iluminae

Looks more like a Bichon Frise rather than a Poodle - but probably an unnecessary distinction, as it is still cute.

Are you running them from your user session? If so, when you log out it will stop your processes, unless you have enabled 'linger' mode.

You could write a script that just restarts your container, make sure unprivileged users cannot edit it, and do one of two things:

1. make a sudoers entry for your unprivileged account to call just that script as a user in the docker group with sudo
2. use setuid on the script to have it execute from the docker group even when executed by users

K8s has a mild solution to chicken and egg situations for nodes - the nodes support 'static manifests' which can be pods they know how to bring up before ever connecting to the API server. So you could have your wireguard peer be brought up this way. Downside is while those static manifests show up in k8s APIs, they aren't fully manageable since they are defined by files on disk.

Wave soldering machine - they basically suspend the whole board above a vat of solder, it bonds anywhere it can. So if they don't need that chip on this model, it's getting solder anyway.

Yea it's very easy to learn enough to run, it has built-in service discovery and secrets now, and writing parameterized jobs feels so much nicer than a helm chart in k8s.

10/10, would orchestrate again

I use k8s at work a lot - I choose to use Nomad at home, you may want to add that to your shortlist.

I am nearly complete migrating my ceph cluster and nomad compute cluster to arm :shrug:

My day job is a lot of kube/openshift so nomad is refreshing. Having the template blocks are amazing and makes it so that much of what helm gave me is not required. Parameterized jobs are the best once you find a good use case for them!

• 33 nomad jobs, most being containers
• 12 physical nomad clients
  • 3 amd64 poweredge
  • 2 pi4
  • 6 Nano Pi r5c
  • 1 odroid M1
• Ceph: (nomad orchestrated)
  • 8 OSD
  • 50TB total raw disk

A year or two ago (whenever docker changed the business license of docker for Mac) I changed to podman and aliased docker=podman. It behaves the same, you would just about never know rootful podman vs docker.

Rootless podman is super cool and a much better security ideal - but comparing more apples to apples would be podman running as root vs docker.

Buildah lacks any sort of caching

... what? assuming you are using a Containerfile.... what? It's.... the same as docker on layer caching. The --cache-to and --cache-from flags are particularly sweet.