems yourself - just to see what’s out there or to test if your firewalls are woking, etc.