IdeaWell

Project ideas from Hacker News discussions.

Uncloud - Tool for deploying containerised apps across servers without k8s

Original Article

Hacker News Discussion

πŸ“ Discussion Summary (Click to expand)

The three most prevalent themes in the Hacker News discussion about Uncloud are:

  1. Kubernetes Overkill for Simpler Needs: Many users agree with the creator's premise that Kubernetes (K8s) is often overly complex for small-to-medium deployments spanning a few machines, making simpler alternatives appealing.

    • Quotation: "I keep seeing teams reach for K8s when they really just need to run a bunch of containers across a few machines with decent networking, rollouts, and HTTPS." ("psviderski")
    • Quotation: "We’re saying that the _excess_ of K8s can sometimes get in the way of simpler deployments. Even streamlined Kubernetes (microk8s, k3s, etc) still ultimately bring _all of Kubernetes_ to the table, and that invites complexity when the goal is simplicity." ("stego-tech")

  2. Security Concerns Over Installation Method: A significant portion of the feedback focused negatively on the initial machine setup process involving an insecure remote script execution.

    • Quotation: "Lots of curl | bash run as root. While I would love to test this tool, this is not something I would run on any machine :/" ("tex0")
    • Quotation: "I wanted to try it out but was put off by this[0]. It’s just straight up curl | bash as root from raw.githubusercontent.com." ("redrove")

  3. Comparisons to Existing Simpler Orchestrators (e.g., Docker Swarm/Nomad): Users frequently compared Uncloud to existing multi-machine container tools that also attempt to avoid the full complexity of K8s, notably Docker Swarm.

    • Quotation: "How's this similar to and different from Kamal? https://kamal-deploy.org/" ("olegp")
    • Quotation: "I’m a docker swarm user, and this is the first alternative that looks interesting to me!" ("raphinou")
    • Quotation: "You can't really do anything with it except work for Hashicorp for free, or create a fork that nobody is allowed to use unless they self-host it." (Referring to Nomad's license, "weitendorf")

πŸš€ Project Ideas

Container Infrastructure Hardening & Package Manager

Summary

  • A utility that securely prepares new host machines for cluster membership by managing package installation, configuration, and security hardening steps, eliminating the "curl | bash as root" installation pattern.
  • Core value proposition: Secure, verifiable onboarding of infrastructure nodes.

Details

Key Value
Target Audience Users adopting Uncloud (or similar tools like Nomad) on bare metal or untrusted cloud VMs, motivated by security concerns regarding the current curl | bash initialization scripts.
Core Feature A CLI tool/package repository that provides cryptographically verifiable installation (e.g., apt/dnf/apk packages or signed binaries) of the required runtime (Docker/Podman) and the Uncloud service agent onto new host machines, replacing insecure remote execution.
Tech Stack Go (to align with Uncloud's core), GPG/Sigstore for code signing, Package Manager infrastructure (e.g., hosting Debian/RPM repositories).
Difficulty Medium
Monetization Hobby

Notes

  • Why HN commenters would love it: Addresses the major security friction point raised directly against Uncloud: "This is not something I would run on any machine :/ ... I don’t want to think about security in general for the product." (tex0, redrove). Offering package management integration addresses the best practice suggestion: "The correct way would be to publish packages on a proper registry/repository" (yabones).
  • Potential for discussion or practical utility: This product pivots the discussion from platform choice to operational trust. If secured properly, it legitimizes using tools outside of major cloud ecosystems for production.

Declarative Multi-Stack Network Isolation Layer

Summary

  • A configuration layer, likely an extension of the docker-compose spec via x- fields, that enforces network segmentation between different deployed application stacks within the Uncloud cluster.
  • Core value proposition: Provides essential default network isolation (similar to Docker Swarm stacks/networks) while retaining the simplicity of the Uncloud deployment model.

Details

Key Value
Target Audience Users migrating from Docker Swarm who want to maintain network separation between "stacks" (like Traefik vs. internal services) and users needing structure for multi-tenant applications.
Core Feature Introduces optional scoping/namespace functionality in compose.yaml for networking, ensuring services in different defined stacks cannot communicate unless explicitly bridged via a shared network definition.
Tech Stack Go (as an extension/pre-processor for Uncloud CLI), WireGuard configuration integration, utilizing Rust/Go implementations of CRDT/Corrosion for state propagation of network policies.
Difficulty Medium
Monetization Hobby

Notes

  • Why HN commenters would love it: Addresses the lack of isolation raised by Swarm users: "My personal preference is to have the different stack isolated by default" (raphinou). It provides a needed feature while respecting the core design goal of avoiding K8s complexity: "I like that I can put my containers to be exposed on the traefik-public network, and keep others like databases unreachable" (raphinou).
  • Potential for discussion or practical utility: This is a direct, needed feature gap identified in the comments regarding default behavior ("Yes, there is no network isolation between containers from different services/stacks at the moment" - tontony).

Self-Hosted Database Management UI (PaaS Value-Add)

Summary

  • A lightweight, self-hostable web UI designed specifically to manage the operational lifecycle (provisioning, health checks, automated backups) for common self-hosted databases (e.g., Postgres, MySQL, Redis) running outside the main Uncloud compute cluster.
  • Core value proposition: Solves the operational anxiety of reliable, self-managed database backups and monitoring for small/medium environments, bridging the gap between simple container orchestration and full-spectrum PaaS functionality.

Details

Key Value
Target Audience Users attracted to Uncloud's simplicity who still have critical stateful workloads (databases) but lack the operational staff or confidence to manage backups and monitoring manually.
Core Feature A web dashboard that integrates with host machine credentials or volume paths to schedule and verify database backups to object storage, providing a vastly simpler alternative to setting up full K8s storage solutions (like Rook/Cilium/Storage Provisioners).
Tech Stack Frontend (React/Vue), Backend (Go/Rust), interacting with host OS/Docker for database status, and cloud SDKs (S3/MinIO) for backup storage.
Difficulty High (due to robust backup verification requirements)

Notes

  • Why HN commenters would love it: This directly pursues the monetization path mentioned by the creator ("managed (SaaS) webUI for managing remote clusters and apps on them with value-added PaaS-like features"). It solves the anxiety expressed by Dewey: "I have to set up scripts to do backups, set up scripts to see if my backups are being done correctly, set up metrics to see backups sizes, database sizes etc."
  • Potential for discussion or practical utility: Since Uncloud focuses on compute orchestration, dedicated, simple state management tooling is a natural, high-value extension that avoids introducing K8s storage complexity.