zfs-localpv
Vault
Our great sponsors
zfs-localpv | Vault | |
---|---|---|
12 | 160 | |
366 | 29,610 | |
5.2% | 0.8% | |
7.1 | 10.0 | |
6 days ago | 6 days ago | |
Go | Go | |
Apache License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
zfs-localpv
-
ZFS 2.2.0 (RC): Block Cloning merged
I use it in Kubernetes via https://github.com/openebs/zfs-localpv
The PersistentVolume API is a nice way to divvy up a shared resource across different teams, and using ZFS for that gives us the snapshotting, deduplication, and compression for free. For our workloads, it benchmarked faster than XFS so it was a no-brainer.
- openebs/zfs-localpv: CSI Driver for dynamic provisioning of Persistent Local Volumes for Kubernetes using ZFS.
-
OpenEBS on MicroK8S on Hetzner
Last few months I experimented more and more with all OpenEBS solutions that fit small Kubernetes cluster, using MicroK8S and Hetzner Cloud for a real experience.
- Openebs ?? Or equivalent
-
Network Storage on On-Prem Barebones Machine
I would investigate https://openebs.io/ https://portworx.com/ https://longhorn.io/ if you are forced to you can mount ISCSI on the kublet and feed it to one of those solutions. Keep in mind most of the big guys buy some sort of managed solution that you can point a CSI like trident https://netapp-trident.readthedocs.io
-
Ask HN: What are some fun projects to run on a home K8s cluster?
What are some cool projects to self hosted on a home Raspberry Pi (64 bit) Kubernetes cluster (Helm charts). arm64 support is a must. A lot of projects only build amd64 Docker containers which don't run on my cluster.
I currently run:
- obenebs (provides abstraction for using local k8s worker disks as PVC mounts when running on-prem) -- https://openebs.io/
-
Finally got around to doing that Ceph on ZFS experiment
I didn't set anything actually -- I need to look into whether OpenEBS ZFS LocalPV can facilitate passing ZVOL options (I don't think it can just yet). The only tuning I did on the storage class was the usual ZFS-level options.
-
My self-hosting infrastructure, fully automated
What do you use to provision Kubernetes persistent volumes on bare metal? I’m looking at open-ebs (https://openebs.io/).
Also, when you bump the image tag in a git commit for a given helm chart, how does that get deployed? Is it automatic, or do you manually run helm upgrade commands?
-
Jinja2 not formatting my text correctly. Any advice?
ListItem( 'Kubernetes', 'https://kubernetes.io/', 'Container Engines and Orchestration', """Kubernetes is an open-source container-orchestration system for automating computer application deployment, scaling, and management.""" ), ListItem( 'Podman', 'https://podman.io/', 'Container Engines and Orchestration', """Podman is a daemonless, open source, Linux native tool designed to make it easy to find, run, build, share and deploy applications using Open Containers Initiative (OCI) Containers and Container Images.""" ), # Data Storage :: Block Storage ListItem( 'Amazon EBS', 'https://aws.amazon.com/ebs/', 'Data Storage :: Block Storage', """Amazon Elastic Block Store (Amazon EBS) is an easy-to-use, scalable, high-performance block-storage service designed for Amazon Elastic Compute Cloud (Amazon EC2).""" ), ListItem( 'OpenEBS', 'https://openebs.io/', 'Data Storage :: Block Storage', """OpenESB is a Java-based open-source enterprise service bus. It allows you to integrate legacy systems, external and internal partners and new development in your Business Process.""" ), # Data Storage :: Cluster Storage ListItem( 'Ceph', 'https://ceph.io/en/', 'Data Storage :: Cluster Storage', """Ceph is an open-source software storage platform, implements object storage on a single distributed computer cluster, and provides 3-in-1 interfaces for object-, block- and file-level storage.""" ), ListItem( 'Hadoop Distributed File System', 'https://hadoop.apache.org/docs/r1.2.1/hdfs_design.html', 'Data Storage :: Cluster Storage', """The Hadoop Distributed File System ( HDFS ) is a distributed file system designed to run on commodity hardware.""" ), # Data Storage :: Object Storage ListItem( 'Amazon S3', 'https://aws.amazon.com/s3/', 'Data Storage :: Object Storage', """Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services that provides scalable object storage through a web service interface.""" )
-
Building a "complete" cluster locally
Ideas from my kubernetes experience: * Cert-Manager is very popular and almost a must-have if you terminate SSL inside the cluster * Backups using velero * A dashboard/UI is actually very helpful to quickly browse resources, client tools like k9s are fine too * Secret: Management: Bitnami Sealed Secrets is the second big project in that space * I would add Loki to aggregate Logs * Never heard of ory. Usually I see (dex)[https://dexidp.io/] or keycloak used for Authentication * I like to run OpenEBS as in-cluster storage. * Istio isn't compatible with the upcomming ServiceMeshInterface (i think), so the trend seem to go toward Linkerd * Some Operator to deploy your favorite Database, is also a nice learning exercise.
Vault
- Terraform & HashiCorp Vault Integration: Seamless Secrets Management
-
Top Secrets Management Tools for 2024
HashiCorp Vault
-
Keep it cool and secure: do's and don'ts for managing Web App secrets
For a more comprehensive and robust secret management solution, get your hands on tools like GCP Secret Manager, or HashiCorp Vault. They're like the security guards of your secrets, providing a safe house, access control, and keeping logs of who’s been snooping around.
-
Kubernetes Secret Management
HashiCorp Vault is a popular tool for managing secrets in Kubernetes clusters. It offers advanced features such as secure storage, encryption, dynamic secrets generation, and integration with Kubernetes through its Kubernetes authentication method.
-
Champion Building - How to successfully adopt a developer tool
So you've just bought a new platform tool? Maybe it's Hashicorp Vault? Snyk? Backstage? You’re excited about all of the developer experience, security and other benefits you're about to unleash on your company—right? But wait…
-
AWS Secrets Manager for on-premise and other cloud accounts scaled architecture
You seem to be looking for a cross-platform solution, and https://www.vaultproject.io/ provides just that. If everything was in AWS, AWS Secret Manager might be great, but imo Vault provides much better platform-agnostic capabilities.
-
Show HN: Anchor – developer-friendly private CAs for internal TLS
https://github.com/openwrt/luci/blob/master/applications/luc...
https://developer.hashicorp.com/vault/tutorials/secrets-mana... https://github.com/hashicorp/vault :
> Refer to Build Certificate Authority (CA) in Vault with an offline Root for an example of using a root CA external to Vault.
-
The Complete Microservices Guide
Secret Management: Securely stores sensitive configuration data and secrets using tools like AWS Secrets Manager or HashiCorp Vault. Avoid hardcoding secrets in code or configuration files.
-
Horcrux: Split your file into encrypted fragments
The author of this tool basically took the Shamir code from Hashicorp Vault, which is pretty mainstream. If you're looking for a solid implementation, I would start there[0]. I wouldn't use the Shamir code from this repo, as it's an old version of the vault code using field arithmetic that doesn't run in constant time.
[0]: https://github.com/hashicorp/vault/blob/main/shamir/shamir.g...
-
OpenTF Announces Fork of Terraform
Out of curiosity, what do you mean by this? cross-cluster? they already have HA: https://github.com/hashicorp/vault/blob/v1.14.1/website/cont...
while digging up that link, I also saw one named replication: https://github.com/hashicorp/vault/blob/v1.14.1/website/cont...
What are some alternatives?
longhorn - Cloud-Native distributed storage built on and for Kubernetes
Keycloak - Open Source Identity and Access Management For Modern Applications and Services
democratic-csi - csi storage for container orchestration systems
sealed-secrets - A Kubernetes controller and tool for one-way encrypted Secrets
lvm-localpv - Dynamically provision Stateful Persistent Node-Local Volumes & Filesystems for Kubernetes that is integrated with a backend LVM2 data storage stack.
sops - Simple and flexible tool for managing secrets
k3s - Lightweight Kubernetes
etcd - Distributed reliable key-value store for the most critical data of a distributed system
Mayastor - Dynamically provision Stateful Persistent Replicated Cluster-wide Fabric Volumes & Filesystems for Kubernetes that is provisioned from an optimized NVME SPDK backend data storage stack.
OPA (Open Policy Agent) - Open Policy Agent (OPA) is an open source, general-purpose policy engine.
rook - Storage Orchestration for Kubernetes
bitwarden_rs - Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs [Moved to: https://github.com/dani-garcia/vaultwarden]