In a previous series of blog posts, we discussed the Kubernetes objects typically used to run a web application. We covered, Namespace, Pod, ConfigMap, Secret, Service, Deployment, ServiceAccount, Ingress, PDB, HPA, PV, PVC, Job and CronJob.

In this post, we will discuss some fundamental building blocks for the Kubernetes cluster administration: RBAC objects.

In most situations, Kubernetes API server is started with the flag --authorization-mode=RBAC which enables RBAC in the cluster.

Introduction

We have the host machine with the OS Ubuntu 22.04. On this PC or server, we will create two virtual machine guests:

• myubuntu2204test01 having static IP of 192.168.122.146
• myubuntu2204test02 having static IP of 192.168.122.147

The guest VMs will use the default network created by libvirt. The gateway IP for the default network is 192.168.122.1.

We will achieve automation using libvirt, qemu and cloud-init. To go through the article and exercise, you should have a rudimentary understanding of Linux system administration and networking.

So, you have an SSH key pair. The public key has been added on to the server. On the client, ie your laptop/desktop you have your private key. For some reason, your private key has not been loaded into memory.

All you have to do is start the ssh-agent and then load the key into memory via ssh-add.

Step 1: Start the agent

eval $(ssh-agent)

Step 2: load the key into memory

Using Linux KVM, Expose Virtual Guests On The LAN

Audience: The blog post is for beginner to intermediary Linux system administrators.

• You should have a thorough understanding of the shell commands and
• be comfortable on the command line
• be able to install and configure packages, etc.
• be able to start and stop services using systemd
• be familiar with Linux configuration files
• be able to set Linux kernel parameters using sysctl
• be able to enable and disable Kernel modules
• be comfortable installing and using guest VMs using libvirt

You should have a rudimentary understanding of networking concepts and tooling such as

Ansible Prerequisites

Before jumping on to learning Ansible, have a firm grounding in Linux system administration and shell scripting. You can use Ansible for a lot of automation projects. The primary target audience for this blog post are DevOps engineers, IT infrastructure engineers and system administrators who create and manage IT infrastructure to run workloads. A good understanding of YAML is required before starting to write Ansible playbooks. A background in at least one programming language helps. Python programing is not a requirement per se. But Python programming familiarity helps put together some automated testing.

Architecture 1: Kubernetes Control Plane Without HA

Create three Virtual Machine guests on your laptop or workstation.

• VM 01 - Kubernetes Control Plane
• VM 02, VM 03 - Kubernetes Worker nodes

Architecture 2: Kubernetes Control Plane With HA

Create five Virtual Machine guests on your laptop or workstation.

• VM 01, VM 02, VM 03 - Kubernetes Control Plane with HA
• VM 04, VM 05 - Kubernetes Worker nodes

Use the Kubeadm tool to create the cluster.

KVM (Kernel-based Virtual Machine), libvirt, and QEMU are three components that work together to provide a virtualization solution on Linux systems.

KVM is a virtualization infrastructure built into the Linux kernel that allows it to run multiple virtual machines (VMs) on a single physical host. It provides the underlying virtualization technology, such as hardware acceleration for virtualized CPU and memory, and device emulation.

Introduction

If you have chosen the DevOps engineering path for your career, Linux system administration skills are a must. Companies run their workloads on Linux on-premise as well as in the cloud. Many developers write software on their Linux laptops and workstations. In this post, I will lay out a plan to master Linux system administration skills. The journey begins with you becoming a Linux desktop user. Gradually, you start using your laptop as a Linux server. Become more productive and create your own labs using virtualization. You will be able to simulate a lot of Linux infrastructure scenarios on your laptop.

1. Learn Linux. Install Linux on your laptop. Get familiar with Linux commands. Learn virtualization. Unlock the path to learn more Linux.
2. Programming. Acquiring some programming skills using a general purpose programming language like Python goes a long way. Learning some web development is required in most DevOps engineering contexts. Although you don’t have to be an expert in web development, you should have a clear understanding of workloads consisting of web applications and microservices. Learning some HTML, CSS and JavaSript is required for web development. At this point, you have to learn at least one database system. I recommend PostgreSQL to get started with relational database system. Git is also an essential tool to manage source code.
3. Automation is the cornerstone of DevOps engineering. Learn the basics of automation with Ansible and shell scripting.
4. CI/CD. The purpose of DevOps is to create a culture and practice where developers can ship their applications to customers quickly, safely and continuously. The CI/CD pipelines often constitute the backbone of the DevOps practice. Jenkins is a popular tool to create CI/CD pipelines. Learn the basics of Jenkins and create pipelines to automatically test and deploy applications.
5. Observability and monitoring. Start with Linux commands such as top, free, du and progress towards Prometheus. The typical Prometheus stack includes Alert Manager and Grafana. Then explore the world of traces with tools such as Jaeger and OpenTelemetry.
6. Kubernetes. The quintessential container orchestration platform.
7. Cloud engineering. Start with one of the popular clouds such as AWS, Azure or GCP.
8. IAC. Take automation to the next level in the cloud. Use Terraform to orchestrate resources in the cloud.

Tech Chorus References

• Learning Linux For Devops
• Preparing For A DevOps Engineer Job With A Personal Project
• Three Day Plan To Learn Git

Learning Resources

DevOps

• Coursera Course: Google IT Automation with Python Professional Certificate
  • Crash Course On Python
  • Using Python to Interact with the Operating System
  • Introduction to Git and GitHub
  • Troubleshooting and Debugging Techniques
  • Configuration Management and the Cloud
  • Automating Real-World Tasks with Python

Python

• Free interactive Python tutorial: LearnPython.org

Introduction

The Linux Kernel parameters are settings that can be configured to control the behavior of the Linux kernel. They are typically used to fine-tune system performance or to enable/disable certain features.

Some examples of kernel parameters include:

Memory-related parameters: These parameters control how the kernel manages system memory, including how much memory is allocated to user processes and how aggressively the kernel caches data.

Processor-related parameters: These parameters control how the kernel interacts with the system’s processors, including how it schedules processes and how it handles interrupts.

The blog post attempts to answer some questions like:

• How to become a DevOps engineer?
• How to prepare for a DevOps engineer interview?
• How to get a DevOps engineer job?

In a previous blog post, I wrote about the path an aspiring DevOps engineer could follow.

In this blog post, I will lay out a concrete plan using which you can prepare yourself for a DevOps engineer job. If you follow the steps carefully, you will be armed with practical DevOps knowledge, and you will be able to apply for DevOps engineer jobs confidently.

The Tech Chorus blog by Sudheer Satyanarayana started way back in 2008. The blog has used various hosting technologies and software over the years.

Initially, the blog site used Drupal content management system. LAMP was a popular technology stack those days. Drupal was one of my favorite CMSes back then. The Drupal site was hosted on a cPanel server.

As life progressed, there was not enough time to patch Drupal and its plugins. Upgrading between major versions of Drupal also took considerable amount of time and effort. I moved on to a static site generator. I found and loved Lektor. With Lektor, I managed the content on my workstation and generated the static site. I used to deploy the generated static site to an AWS EC2 instance with Nginx.

What is SSH Key Management?

The blog post is intended towards someone new to SSH key management. Do you have just one SSH key pair? Do you have multiple key pairs? What are some pros and cons of having single or multiple key pairs? The post answers such questions about SSH key usage in practice.

The Premise

So, someone walked up to you or in a video call asked for your SSH public key?

Introduction

The article explains how to run your own OpenVPN server. We will create a Certificate Authority Server and an OpenVPN server. We will also generate certificates for the clients. We will also learn how to manage revocation of client certificates using the Ansible roles.

Use the Ansible roles gavika.openvpn and gavika.easy_rsa to install and configure your OpenVPN server.

You can install the OpenVPN server on any public cloud or hosting provider or on-premise servers. The Ansible roles are designed to install the OpenVPN server and a Certificate Authority server.

Install PostgreSQL Server

Fedora and CentOS:

sudo dnf install postgresql-server

Ubuntu 18.04:

sudo apt install postgresql

New Server Initialization

On CentOS 7/Fedora 30:

sudo postgresql-setup initdb

Upgrading From An Older Version

sudo postgresql-setup --upgrade

Administering The Database Server

Managing The postgresql Daemon

Starting PostgreSQL server

sudo systemctl start postgresql

Checking PostgreSQL Server Status:

sudo systemctl status postgresql

Enabling PostgreSQL Server Systemd Unit/Enabling PostgreSQL Server On Boot:

sudo systemctl enable postgresql

Allowing Password Based Login From localhost

Edit /var/lib/pgsql/data/pg_hba.conf as privileged user(root) and add this line: