IndieHosters - NLnet - Privacy & Trust Enhancing Technologies (deadline December 2020) (rejected)

Candidature NLNet

Next deadline: December 1st 2020 12:00 CET (noon)

Privacy & Trust Enhancing Technologies

1. Abstract: Can you explain the whole project and its expected outcome(s).

As we observe a rapid-growing awareness of FLOSS collaborative applications such as Nextcloud, Rocketchat, Jitsi… A consequent realization which follows is that privacy and trust are deeply linked to how and who is hosting these tools.

As a response, our non-profit association, IndieHosters, chose the way of offering ethical hosting. We worked with Framasoft to initiate the CHATONS collective in 2016 and, since then, we have been working to serve the needs of collectives and organizations of all sizes with the best FLOSS tools.

And this wouldn’t be possible without k8s.libre.sh, a free and libre distribution for Kubernetes. We carefully curate operators for the backing services (think s3, Postgres, Redis, emails) and package them with the necessary dependencies. Once wrapped, you’re ready to host at scale.

We’ve been using it in production for a year now at IndieHosters. Our aim now is to polish its code, integrate unit testing, and fully automatize it. Not only will it help us in answering better the growing demand we’re facing, but also empower other ethical hosters. Ultimately, all this participate in building trust with more privacy-conscious users and serve them the best FLOSS solution out there at scale.


2. Have you been involved with projects or organisations relevant to this project before? And if so, can you tell us a bit about your contributions?

Requested support ? (from 5k to 50k)

  • 50 000 €

3. Explain what the requested budget will be used for?

Does the project have other funding sources, both past and present?
(If you want, you can in addition attach a budget at the bottom of the form)

At the moment, all developments have been funded by IndieHosters. k8s.libre.sh is a community-owned project involving contributors from other collectives based in Europe and federated together by the Librehosters initiative. Feel free to check our OpenCollective page: https://opencollective.com/libresh

That being said, our day-to-day occupation as hosters refrain us to allow more time than the bare minimum needed to make it work for our specific needs.

The budget we’re asking will fund research effort for k8s.libre.sh to reach its next step: version 1 of a fully automated distribution for Kubernetes environment usable by any hoster around willing to serve FLOSS tools at scale.

To achieve this goal, we intend to address the following key points included in the life cycle of any software needed to be served for thousands of users in a high availability fashion and a secured environment:

User comes with their Kubernetes cluster (we generally recommend Kubermatic for that) and helped with k8s.libre.sh, they should be able to:

  • start rolling with a ready ecosystem of operators carefully curated and already fully tested to be working well together
  • cherry-pick FLOSS end-user application such as Nextcloud, RocketChat… and deploy them with a single-line command
  • have these deployed apps configured automatically to work well together, according to a few set of yes/no questions
  • deploy a single sign-on solution on top for end-users authentification if needed
  • auto-update the deployed instance
  • auto-backup the deployed instance
  • restore a backup
  • monitor, observe, log general activity of the instance

Our budget estimation is 100 days of development work. The budget will be shared between one of our developers and will allow hiring one dedicated freelance for the project. Meeting time will be taken care of by IndieHosters internal budget. If needed, IndieHosters is able to contribute with an additional 5000€.

All of this being freely open under an AGPL license, we wish k8s.libre.sh to ignite an open community of hosters sharing their best deployment recipes and practices and hopefully making it a best-in-class Kubernetes distribution easy to adopt.

This would unlock many benefits for the community of ethical and independent hosters furthermore allow more and more people to switch to online tools respectful of their privacy.

4. Compare your own project with existing or historical efforts.

  • YunoHost and FreedomBox are two projects also aimed at making hosting easier for all. Their approach is oriented towards DIY enthusiasts and makers. We’re big fans of Yunohost. It’s low on resources and its friendly UX makes it perfect for family and friends’ needs. Nonetheless, it’s not made to scale. Also, most people don’t know nor have enough interest in running their own server. Hence, they need to trust and rely on a hoster able to serve their favorite FLOSS apps.

  • A more similar approach to ours could be seen in a project such as OpenAppStack by Greenhost.

5. What are significant technical challenges you expect to solve during the project, if any?

k8s.libre.sh is an opinionated but modular Kubernetes distribution. We don’t have a strong opinion about lower layers, but we want to collaborate on top. We propose a selection of FLOSS tools and develop the ones missing.

Main challenges:

  • Automatize deployment and management of a Kubernetes cluster (Ansible playbooks)
  • Automatize deployment and management of a ceph cluster
  • Kubernetes Operators
    • development of a library to build Kubernetes operators - (currently pre-alpha version - libre.sh / kubernetes / controller-utils · GitLab)
    • development of upstreams application operators - upstream operators are unopinionated and customizable building blocks to manage your application lifecycle on Kubernetes. It only cares about the application process.
    • development of libre.sh operators - libre.sh operators are opinionated operators. With a few lines of YAML, you should be able to manage the whole lifecycle of your application. This operator deploys and configures the application as a whole (backend, frontend, database, storage…).

Not ‘technical’ but also challenging:

Experimental part:

6. Describe the ecosystem of the project, and how you will engage with relevant actors and promote the outcomes?

k8s.libre.sh should be usable and appropriable by any hosters.

IndieHosters already started to give training to other collectives such as Open Source Politics to host Decidim on k8s.libre.sh

Application Developers can benefit from k8s.libre.sh. All “upstream operators” are contributed upstream, enabling wider adoption of the software.

Other PaaS and SaaS projects such as openappstack. k8s.libre.sh share some technical challenges and solutions with such projects.

Attachments

Attachments: add any additional information about the project that may help us to gain more insight into the proposed effort, for instance a more detailed task description, a justification of costs or relevant endorsements. Attachments should only contain background information, please make sure that the proposal without attachments is self-contained and concise. Don’t waste too much time on this. Really.