One month with TrueNAS Scale (now in RC-1 stage) and Kubernetes
- Thread starter jeyare
- Start date
- Latest activity Latest activity:
- Replies 34
- Views 17,415
Currently reading
One month with TrueNAS Scale (now in RC-1 stage) and Kubernetes
I will say if push comes to shove and the locking down rolls down to the NAS models I run that I would probably migrate over to TrueNAS. For now, the saving grace of Synology is a provided supported product that doesn't require alot to run it and thus far I haven't had any real issues other than the C2000 processor failure, but they can not be blamed for that.
the question of whether you looked at:
- TrueNAS Core (FreeNAS) based on FreeBSD and running from 2009 (first release)
or
- TrueNAS Scale, which is in DEV since 1/2021 based on Debian
These are two fundamentally different products with two common denominators: OpenZFS and Angular-based UI.
FreeNAS/Core is based on community support, while Scale is based on Community & Professional Support (up to 24x7x365).
here is a detailed comparison:
Linux Containers (Docker), Pods (K8's) support
neither Docker containers, nor k8 (just k3)
- TrueNAS Core (FreeNAS) based on FreeBSD and running from 2009 (first release)
or
- TrueNAS Scale, which is in DEV since 1/2021 based on Debian
These are two fundamentally different products with two common denominators: OpenZFS and Angular-based UI.
FreeNAS/Core is based on community support, while Scale is based on Community & Professional Support (up to 24x7x365).
here is a detailed comparison:
which isn't valid in one row (Scale part):
Help Me Choose Between TrueNAS CORE, SCALE, or Enterprise
TrueNAS has three editions to choose from. Let us help you choose which edition of TrueNAS is right for you.www.truenas.com
Linux Containers (Docker), Pods (K8's) support
neither Docker containers, nor k8 (just k3)
I would be careful with this wording:
DSM is so overwhelmed by old things that running it on a new Linux core is a dream rather than a reality. This is related to the support of new CPUs, MoBo architectures/components, PCIe buses, ...
One thing I have to admit is that it used to be a joy to do a new DSM upgrade (still on 6v on my all NASes). Today, after the upgrade, the UPS daemon does not work, especially on the DSM7 UPS, disks, ...
in recent 2 years, this support has deteriorated not only in terms of support for 3rd part drives/RAM, but also the 1st level support itself. My optics may be distorted, but when I write to Syno support, it's not a trivial matter. And the solution score is well below 50%.
DSM is so overwhelmed by old things that running it on a new Linux core is a dream rather than a reality. This is related to the support of new CPUs, MoBo architectures/components, PCIe buses, ...
One thing I have to admit is that it used to be a joy to do a new DSM upgrade (still on 6v on my all NASes). Today, after the upgrade, the UPS daemon does not work, especially on the DSM7 UPS, disks, ...
- 1,069
- 444
What is Helm support? Since Helm3 you don't need to initialize a backend component - access to the kubeapi and a sufficient set of permissiosn should be enough to use Helm3.
On a second thought I guess you are talking about the limitation that the TrueCharts APP doesn't support custom deployments based on Helm3? Would it help to run your own app catalog using something like Kubeapps, deploy your applications in Kubernetes
- 1,069
- 444
Last edited:
@one-eyed-king
yeap,
they just support GUI deployment trough the TrueCharts APP catalogue
no way to use Helm in other ways as by installing, so:
You need first deploy Helm, then Helmcharts
You can use Helmcharts
You can create any Pod and all the customization
everything deployed by this way is lost after next upgrade
all is summarized in this sentence from the TrueNAS forum:
there is still unanswered question:
- who is the target of the Scale product?
If average homelab admin, then everything is fine. You can install your container trough TrueChart APP with weak customization, strictly with the defined template contains a default values (some you can’t change). Source of the container is unclear and you will be during the lifespan of the container dependent from two sources:
- creator of the container
and
- TrueCharts - group of randomly composed people.
It means that you can’t decide when you will use what version of the container publicly available - you need:
- wait for the TrueCharts people do deploy the container to their template
- wait for the TrueCharts people for new version of the container deployment
and here is the most important point:
you can’t change setup of your Pod by CLI. Just GUI way is enabled.
Is it really in line with an Enterprise expectation?
yeap,
they just support GUI deployment trough the TrueCharts APP catalogue
no way to use Helm in other ways as by installing, so:
You need first deploy Helm, then Helmcharts
You can use Helmcharts
You can create any Pod and all the customization
everything deployed by this way is lost after next upgrade
all is summarized in this sentence from the TrueNAS forum:
-- post merged: --
there is still unanswered question:
- who is the target of the Scale product?
If average homelab admin, then everything is fine. You can install your container trough TrueChart APP with weak customization, strictly with the defined template contains a default values (some you can’t change). Source of the container is unclear and you will be during the lifespan of the container dependent from two sources:
- creator of the container
and
- TrueCharts - group of randomly composed people.
It means that you can’t decide when you will use what version of the container publicly available - you need:
- wait for the TrueCharts people do deploy the container to their template
- wait for the TrueCharts people for new version of the container deployment
and here is the most important point:
you can’t change setup of your Pod by CLI. Just GUI way is enabled.
Is it really in line with an Enterprise expectation?
- 1,069
- 444
Last edited:
I wouldn't concider the ootb missing helm cli command on the node not as missing helm support.
But it sounds like the original problem is that the cluster state (which normaly is persistant in a etcd3 cluster) is not persistent, which makes helm deployments ephemeral. Having the configmaps/secrets that helm uses to store helm state indeed makes it unbearable to use.
Idiots
The usual game: take something that is proven to be excellt. Bend it to force your opinion/philosophy on it as long as the deviation from the standard makes it a pain to use. scarry....
Not storing cluster state actualy says a lot: it is not ment to be used by the user, it just happend to be the runtime for their truechart apps.
But it sounds like the original problem is that the cluster state (which normaly is persistant in a etcd3 cluster) is not persistent, which makes helm deployments ephemeral. Having the configmaps/secrets that helm uses to store helm state indeed makes it unbearable to use.
Idiots
The usual game: take something that is proven to be excellt. Bend it to force your opinion/philosophy on it as long as the deviation from the standard makes it a pain to use. scarry....
-- post merged: --
Definitly not.
Not storing cluster state actualy says a lot: it is not ment to be used by the user, it just happend to be the runtime for their truechart apps.
Last edited:
Even worse,
you are limited by the default template setup (encapsulation of the container) with values (another yaml). Just for example - you can’t run Unifi controller from Linuxservers distro, only from Jacobalberty (which isn’t bad). But you can’t define all the possible Enviro variables, because TrueCharts values.yaml contains only few of them (amateurs or idiots). And in the TrueCharts GUI you can see only what is stored in the values.yaml.
Yes, it is great attitude for folks need ASAP run “SQLite browser” in k3s. But out of my expectations.
Here is a list of supported TrueCharts:
github.com
you can’t find there more than 10% useful for SMB, unless it is the main purpose of the SMB to operate torrent download or similar pearls.
Great.
you are limited by the default template setup (encapsulation of the container) with values (another yaml). Just for example - you can’t run Unifi controller from Linuxservers distro, only from Jacobalberty (which isn’t bad). But you can’t define all the possible Enviro variables, because TrueCharts values.yaml contains only few of them (amateurs or idiots). And in the TrueCharts GUI you can see only what is stored in the values.yaml.
Yes, it is great attitude for folks need ASAP run “SQLite browser” in k3s. But out of my expectations.
Here is a list of supported TrueCharts:
charts/charts/stable at master · truecharts/charts
Community Helm Chart Repository. Contribute to truecharts/charts development by creating an account on GitHub.
github.com
Great.
I pointed out to iXsystems that their partner TrueCharts also has in its catalogue of charts some items that should not exist there from the point of view of basic safety principles - they contain Critical CVEs. I suggested to them that the CVE check status needs to be pinned in the catalogue so that the user knows in advance what he is installing - or simply they don't allow such charts to appear in the list by design. That was in November 2021.
Today is May 2022.
The TrueCharts catalogue contains a CVE check. Great.
The TrueCharts catalogue still contains containers that contain Critical CVEs. Bad.
Example - Airsonic chart:
Reason:
Following the TrueCharts github - Chart template (chart.yaml) we can read the sources of the container:
github.com
it is Airsonic itself
or linuxserver
However, the Airsonic container source (image) for the TrueCharts was lastly updated by the developer 2 years ago:
github.com
with a big message from the developers:
In November 2021, I advised them to remove such containers from the list. Nothing like that happened. Because the list must be large, otherwise they do not attract users. this will cause low interest in the Scale (from the usage of containers). After all, 80% of users do not understand this and who would still take care of security issues? Great approach, though?
But here the situation is changing because:
- it is no longer just a random search for containers, which the user installs himself
- this is already an umbrella activity to provide deployment through a trusted partner (TrueCharts) of the Scale system (iXsystems)
That's a dramatic difference.
Btw:
this container is also available from linuxservers. But with the same message:
But the TrueCharts isn't pointed to the new container's Airsonic-Advanced image.
Conclusion:
If this is the only iXsystems partner for the massive deployment of Kubernetes through the new Scale product, then it's almost a road to hell. So much for responsibility on both sides (iXsystems + TrueCharts).
Or an excellent example of flexibility from TrueCharts.
In a world where the user is not limited, what source to use for container deployment would be very easy to solve.
However, In a world where you need to use TrueCharts only, it is a disaster.
Today is May 2022.
The TrueCharts catalogue contains a CVE check. Great.
The TrueCharts catalogue still contains containers that contain Critical CVEs. Bad.
Example - Airsonic chart:
Reason:
Following the TrueCharts github - Chart template (chart.yaml) we can read the sources of the container:
apps/Chart.yaml at master · truecharts/apps
Community App Catalog for TrueNAS SCALE. Contribute to truecharts/apps development by creating an account on GitHub.
github.com
or linuxserver
However, the Airsonic container source (image) for the TrueCharts was lastly updated by the developer 2 years ago
:GitHub - airsonic/airsonic: Airsonic, a Free and Open Source community driven media server (fork of Subsonic and Libresonic)
:satellite: :cloud: :notes:Airsonic, a Free and Open Source community driven media server (fork of Subsonic and Libresonic) - GitHub - airsonic/airsonic: Airsonic, a Free and Open Source community...
github.com
so how gents from the TrueCharts can change this critical CVE? No way.
In November 2021, I advised them to remove such containers from the list. Nothing like that happened. Because the list must be large, otherwise they do not attract users. this will cause low interest in the Scale (from the usage of containers). After all, 80% of users do not understand this and who would still take care of security issues? Great approach, though?
But here the situation is changing because:
- it is no longer just a random search for containers, which the user installs himself
- this is already an umbrella activity to provide deployment through a trusted partner (TrueCharts) of the Scale system (iXsystems)
That's a dramatic difference.
Btw:
this container is also available from linuxservers. But with the same message:
But the TrueCharts isn't pointed to the new container's Airsonic-Advanced image.
Conclusion:
If this is the only iXsystems partner for the massive deployment of Kubernetes through the new Scale product, then it's almost a road to hell. So much for responsibility on both sides (iXsystems + TrueCharts).
Or an excellent example of flexibility from TrueCharts.
In a world where the user is not limited, what source to use for container deployment would be very easy to solve.
However, In a world where you need to use TrueCharts only, it is a disaster.
I actually registered an account to reply to this thread.
Agree that TrueNAS scale has a lot of potential, but some interesting decisions have been made.
For me, I have 2x Xeon powered Synology units- I'd really like to spin up a VM on each one, then maybe a more powerful VM on my own hardware running TrueNAS Scale and have a k3s cluster.
But TrueNAS Scale has only a single host version of k3s and it's unclear if you can add to it...
And the Truecharts support person was actively hostile to me when I asked questions- like '30 years of support and this stands out' type of hostile
Agree that TrueNAS scale has a lot of potential, but some interesting decisions have been made.
For me, I have 2x Xeon powered Synology units- I'd really like to spin up a VM on each one, then maybe a more powerful VM on my own hardware running TrueNAS Scale and have a k3s cluster.
But TrueNAS Scale has only a single host version of k3s and it's unclear if you can add to it...
And the Truecharts support person was actively hostile to me when I asked questions- like '30 years of support and this stands out' type of hostile
@aconnor
TrueCharts path to containerization is incompatible with my view of flexibility / security / freedom
When I openly and freely wrote to them where they have security holes, I became a dangerous creature. It's light years away from the approach of the LinuxServer.io guys.
TrueCharts path to containerization is incompatible with my view of flexibility / security / freedom
When I openly and freely wrote to them where they have security holes, I became a dangerous creature. It's light years away from the approach of the LinuxServer.io guys.
Create an account or login to comment
You must be a member in order to leave a comment
Create account
Create an account on our community. It's easy!
Log in
Already have an account? Log in here.
Similar threads
https://www.theregister.com/2020/11/14/google_android_data_allowance/
Welcome to SynoForum.com!
SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.
Registration is free, easy and fast!
Trending threads
-
-
Synology Blog Decoding myths associated with data deduplication- Started by Synology RSS
- Replies: 0
-
-
NAS Compares Synology NAS Noctua Fans and Velcro Mod – DS923+ / DS423+ / DS920+ / DS420+ / DS918+- Started by NAS Compares
- Replies: 2
-
DNS Relay using Container Manager- Started by southerndoc
- Replies: 1
-
Reaching global.download.synology.com through Palo Alto firewall- Started by Hein
- Replies: 3