Pages

Monday, August 8, 2022

PodMan

Podman is container runtime engine like docker, Rocket, Drawbridge, LXC. 


podman login -u username -p password registry.access.redhat.com
podman pull [OPTIONS] [REGISTRY[:PORT]/]NAME[:TAG]

podman ps -a
podman search <image-name>
podman pull <image-name>
podman images
podman run <image-name> echo 'Hello world!'
podman run -d -p 8080 httpd << Run a container with image httpd in background with -d
podman port -l <<  Displays port details of last used container
podman run -it ubi8/ubi:8.3 /bin/bash << Run and enter to bash of a container with -it
podman run --name MySQL-custom \ 
    -e MYSQL_USER=Ruser -e MYSQL_PASSWORD=PASS \
    -e MYSQL_ROOT_PASSWORD= PASS \
    -d MySQL
podman ps --format "{{.ID}} {{.Image}} {{.Names}}"

 

Root and Rootless Containers

sudo podman run --rm --name asroot -ti httpd /bin/bash
podman run --rm --name asuser -ti httpd /bin/bash

podman run --name my-httpd-container httpd << Custom name to pod with --name
podman exec httpd-container cat /etc/hostname << Running commands in container with exec
podman stop my-httpd-container
podman kill -s SIGKILL my-httpd-container << send custom kill signals by -s
podman restart my-httpd-container
podman rm my-httpd-container


podman rm -a << Remove all pods
podman stop -a << Stop all pods


podman exec mysql /bin/bash -c 'mysql -uuser1 -pmypa55 -e "select * from items.Projects;"'
Sharing a local directory to container. 

First setup the local directory with proper selinux permission
mkdir /home/student/dbfiles
podman unshare chown -R 27:27 /home/student/dbfiles << 
sudo semanage fcontext -a -t container_file_t '/home/student/dbfiles(/.*)?'
sudo restorecon -Rv /home/student/dbfiles
ls -ldZ /home/student/dbfiles 

The mount the path with -v location_in_local:location_in_container 
podman run -v /home/student/dbfiles:/var/lib/mysql rhmap47/mysql
podman unshare chown 27:27 /home/student/local/mysql

 Port management


podman run -d --name apache1 -p 8080:8080 httpd
podman run -d --name apache2 -p 127.0.0.1:8081:8080 httpd
podman run -d --name apache3 -p 127.0.0.1::8080 httpd
podman port apache3

Podman Image Management
Podman is available on a RHEL host with the following entry in /etc/containers/ registries.conf file: 

[registries.search] 
registries = ["registry.redhat.io","quay.io"]

podman save [-o FILE_NAME] IMAGE_NAME[:TAG]
podman save -o mysql.tar quay.io/mysql:latest

podman load [-i FILE_NAME]
podman load -i mysql.tar

podman rmi [OPTIONS] IMAGE [IMAGE...]
podman rmi -a

podman commit [OPTIONS] CONTAINER [REPOSITORY[:PORT]/]IMAGE_NAME[:TAG]
podman commit mysql-basic mysql-custom
podman commit -a 'Your Name' httpd httpd-new


podman diff container-name << diff subcommand tags any added file with an A, any changed ones with a C, and any deleted file with a D.

podman tag [OPTIONS] IMAGE[:TAG] [REGISTRYHOST/][USERNAME/]NAME[:TAG]
podman tag mysql-custom devops/mysql


podman rmi devops/mysql:snapshot

podman push [OPTIONS] IMAGE [DESTINATION]
podman push quay.io/bitnami/nginx










Friday, August 5, 2022

Kubernets Components

 

Kubernetes as K8s is one of the most commonly used container orchestration tools. Following are the major components of the Kubernetes environment. These are not the only components but the very core components. 






Data Plane: Worker Nodes, Where the Pods or Containers with workload run
Control Plane: Master Node, where the k8s components run

Following are the Components of the Control Plane
  • Apiserver
    • Apiserver service act as the connection between all the components in the Control Plane and Data Plane
    • Orchestrating all operations in the cluster
    • Expose the K8s API which end users use for operation and monitoring
    • Collect data from Kubelet for Monitoring
    • Authenticates - Validates - retrieve data
    • Give data or do the operations with data
    • Pass data to kubelet to perform operations in the Worker node

  • etcd
    • etcd service is mainly used for the storage of all the details. Etcd is basically a key-value pair data store. 
    • Store Data not limited to the following details
      • Registry
      • Nodes
      • Pods
      • Config
      • Secrets
      • Accounts
      • Roles
      • -- other components as well

  • Kube scheduler
    • Identify the right worker nodes in which containers can be deployed and give data back to API Servers, then kubelet get data from API server and deploys the container. 
    • Keeps on monitoring the API Server for operations 
    • Identify the right worker node for mentioned operation and give it back to API Server
    • Filter nodes
    • Ranks nodes : 
      • Resource requirements, resources left after container placement
      • Taints and Tolerations
      • Node Selectors/Affinity
      • Labels and Selectors
      • Resource limits
      • Manual Scheduling 
      • Daemon Sets
      • Multiple Schedulers
      • Scheduler Events
  • Kube-controller-Manager
    • Watch Status
    • Remediate Situations
    • Monitor the state of the system and try to bring it to the desired state

Following are the Components of the Data Plane
  • Kubectl
    • Client used to connect to API Server
  • Kubelet
    • Agent runs on each Worker nodes
    • Listens to the Kube APIs and Performs the Operation 
    • give back data to Kube API Server for monitoring of operation
  • Kube-proxy
    • Enable communication between services in Worker nodes
    • Pod-Network
      • by Default All pods connect to each other
    • Create Iptable rules to allow communication between pods and services





Wednesday, August 3, 2022

Quick OpenVPN Server

The easiest way to set up an OpenVPN server, the script is very helpful to manage the client keys

First, we need to download the script, then make it executable and run with bash


wget https://git.io/vpn -O openvpn-install.sh
chmod +x openvpn-install.sh 
bash openvpn-install.sh


Following will be output and options to choose to create the VPN server and Client Certificates.

Welcome to this OpenVPN road warrior installer!
Which protocol should OpenVPN use?
   1) UDP (recommended)
   2) TCP
Protocol [1]: 1
What port should OpenVPN listen to?
Port [1194]: 
Select a DNS server for the clients:
   1) Current system resolvers
   2) Google
   3) 1.1.1.1
   4) OpenDNS
   5) Quad9
   6) AdGuard
DNS server [1]: 2
Enter a name for the first client:
Name [client]: rahul
OpenVPN installation is ready to begin.
Press any key to continue...
Finished!
The client configuration is available in: /root/XXXX.ovpn
New clients can be added by running this script again.


Once the client configuration is done we can copy it and move it to the device we need to use as the client. Configure the Ovpn client app with the client key and can start using the VPN.