Kubernetes and Treafik v2

Overview

It has been a while since my last blog post about using Traefik as a Kubernetes Ingress Controller. It was Traefik v1.x with a simple term Frontends-Backends. Now, Traefik v2 was rewritten and reorganized. The frontends and backends have been replaced with the combination of routers, services, and middleware. As a result, there is a bunch of new config syntax changes. And of course, we have new features…such as:

  • Kubernetes CRD & IngressRoute
  • TCP Support
  • Cross Provider Support

In this blog post, I am gonna take notes for the deployment of the new Traefik version into Kubernetes. If you are looking for a migration guideline from v1 to v2, you can check out their official docs.

Read More

Share Comments

Linux SSH authentication against Active Directory without joining the domain

Prerequisites

Your Active Directory:

  • Firewall to allow port 389 (ldap) and 636 (ldaps)
  • A read-only user who has permission to read the LDAP data within the search base
  • An exported certificate from Active Directory Certificate Services

Your Linux client:
SSSD is used to connect to the Active Directory server to query user information for the authentication. Run following commands to install the required packages.

Read More

Share Comments

Kubernetes dynamic volume provisioning using Ceph as storage backend

Introduction

As you might already known, in Kubernetes we can use Persisten Volumes (PV) for the Pod storage resource. PV is a piece of storage in the cluster that has been provisioned by an administrator or dynamically provisioned using StorageClasses.

By using StorageClass we can provision volumes dynamically. There are several supported storage back-end, such as: AzureDisk, AWSElasticBlockStore, GCEPersistentDisk, Ceph, NFS, etc. In this blog post, I am gonna show the steps to use Ceph as the storage back-end for a Kubernetes using dynamic volume provisioning.

Read More

Share Comments

Deploy Ceph storage cluster on Ubuntu server

About Ceph

Ceph is a storage platform with a focus on being distributed, resilient, and having good performance and high reliability. Ceph can also be used as a block storage solution for virtual machines or through the use of FUSE, a conventional filesystem. Ceph is extremely configurable, with administrators being able to control virtually all aspects of the system.

A Ceph deployment usually has the following components:

  • Monitors
  • Managers
  • Ceph OSDs
  • MDSs

Read More

Share Comments

iSCSI multipath shared storage with OCFS2 filesystem on Ubuntu

Main purpose of multipath connectivity is to provide redundant access to the storage devices, i.e to have access to the storage device when one or more of the components in a path fail. Another advantage of multipathing is the increased throughput by way of load balancing. Common example for the use of multipathing is a iSCSI SAN connected storage device. You have redundancy and maximum performance.

The common use case for this kind of storage system is for the shared storage between multiple servers. It could be for virtualiztion system like VMware ESXi with VMFS file system or just between Linux hosts using GFS or OCFS. This post is my experience with configuring iSCSI multipath on Ubuntu Server using OCFS2 file system to have the shared storage that two servers can access at the same time.

Read More

Share Comments

Helm Charts and Docker image version issue

Helm is a tool that streamlines installing and managing Kubernetes applications. It is kind of a OS package manager like apt/yum/homebrew. In Helm we have term of Charts which are packages of pre-configured Kubernetes resources. Using these charts we can easily deploy the applications to our Kubernetes cluster.

Helm also maintains a list of stable charts on their Github repository. We can deploy them with a single command helm install stable/<chart-name>.

Read More

Share Comments

Deleting Kubernetes namespace issue

Deleting a kubernetes namespace can be done easily with kubectl delete command. However, sometime you would see the deleting process stuck at “Terminating” status and never finish. There is an open issue on Kubernetes Github repository for this issue. It happened to my Kubernetes cluster v1.13 as well.

Read More

Share Comments

Using Traefik as a Kubernetes Ingress Controller

Overview

In Kubernetes (K8s), Ingress is an API object that manages external access to the services in a cluster, typically HTTP. Ingress can provide load balancing, SSL termination and name-based virtual hosting. If you are running web services in K8s, you would need an Ingress service to publish your web content to the internet.

In my previous post, I wrote about how to deploy Kubernetes cluster using kubeadmin. In this port, I am gonna share about using Traefik as an Ingress controller for that deployment.

Read More

Share Comments

Isaac

We had waited for 9 months for today. Our first baby - Isaac has just arrived to the earth :-). Me and my wife are very happy to see him.

Read More

Share Comments

Preparing for the SRE technical interview

It is always fun and interesting to review our knowledges everytime we prepare for a technical interview. As time go, we explore several different new technologies that give us new things to learn and use. We might forget the “basic things” which we use less. In this post, I am gonna list down the fundamental knowledges that we definitely need for the SRE (Site Reliability Engineer) interview. Ah, if you are a DevOps, System Engineer or System Administrator this post is also useful for you :-).

Read More

Share Comments