Does "not the onion" just mean "news"?

I really want to push back on the entire idea that it's okay to distribute software via a curl | sh command. It's a bad practice. I shouldn't be reading 100's of lines of shell script to see what sort of malarkey your installer is going to do to my system. This application creates an uninstall script. Neat. Many don't.

Of the myriad ways to distribute Linux software (deb, rpm, snap, flatpak, AppImage) an unstructured shell script is by far the worst.

curl -sfL https://get.k3s.io/ | sh -

Never, ever install anything this way. The trend of "just run this shell script off the internet" is a menace. You don't know what that script does, what repositories it may add, what it may install, whether somebody is typo-squatting the URL and you're running something else, etc.

It's just a bad idea. If you disagree then I have one question - how would you uninstall k3s after you ran that blackbox?

Yeah - I did come down a bit harder on helm charts than perhaps I intended - but starting out with them was a confusing mess for me. Especially since they all create a new 'custom-to-this-thing' config file for you to work with rather than 'standard yml you can google'. The layer of indirection was very confusing when I was learning. Once I abandoned them and realized how simple a basic deployment in k8s really is then I was able to actually make progress.

I've deployed half a dozen or so services now and I still don't think I'd bother with helm for any of it.

Yeah - k8s has a bit of a steep learning curve. I recentlyish make the conversion from "a bunch of docker-compose files" to microk8s myself. So here are some thoughts for you (in no particular order).

I would avoid helm like the plague. Everybody is going to recommend it to you but it just puts a wrapper on a wrapper and is MUCH more complicated than what you're going to need because you're not spinning up hundreds of similar-but-different services. Making things into templates adds a ton of complexity and overhead. It's something for a vendor to do, not a home-gamer. And you're going to need to understand the basics before you can create helm charts anyway.

The actual yml files you need are actually relatively simple compared to a helm chart that needs to be parameterized and support a bazillion features.

So yes - you're going to create a handful of yml files and kubectl apply -f them. But - you can do that with Ansible if you want, or you can combine them into a single yml (separate sections with ----).

What I do is - for each service I create a directory. In it I have name_deployment.yml, name_service.yml, name_ingress.ymlandname_pvc.yml`. I just apply them when I change them, which isn't frequent. Each application I deploy generally has its own namespace for all its resources. I'll combine deployments into a NS if they're closely related (e.g. prometheus and grafana are in the same NS).

Do yourself a favor and install kubens which lets you easily see and change your namespace globally. Gawd I hate having to type out my namespace for everything. 99% of the time when you can't find a thing with kubectl get you're not looking in the right namespace.

You're going to need to sort out your storage situation. I use NFS for long-term storage for my pods and have microk8s configured to automatically create space on my NFS server when pods request a PV (persistent volume). You can also use local directories but that won't cluster.

There are two basic types of "ingress" load balancing. "ClusterIp" means the cluster controller will act like a hostname-based router for HTTP. You can point your DNS entries at that server and it will route to your pods on their internal IP address based on the DNS name of the request. It's easy to use and works very well - but it only works for HTTP traffic. The other is to use LoadBalancerIp that will give your pods an IP address on the network that you can connect to directly. The former only works for HTTP, the latter will let you use any ports (e.g. ssh for a forgejo instance).

"Good luck with that."

I realize you're inexperienced and excited, but this is truly no big deal. Port scans are quite common and aren't even always malicious. You can use nmap to scan systems yourself - just to see what's out there or to test if your firewalls are woking, etc.

You contacted Amazon over a port scan?

Do you think the only reason people take vacation is to avoid their boss?

🤣

They honestly believe everybody on Medicaid is "cheating the system". They've bought their own BS.

I get the "nobody ever went broke underestimating the intelligence of the general public" vibe - but do you really think that people believe that websites act with agency to sell them things?

This! KDE's settings are a mess to navigate. I completely understand why that person didn't know there even was a configuration for this.