Ask HN: Are there any open source forks of nomad and consul?
Considering hashicorp has moved away from open source, does anyone know if there are any community forks of nomad and consul like there is now OpenTofu for terraform? I had been tired of waiting for someone (like Linux Foundation) to step up to provide opensource forks of Nomad and Consul. Had been 5 months and the new hashicorp's code has been changed (bugfixes, etc) and as the drift from the last opensource code becomes wider (even worst, a major change with major versions), i'm setup an organisation for the community to discuss and help on the future to work on the last opensourced version of consul and nomad. My organisation depends a lot on consul and nomad and the BSL makes it unnecessarily complicated for our case. https://github.com/OpenHotPot/OpenHotPot (Consul)
https://github.com/OpenHotPot/OpenNood (Nomad) OpenBao is a fork of Vault. I'm not sure how well-supported the project is, but there is a decent amount of enthusiasm. Serious question, why not just use kubernetes instead of Nomad? The only “kinda cool”, thing I saw with Nomad is that it can “orchestrate” binary files, not just containers. That said, putting binaries in containers isn’t very difficult. I like the single-binary approach that Nomad (and Consul) uses. Whereas, Kubernetes feels like a complicated web of services and APIs that need to work together. There's also a bunch of choices that need to be made up front when deploying Kubernetes to decide which distribution to use and which components you may or may not need. Kubernetes is a lot more flexible and powerful than Nomad, but Nomad is a lot easier to deploy and manage. Same reason why you use Ruby instead of Java, Nomad has its own opinionated way of doing things that jives with a lot of people. Why use a knife when you can use our EveryThingCutter-9000 that requires a week of training to operate. I actually wouldn't get really worked up about it since new owner introduces opportunities for new rules, doubly so given that IBM was one of the participants in OpenTofu so it seems they are more open source fans than not I've also heard that the fuck-you license change was actually a negotiation tactic for the acquisition If you look at what IBM did to centos and redhat, its definitely worth getting worked up about. I don't think the license for Nomad and Vault is bothering users as much, there are no businesses offering forks of it or SaaS like there were with Terraform (as far as I know). Doesn't look like it. * https://github.com/hashicorp/nomad/forks * https://github.com/search?q=nomad%20fork&type=repositories * https://www.google.com/search?q=hashicorp+nomad+forks There are products that do similar things of course. It's not at all what you're asking for, but when I last transferred away from Vault I ended up landing on 1Password. There are still some rough edges but it's been a decent secret store for my small team doing mostly Docker Compose/bare metal stuff. I'm curious to hear if any other people have managed to use open OR closed-source source password managers as Vault/Consul replacements. OpenBao[0] is a fork of Vault under the Linux Foundation We use and maintain this cross-platform/cross-lang secrets management option: https://github.com/neosmart/securestore-rs It keeps secrets out of your environment variables and lets you manage secrets the same way you do code (in lock-step with the code that uses it and as easy to update a secret just by pushing to git), but it's definitely for smaller teams or projects. It also has significantly fewer moving parts or dependencies. You can use etcd for service discovery...that's how k8s does it, no? As for nomad I never used it much, but did like that you could run things locally and have unified environments. I would recommend Nix but we all know what's going on there, sadly FOSS has been consumed by political infighting as well. For those who were unaware of the Nix situation (like me): I think etcd is basically a k8s only project now- Consul has a ton of quality of life stuff added on. There's always Zookeeper. Anything but Zookeeper! It was written long before the cloud was a thing, relies on hard-coded IPs, and is practically impossible to operate idiomatically in a cloud environment (unless you’re using statefulsets in K8S to paper over it). It has served us well over the past two decades, but it’s nigh time to give it the proper burial ceremony it deserves. ZK in statefulsets can still get wedged super hard, especially if you power cycle all the nodes. It's pretty unpleasant. > I think etcd is basically a k8s only project now I hate etcd with the best of them, but etcd is used in a lot more places than just kubernetes: https://github.com/apache/apisix/blob/master/docs/en/latest/... https://github.com/traefik/traefik#:~:text=Etcd, https://github.com/zalando/patroni#patroni-a-template-for-po... https://github.com/purpleidea/mgmt/tree/0.0.26/etcd (this one shows up on HN quite a bit) https://github.com/sorintlab/stolon#features It's actually one of the major reasons I wouldn't touch those projects It doesn't seem so. I really love Nomad's UX, so I hope we get one sometime soon-ish. I will start one if there is community interest, which it seems like there is. Not that I've found and it would make sense there isn't really. Kubernetes with all it's warts is clear Nomad equivalent and insert random Kubernetes service mesh here. I know neither of them are as nicely opinioned at those two services but there is starting to be plenty of more opinioned Kubernetes deployments. Could you maybe elaborate on what you consider an opinionated kubernetes deployment? Are there some open source projects you find promising? Opinionated meaning it picks, install, patches your CNI/Ingress/Load Balancer/DNS Server/Metrics Server/Monitoring Setup. k3s is probably most well known as it ships with bunch of preinstall software: https://github.com/k3s-io/k3s so you can just start throwing yaml files at cluster and handling workloads. It's what I use for my homelab. Paid things I've heard of include OpenStack and SideroLabs. Haven't used personally by SRE coworkers say good things about them. Thanks, now I get what you mean. I’ve always called that a kubernetes distribution. Plain kubernetes is as useless as a plain Linux kernel without a userland around it, and normally you don’t want to build a kubernetes or Linux distribution from scratch. Most hosted options like GKE also fall into this category - networking, load balancers, and to a certain extent monitoring is all set up for you. Yea, biggest thing I see missing in EKS/GKE/AKS is they don't come with Ingress Controller out of the box which is really frustrating. By default, they really should install Ingress-Nginx unless administrator asks for not to be installed. It's pretty minor problem overall though. AWS used to have an integrated Ingress Controller - It just sucked (At least partially because it was built by Google, not AWS). That AWS didn't take over hosting of it (it's not even available as an add-on!) when Kubernetes the Project removed the first-party support of it is... Well, it's a statement by AWS. They were dragged kicking and screaming into Kubernetes at all, because they see it as hurting their moat, and have stalled the Ingress project quite a bit. This startled me too in the beginning. I was expecting something built in, pre-wired to one of the commercial cdn/reverse proxy offerings (like cloudfront or Azure CDN). But honestly I think the big cloud providers don’t want their kubernetes offerings to be too easy to use, they try to nudge inexperienced people to use their proprietary serverless products. Kubernetes does make switching to another cloud provider far too easy ;) GKE does ship with both Ingress and Gateway controllers integrated, they set up GCP load balancers with optional automatic TLS certificates. I think you need to flip a flag on the cluster object to enable the Gateway controller. Really weird to see "opinionated" used as a good thing. Most people, including Tech people, with software just want a list of sensible defaults out of the box. You are installing Calico, Ingress-Nginx, CoreDNS, MetalLB, cert-manager and ArgoCD out of the box? Cool, some deployment/service/ingress YAML later and my workloads are cooking. As SRE who deals with a ton of Kubernetes clusters, I find a ton of needlessly complex clusters because rookies setting up the clusters didn't understand the implications of their actions and grabbed whatever a blog post said was good idea. There is https://www.serf.io/ which is a Hashicorp project as well, but the license doesn't seem as bad as nomad and from what I understand it's the basis for things like nomad and consul. Learned about it in this blog post: https://fly.io/blog/building-clusters-with-serf/ > Serf is a decentralized solution for service discovery and orchestration that is lightweight, highly available, and fault tolerant. I'm confused. Isn't that what consul originally was? Serf is used within Consul for agent to agent checks (and some communication). There's an entire subsystem called the 'serf check' that shows up within every single Consul agent. It's one component of the entire 'Consul' system. Consul is built upon the Serf library. https://www.serf.io/intro/vs-consul.html IIRC Serf is mostly a library; I think the product around it is more for demonstration than actual expected use. Consul uses libserf for it's gossip protocol.