Evaluate viability of switching to Docker #14

New Issue

DarkFeather · 2022-01-03T17:25:47-06:00

DarkFeather commented

2022-01-03 17:25:47 -06:00

We previously had tried to replace our current 2x1U SuperMicro X8 ecosystem with a QEMU+GlusterFS cluster of 5 RaspberryPi 4's. That didn't scale enough to even boot the ArchLinux ISO.

However, a new video from Network Chuck shows using Rancher to orchestrate a Kubernetes cluster. Some of our applications may work well in a Docker environment, like TT-RSS, Gitea, etc. Some may be able to work natively on a Pi, like Emby or SFTP.

Others, though, need some more evaluation. Pipelines like Sharingan and WolfPack are complex and load intensive on their current frames. We'd also need to evaluate the syslog-ng ingest layer we'd have to add on top of our containers to make sure data is being pulled in correctly.

At the moment, this is on pause as Ubiqtorate still needs to finish going live and we need to focus on getting our cybersecurity services more ingestible for demos. We may look at a targeted migration of apps for a partial roll-out at some point. Starting this thread to record conversation and ideas.

We previously had tried to replace our current 2x1U SuperMicro X8 ecosystem with a QEMU+GlusterFS cluster of 5 RaspberryPi 4's. That didn't scale enough to even boot the ArchLinux ISO. However, a [new video from Network Chuck](https://www.youtube.com/watch?v=X9fSMGkjtug) shows using Rancher to orchestrate a Kubernetes cluster. Some of our applications may work well in a Docker environment, like TT-RSS, Gitea, etc. Some may be able to work natively on a Pi, like Emby or SFTP. Others, though, need some more evaluation. Pipelines like Sharingan and WolfPack are complex and load intensive on their current frames. We'd also need to evaluate the syslog-ng ingest layer we'd have to add on top of our containers to make sure data is being pulled in correctly. At the moment, this is on pause as [Ubiqtorate](/AniNIX/Ubiqtorate) still needs to finish going live and we need to focus on getting our cybersecurity services more ingestible for demos. We may look at a targeted migration of apps for a partial roll-out at some point. Starting this thread to record conversation and ideas.

DarkFeather added the

On-hold

RFC

labels 2022-01-03 17:25:47 -06:00

DarkFeather commented

2022-01-04 12:09:11 -06:00

Services with available docker images:

Foundation: https://docs.gitea.io/en-us/install-with-docker/
Geth: https://www.home-assistant.io/installation/linux#platform-installation
IRC: https://github.com/inspircd/inspircd-docker / https://github.com/anope/anope-docker
Nazara: https://hub.docker.com/r/pihole/pihole/
Sharingan: https://github.com/Graylog2/graylog-docker
Singularity: https://git.tt-rss.org/fox/ttrss-docker-compose/src/branch/static-dockerhub/README.md
Yggdrasil: https://emby.media/docker-server.html

Service we need to compose Docker images for:

Notes:

Security is likely better with our current model -- Applications are either shared safely, or are jailed to a dedicated VM. https://security.stackexchange.com/questions/169642/what-makes-docker-more-secure-than-vms-or-bare-metal
Performance is better with our current model. This may be marginal, but since we are low-cost, any performance improvement is important.
- https://k6.io/blog/wordpress-bare-metal-vs-wordpress-docker-performance-comparison/
- https://www.blackvoid.club/plex-bare-metal-or-docker/
Our current model requires less rework.

Services with available docker images: * Foundation: https://docs.gitea.io/en-us/install-with-docker/ * Geth: https://www.home-assistant.io/installation/linux#platform-installation * IRC: https://github.com/inspircd/inspircd-docker / https://github.com/anope/anope-docker * Nazara: https://hub.docker.com/r/pihole/pihole/ * Sharingan: https://github.com/Graylog2/graylog-docker * Singularity: https://git.tt-rss.org/fox/ttrss-docker-compose/src/branch/static-dockerhub/README.md * Yggdrasil: https://emby.media/docker-server.html Service we need to compose Docker images for: * [Aether](/AniNIX/Aether) * [CryptoWorkbench](/AniNIX/CryptoWorkbench) * [Maat](/AniNIX/Maat) * [TheRaven](/AniNIX/TheRaven) * [WolfPack](/AniNIX/WolfPack) Notes: * Security is likely better with our current model -- Applications are either shared safely, or are jailed to a dedicated VM. https://security.stackexchange.com/questions/169642/what-makes-docker-more-secure-than-vms-or-bare-metal * Performance is better with our current model. This may be marginal, but since we are low-cost, any performance improvement is important. * https://k6.io/blog/wordpress-bare-metal-vs-wordpress-docker-performance-comparison/ * https://www.blackvoid.club/plex-bare-metal-or-docker/ * Our current model requires less rework.

DarkFeather commented

2023-01-10 15:41:29 -06:00

If we go this route, as part of using Ubiqtorate#17 as a POC, we should look into the k8s learning materials at https://github.com/openshift-homeroom.

If we go this route, as part of using [Ubiqtorate#17](/AniNIX/Ubiqtorate/issues/17) as a POC, we should look into the k8s learning materials at https://github.com/openshift-homeroom.

DarkFeather commented

2023-09-05 11:22:41 -05:00

We should also look at resurrecting our Folding@Home charity arm with https://hub.docker.com/r/linuxserver/foldingathome.

Sign in to join this conversation.