GeneBeanProgress on my latest endeavor: I’m building a #k8s setup centered around #k3s, the #Cilium CNI, and the #Linkerd service mesh. My goal is to run this atop an immutable #Linux distro with #SELinux enabled. Sadly, the Cilium bits don’t work with @fedora #CoreOS without disabling SELinux even without Cilium’s Envoy daemonset. Barring some breakthrough in figuring out why that is, I’m planning to try @opensuse #MicroOS next. Its use of btrfs is quite appealing.
I’ve got these bits running in a vm now so next is to add #Multus CNI, kube-vip, & something to provide for load balancer services. I’m going to check out the option in Cilium and see if it’s a good alternative to #MetalLB. Once that’s sorted, it’s going to be time for #ArgoCD & the #Nginx ingress (ingress-nginx). After that I have a several pieces of the puzzle to finish researching and assembling as a PoC.
bashfulrobot / Dustin Krysak@genebean the lb stuff works decent. Using cilium for LB, cni, ingress and gateway api.
Paul Chaignon@pchaigno Here is what I see on @fedora 40.20240701.3.0 (CoreOS) I also found this in the system logs:
Jul 29 01:31:23 fcos-vm1 audit[4196]: AVC avc: denied { transition } for pid=4196 comm="runc:[2:INIT]" path="/usr/bin/dash" dev="overlay" ino=12624438 scontext=system_u:system_r:unconfined_service_t:s0 tcontext=system_u:system_r:spc_t:s0 tclass=process permissive=0
