Pages

Friday, August 5, 2022

Kubernets Components

 Kubernetes, also known as K8s, is a popular container orchestration tool that automates the deployment, scaling, and management of containerized applications. The Kubernetes environment is made up of several core components that work together to provide a scalable and robust container management system. While there are other optional components available, these core components are essential to the Kubernetes environment.


 

  • Kubernetes API Server: The Kubernetes API server acts as the primary management hub for the Kubernetes cluster. It exposes the Kubernetes API, which is used by other components to interact with the cluster. The API server validates and processes API requests, and updates the cluster state accordingly.
  • etcd: etcd is a distributed key-value store that stores the configuration data and state of the Kubernetes cluster. It provides a reliable and consistent data store that is used by the Kubernetes API server and other components to store and retrieve data.
  • kubelet: The kubelet is responsible for managing and monitoring individual nodes (worker machines) in the Kubernetes cluster. It communicates with the Kubernetes API server to ensure that the containers running on a node are healthy and running as intended.
  • kube-proxy: The kube-proxy is responsible for managing network communication within the Kubernetes cluster. It sets up and maintains network routes and load balancing for Kubernetes services running on the cluster.
  • Kubernetes Scheduler: The Kubernetes scheduler is responsible for scheduling workloads (containers) onto worker nodes in the cluster. It considers factors such as resource availability, workload constraints, and affinity rules to make optimal scheduling decisions.

 

Data Plane: Worker Nodes, Where the Pods or Containers with workload run
Control Plane: Master Node, where the k8s components run

Following are the Components of the Control Plane
  • Apiserver
    • Apiserver service act as the connection between all the components in the Control Plane and Data Plane
    • Orchestrating all operations in the cluster
    • Expose the K8s API which end users use for operation and monitoring
    • Collect data from Kubelet for Monitoring
    • Authenticates - Validates - retrieve data
    • Give data or do the operations with data
    • Pass data to kubelet to perform operations in the Worker node
  • etcd
    • etcd service is mainly used for the storage of all the details. Etcd is basically a key-value pair data store. 
    • Store Data not limited to the following details
      • Registry
      • Nodes
      • Pods
      • Config
      • Secrets
      • Accounts
      • Roles
      • -- other components as well
  • Kube scheduler
    • Identify the right worker nodes in which containers can be deployed and give data back to API Servers, then kubelet get data from API server and deploys the container. 
    • Keeps on monitoring the API Server for operations 
    • Identify the right worker node for mentioned operation and give it back to API Server
    • Filter nodes
    • Ranks nodes : 
      • Resource requirements, resources left after container placement
      • Taints and Tolerations
      • Node Selectors/Affinity
      • Labels and Selectors
      • Resource limits
      • Manual Scheduling 
      • Daemon Sets
      • Multiple Schedulers
      • Scheduler Events
  • Kube-controller-Manager
    • Watch Status
    • Remediate Situations
    • Monitor the state of the system and try to bring it to the desired state

Following are the Components of the Data Plane
  • Kubectl
    • Client used to connect to API Server
  • Kubelet
    • Agent runs on each Worker nodes
    • Listens to the Kube APIs and Performs the Operation 
    • give back data to Kube API Server for monitoring of operation
  • Kube-proxy
    • Enable communication between services in Worker nodes
    • Pod-Network
      • by Default All pods connect to each other
    • Create Iptable rules to allow communication between pods and services





Posted by at No comments:
Labels: , ,

Wednesday, August 3, 2022

Quick OpenVPN Server

The easiest way to set up an OpenVPN server, the script is very helpful to manage the client keys

First, we need to download the script, then make it executable and run with bash


wget https://git.io/vpn -O openvpn-install.sh
chmod +x openvpn-install.sh 
bash openvpn-install.sh


Following will be output and options to choose to create the VPN server and Client Certificates.

Welcome to this OpenVPN road warrior installer!
Which protocol should OpenVPN use?
   1) UDP (recommended)
   2) TCP
Protocol [1]: 1
What port should OpenVPN listen to?
Port [1194]: 
Select a DNS server for the clients:
   1) Current system resolvers
   2) Google
   3) 1.1.1.1
   4) OpenDNS
   5) Quad9
   6) AdGuard
DNS server [1]: 2
Enter a name for the first client:
Name [client]: rahul
OpenVPN installation is ready to begin.
Press any key to continue...
Finished!
The client configuration is available in: /root/XXXX.ovpn
New clients can be added by running this script again.


Once the client configuration is done we can copy it and move it to the device we need to use as the client. Configure the Ovpn client app with the client key and can start using the VPN. 

Posted by at No comments:
Labels: ,

Thursday, April 14, 2022

How to Install Docker and Nextcloud on Ubuntu with SSL

Follow these steps to set up Docker, run Nextcloud, and generate a self-signed SSL certificate—all on a single page!

1. Remove Old Docker Versions

 sudo apt-get remove docker docker-engine docker.io containerd runc

2. Set Up Docker Repository & Install Docker

  • sudo mkdir -p /etc/apt/keyrings curl -fsSL https://download.docker.com/linux/ubuntu/gpg
  • sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg 
  • echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null 
  • sudo apt-get update sudo apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin

3. Verify Docker Installation

  •  docker ps sudo systemctl status docker.service

4. Deploy Nextcloud Container

  •  docker run -d \ --name nextcloud \ -p 8080:80 \ -v nextcloud_data:/var/www/html \ nextcloud

Access Nextcloud at http://your-server-ip:8080

5. Generate a Self-Signed SSL Certificate

  •  openssl req -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out khome.adminz.in.crt -keyout khome.adminz.in.key

This creates a certificate (.crt) and key (.key) valid for 1 year.

Summary Table

Command Purpose
sudo apt-get remove ... Remove old Docker versions
sudo mkdir -p /etc/apt/keyrings Create keyrings directory
curl ... | sudo gpg --dearmor ... Add Docker GPG key
echo "deb ..." | sudo tee ... Add Docker repo
sudo apt-get update Update package list
sudo apt-get install docker-ce ... Install Docker
docker run ... nextcloud Deploy Nextcloud
openssl req ... Create SSL certificate


For HTTPS, use your SSL certificate with a reverse proxy (Nginx/Apache) in front of Nextcloud. For production, consider Let's Encrypt for trusted SSL.

Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)