undefined | Better HN

0 pointsMrOwen4y ago0 comments

Why only Google problems? Why not homelab problems where I'm managing upwards of 20 apps and I don't want to come up with custom automation to do things like cert renewal, tls termiantion, dynamic storage, and disaster recovery? What if I don't want to come up with my own system for organizing and grouping resources? Lots of homelab people (I assume) chain together hacky scripts and probably many things are not repeatable. With k8s, all my configs are in a single repo and I can spin back up my entire cluster on new hardware anywhere provided I've backed up my storage. How does Swarm handle all of these problems in a more unified or complete way that k8s does?

0 comments

10 comments · 3 top-level

sgk2844y ago· 5 in thread

I'd heavily encourage you to read the docs. If the scenarios you outlined are your top concern for your homelab, I suspect the complexity and resource overhead of k8s isn't warranted.

- Cert Renewal / Rotation: https://docs.docker.com/engine/reference/commandline/swarm_c...

- TLS Termination: Arguably this is an application layer concern and out of scope for an orchestration layer, but in either case use Nginx (or your favorite TLS terminating proxy) as your ingress point. This is equivalent to the Nginx ingress controller in k8s.

- Storage: Docker volumes (local or ceph, for distributed).

- Disaster Recovery: Node failure? Cluster failure? Data loss? What kind of DR? The strategies you'd use with Swarm will be very similar to those you'd use with k8s.

- Grouping resources: Labels and/or services.

In a Swarm world you'll have fewer moving pieces, far lower resource requirements, and will manage it all in a docker-compose file(s). You'll also get things like service discovery, routing, and secrets management for "free". No additional configuration needed.

MrOwenOP4y ago

I would argue the myriad of alternatives you've suggested as alternatives produce significantly more overhead.

You linked Swarm CA renewal operations; this is maybe 1/50 of the functionality of cert-manager. Is there a product like cert-manager that I can run on Swarm that's tightly integrated?

Why not have ingress intrinsically linked to the underlying reaources like k8s does? Your suggestion means that someone needs to come up with a methodology and automation to update ingress with Swarm. Yeah, it's obviously possible but imo, Traefik ingress reaources are way easier to manage with config spread across far fewer places.

Storage.. I have an nfs storage provider in k8s which allows me to dynamically create storage with lifecycle management included... for free... just because I'm using k8s.

DR as in something happens to my house or other technical issues which bring down my cluster. I would posit that it's much easier for me to restore a cluster because it's all yaml and imo more descriptive and capable than swarm yaml syntax.

I think you get my point. Yes, you can do it all with Swarm but with things like k3s and k0s, it's just as easy to start using k8s. And way more help, docs, and tooling to boot.

danudey4y ago

Honestly, this is such a common refrain in open-source communities.

"I'm going to use this product/project."

"You shouldn't use that, use this instead."

"But this product/project has all these features I want."

"Sure but you can just build and maintain those features yourself if you want. It's open source, after all!"

Or alternately:

"Well no one really needs those anyway, it's just people being told that they do."

I've been hearing this same refrain for over twenty years now. It seems as though some people don't understand that there's actual value in having a system that just works, rather than one that you have to build and maintain yourself just to emulate the system that works.

3 more replies

1_player4y ago

Traefik, for example, handles certificates for your services. I've set it up this morning on our Docker Swarm at work, 5 domains are now served by it with automated ACME certificates.

It's not like cert-manager does rocket science that is possible only on k8s

KronisLV4y ago

> You linked Swarm CA renewal operations; this is maybe 1/50 of the functionality of cert-manager. Is there a product like cert-manager that I can run on Swarm that's tightly integrated?

> Why not have ingress intrinsically linked to the underlying reaources like k8s does? Your suggestion means that someone needs to come up with a methodology and automation to update ingress with Swarm. Yeah, it's obviously possible but imo, Traefik ingress reaources are way easier to manage with config spread across far fewer places.

Traefik can provide a lightweight ingress for Docker Swarm clusters alongside ensuring most of the certificate related functionality that you might want for web apps: https://traefik.io/

In particular, here's an example of using it with Docker Swarm: https://dockerswarm.rocks/traefik/

It integrates well enough that you can set up listening for particular ports, domain names, set up basicauth, use Let's Encrypt for certificates and do many other things with labels inside of your Docker Compose file!

> Storage.. I have an nfs storage provider in k8s which allows me to dynamically create storage with lifecycle management included... for free... just because I'm using k8s.

Docker also supports volume plugins, some of which were carried out of the base offering not to create needless bloat (much like what K3s does with many other in tree plugins of the heavyweight Kubernetes distros): https://docs.docker.com/engine/extend/plugins_volume/

Here's a pretty good documentation page on how to set them up and use them: https://docs.docker.com/storage/volumes/#share-data-among-ma...

You'll find examples of SSHFS, NFS, CIFS/Samba there, which should cover most base use cases. The latter two are supported by the default "local" driver (which feels like a naming failure on their part), so it's safe to say that Docker and Docker Swarm support both NFS and CIFS/Samba out of the box.

> DR as in something happens to my house or other technical issues which bring down my cluster. I would posit that it's much easier for me to restore a cluster because it's all yaml and imo more descriptive and capable than swarm yaml syntax.

I'm afraid i don't follow here.

Here's how you set up a cluster: https://docs.docker.com/engine/swarm/swarm-tutorial/create-s...

There are also commands for managing nodes within the Swarm: https://docs.docker.com/engine/reference/commandline/node/

There are also commands for managing the stacks that are deployed: https://docs.docker.com/engine/reference/commandline/stack/

That's literally it. Verbose YAML doesn't imply any additional quality. If you want, feel free to look at the Compose specification too see all of the supported options: https://docs.docker.com/compose/compose-file/compose-file-v3...

With Swarm, i've actually found that it's actually very easy to both manage the cluster, resolve any issues (because of very few moving parts), or even just wipe it all and create it anew with all of the deployments in a few commands. Furthermore, there is a very lovely Ansible Swarm module if you'd like: https://docs.ansible.com/ansible/latest/collections/communit...

In short, fewer moving parts equal easier administration and fewer Byzantine failures in this case.

> I think you get my point. Yes, you can do it all with Swarm but with things like k3s and k0s, it's just as easy to start using k8s. And way more help, docs, and tooling to boot.

K3s and other projects like it are a step in the right direction for Kubernetes in smaller deployments! That said, in my experience, the documentation of Docker Swarm is comparatively better to that of many of the Kubernetes distro projects, simply because of how mature and stable Docker and Docker Swarm both are.

I don't doubt that the situation will change in a few years, but until then, Swarm is more than enough.

t_sawyer4y ago

Yes, ingress like Traefik can auto renew certs.

My problem with swarm is that the overlay networking was super flaky. Dead containers still being registered on the network cause every X requests to fail (since it’s round robin) because it’s routing to an overlay IP that doesn’t exist.

Further, I could never find storage adapters for cloud storage that continued to be maintained. Rexray was the longest standing but hasn’t had a commit since Jan 2019.

nonbirithm4y ago· 2 in thread

I personally use Docker Compose for homelab deployment. It handles internetworking dependencies, and with nginx-proxy + letsencrypt-nginx-proxy-companion you get automatic subdomain redirection and certificate renewal.

I will say that it's still a fair amount of complexity, but it's a workable amount of complexity on a day-to-day basis.

seabrookmx4y ago

I run bitwarden, syncthing, transmission etc. on a single box at home and this setup works great.

jrop4y ago

I've been using Ansible's Docker module to manage my containers in my homelab, and I've been meaning to switch it to Docker-Compose for a while now, because it's kind of a pain to have to wait for the playbook to run for simple container changes (among other annoyances).

Overall, though: Traefik proxying to Docker Containers has been _very_ smooth in my Homelab: I'm loving it.

SergeAx4y ago

I got all my personal services dockerized and running in a bunch of Docker Compose (not even Swarm) and an nginx as an ingress and SSL termination point. I have all the configs in one repo too. I chose nginx because I am quite familiar with it, but I believe that Caddy may do the same work even easier.

j / k navigate · click thread line to collapse