Demo needs a warning for root usage and places binary in /usr/sbin

[chasemp]

How To Reproduce

Visit https://docs.k0sproject.io/v0.9.1/ and follow demo gif

Expected behavior

The demo runs a command which downloads and runs arbitrary code as root from the internet. This is a model that should be marked as non-production use only explicitly in the docs. This is never something someone should actually do on a machine they care about. The demo also installs the binary in /usr/bin which violates the normalized usage of the Filesystem Hierarchy Standard.

Typically, /usr/local is expected to be used for non-distro binaries and packages. /usr/bin in particular is for non-essential binaries and k0s would most probably belong in /sbin.

The appropriate directory is either /opt/k0s/sbin/ or /usr/local/sbin.

root@ip-172-31-12-11:~# which k0s

/usr/bin/k0s

[kke]

I think the repo for (get.)k0s.sh is https://github.com/k0sproject/get ? I commented the same earlier in https://github.com/k0sproject/get/pull/1#discussion_r542257307

In my opinion, get.k0s.sh should just directly return the binary, no scripts. Then you can place it wherever you want to.

$ curl get.k0s.sh/$(uname -m) > k0s
$ chmod +x k0s

Any "official" installation should be done via package manager.

The API for k0s.sh would be something like:

• /:arch gives the latest bin for that arch
• /:arch/:version gives a specific version for that arch, maybe with aliases such as /x86_64/beta which would give you the latest beta.

Pretty much like downloading from github but with easier urls. I guess the implementation would redirect the request to the asset url in github.