Skip to main content

Posts

Canonical Kubernetes Platform

Recently,  Canonical has announce the release of the Canonical Kubernetes Platform version 1.32, a robust and user-friendly solution for seamless cluster creation and management. This platform is designed to simplify the deployment and maintenance of containerized workloads, making it an ideal choice for both developers and enterprises. Here are some of the attracting features of this Platform.  ZeroOps with Built-in Essentials:  The platform comes pre-configured with critical components such as networking, DNS, metrics server, local storage, ingress, gateway, and load balancer, enabling immediate productivity post-installation. Simplified Installation and Maintenance:   Leveraging snap packages, the installation process is straightforward, and automated patch upgrades enhance security without manual intervention. Effortless Scalability:  Adding new nodes is seamless, and achieving high availability requires minimal effort, ensuring your infrastructure sca...
Recent posts

Docker Container Management from Cockpit

Cockpit can manage containers via docker. This functionality is present in the Cockpit docker package. Cockpit communicates with docker via its API via the /var/run/docker.sock unix socket. The docker API is root equivalent, and on a properly configured system, only root can access the docker API. If the currently logged in user is not root then Cockpit will try to escalate the user’s privileges via Polkit or sudo before connecting to the socket. Alternatively, we can create a docker Unix group. Anyone in that docker group can then access the docker API, and gain root privileges on the system. [root@rhel8 ~] #  yum install cockpit-docker    -y  Once the package installed then "containers" section would be added in the dashboard and we can manage the containers and images from the console. We can search or pull an image from docker hub just by searching with the keyword like nginx centos.   Once the Image download...

Remote Systems Management With Cockpit

The cockpit is a Red Hat Enterprise Linux web-based interface designed for managing and monitoring your local system, as well as Linux servers located in your network environment. In RHEL 8 Cockpit is the default installation candidate we can just start the service and then can start the management of machines. For RHEL7 or Fedora based machines we can follow steps to install and configure the cockpit.  Following are the few features of cockpit.  Managing services Managing user accounts Managing and monitoring system services Configuring network interfaces and firewall Reviewing system logs Managing virtual machines Creating diagnostic reports Setting kernel dump configuration Configuring SELinux Updating software Managing system subscriptions Installation of cockpit package.  [root@rhel8 ~] #  dnf   install cockpit cockpit-dashboard  -y  We need to enable the socket.  [root@rhel8 ~] #  systemctl enable --n...

Containers Without Docker on RHEL/Fedora

Docker is perfectly doing well with the containerization. Since docker uses the Server/Client architecture to run the containers. So, even if I am a client or developer who just wants to create a docker image from Dockerfile I need to start the docker daemon which of course generates some extra overhead on the machine.  Also, a daemon that needs to run on your system, and it needs to run with root privileges which might have certain security implications. Here now the solution is available where we do not need to start the daemon to create the containers. We can create the images and push them any of the repositories and images are fully compatible to run on any of the environment.  Podman is an open-source Linux tool for working with containers. That includes containers in registries such as docker.io and quay.io. let's start with the podman to manage the containers.  Install the package  [root@rhel8 ~] # dnf...

Virtual Machine Provisioning on Microsoft Azure Using Terraform

What is Terraform:  Terraform provides a flexible abstraction of resources and providers. This model allows for representing everything from physical hardware, virtual machines, and containers, to email and DNS providers. Terraform vs. Chef, Puppet, etc. Configuration management tools install and manage software on a machine that already exists. Terraform is not a configuration management tool, and it allows existing tooling to focus on their strengths: bootstrapping and initializing resources. Using provisioners, Terraform enables any configuration management tool to be used to setup a resource once it has been created. Terraform focuses on the higher-level abstraction of the datacenter and associated services, without sacrificing the ability to use configuration management tools to do what they do best. It also embraces the same codification that is responsible for the success of those tools, making entire infrastructure deployments easy and reliable. Setti...

Kubernetes Configuration on Centos or RHEL 7

To setup kubernetes we need two servers running at least for containers hosting. And one server will be acting as master.  In my setup I am going to use three servers as follows. master.example.com ( kubernetes master/controller ) node1.example.com ( kubernetes minion/client or docker host ) node2.example.com ( kuberntes minion/client or docker host ) For kubernetes cluster we will be using below details. 1. Infrastructure Private subnet IP range: 172.25.0.0/16 2. Flannel subnet IP range: 172.30.0.0/16 (You can choose any IP range just make sure it does not overlap with any other IP range) 3. Service Cluster IP range for Kubernetes: 10.254.0.0/16 (You can choose any IP range just make sure it does not overlap with any other IP range) 4. Kubernetes Service IP: 10.254.0.1 (First IP from service cluster IP range is always allocated to Kubernetes Service) 5. DNS service IP: 10.254.3.100 (You can use any IP from the service cluster IP range just make su...

SaltStack Pillar Encryption

Encrypting your Pillar data is recommended because it contains your most valuable information like passwords and keys used in your infrastructure. Pillar data is held by the Salt master and only send through an encrypted bus to Minions when used in a state file.  Encrypting your Pillar data can be done with GPG. This means that you encrypt the values with a public GPG key. This single public key is used by all the users within your organization to encrypt sensitive information. The private key is only available on the Salt master (not the Minions!). Without the private key the encrypted data can not be decrypted. My Pillar Path:  /opt/salt/pillar/prod/ My Environment Path: /opt/salt/environments/prod/ [root@master ~]# mkdir -p /etc/salt/gpgkeys [root@master ~]# chmod 0700 /etc/salt/gpgkeys [root@master ~]# gpg --gen-key gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. T...