Good Karma Kit

The Good Karma Kit is “a Docker Compose project to run on servers with spare CPU, disk, and bandwidth.” I like the idea in principle, but it is always a complex thing to do, because if you host unknown content, you can get in trouble easily (like pirated content or worst…)

In the last projects, I get used to use K8s CronJob(s) to schedule tasks.

I am always amused on how complex K8s/Docker Swarm are, and how easy “plain” docker is.

Bullet points:

1. 1979: Unix V7 Introduced the chroot command to isolate the filesystem a process "access" to.
2. Various technology was introduced up to 2006, like Virtuozzo (which patched Linux in a proprietary ways)
3. 2006: Process Containers Launched by Google in 2006 was designed for limiting, accounting and isolating resource usage (CPU, memory, disk I/O, network) of a collection of processes. It was renamed “Control Groups (cgroups)” a year later and eventually merged to Linux kernel 2.6.24.
4. 2008: LXC LXC (LinuX Containers) was the first, most complete implementation of Linux container manager. It was implemented in 2008 using cgroups and Linux namespaces, and it works on a single Linux kernel without requiring any patches.
5. 2013: Docker Docker used LXC in its initial stages and later replaced that container manager with its own library, libcontainer. Docker offered a way to configure and manage containers, i.e a standard de-facto for this technology. As you see Docker was based on cgroups and LXC, seven-years old technologies
6. On September 2014 Google published the first release of Kubernetes
7. In 2015 Docker, CoreOS and others founded the Open Container Initiative's (OCI). K8s does not need docker anymore to work, but Docker traction is still strong.

References:

My true personal opinion based on what customers asks and what co-worker uses:

In this second article, I suggest to explore further two simple helm chart for getting a bit more inside K8s.

K8s is a very complex beast. But it give you a very good set of security defaults, and it is also a very well done implementation of a microservice application.

Misterio is a  docker-compose based Ansible alternative.

Why

[UPDATED 21/3/2022]

I have a shiny mail server on gioorgi.com. I decided to manage it on first person because it is important to have tight control on your email, in my humble opinion. It is not strictly necessary, but lending your email address to big company like Googles, Microsoft, Yahoo and so on could be a issue if you get banned by them for whenever reason.

Hosting your own email server is not a mandatory task; it increase your attack surface too. But relaying too much on big emails provider (Gmail, Outlook, Aruba, Fastmail) could be a risk for our democracy. For instance, who decide how Spam is managed (i.e. what could be a Spam email)? Can we trust big providers? Email has legal value, and its content should stay as much as private as possible.

Use docker in docker to drive docker from a container Working under windows, sometimes docker slow down. Sometimes you need to access to the MobyVM. With this line:

Sometimes your windows' HyperV Hypervisor will refuse to start.

The problem is tricky because the services seems started if you check them. Also the installation is successful, virtualization is enabled and so on. So what is wrong?