Servers

How to Setup Highly Available Kubernetes Cluster with Kubeadm

When we setup Kubernetes (k8s) cluster on-premises for production environment then it is recommended to deploy it in high availability. Here high availability means installing Kubernetes master or control plane in HA. In this article I will demonstrate how we can setup highly available Kubernetes cluster using kubeadm utility.

For the demonstration, I have used five CentOS 7 systems with following details:

  • k8s-master-1 – Minimal CentOS 7 – 192.168.1.40 – 2GB RAM, 2vCPU, 40 GB Disk
  • k8s-master-2 – Minimal CentOS 7 – 192.168.1.41 – 2GB RAM, 2vCPU, 40 GB Disk
  • k8s-master-3 – Minimal CentOS 7 – 192.168.1.42 – 2GB RAM, 2vCPU, 40 GB Disk
  • k8s-worker-1 – Minimal CentOS 7 – 192.168.1.43 – 2GB RAM, 2vCPU, 40 GB Disk
  • k8s-worker-2 – Minimal CentOS 7 – 192.168.1.44 – 2GB RAM, 2vCPU, 40 GB Disk

HA-Kubernetes-Cluster-Setup

Note: etcd cluster can also be formed outside of master nodes but for that we need additional hardware, so I am installing etcd inside my master nodes.

Minimum requirements for setting up Highly K8s cluster

  • Install Kubeadm, kubelet and kubectl on all master and worker Nodes
  • Network Connectivity among master and worker nodes
  • Internet Connectivity on all the nodes
  • Root credentials or sudo privileges user on all nodes

Let’s jump into the installation and configuration steps

Step 1) Set Hostname and add entries in /etc/hosts file

Run hostnamectl command to set hostname on each node, example is shown for k8s-master-1 node,

$ hostnamectl set-hostname "k8s-master-1"
$ exec bash

Similarly, run above command on remaining nodes and set their respective hostname. Once hostname is set on all master and worker nodes then add the following entries in /etc/hosts file on all the nodes.

192.168.1.40   k8s-master-1
192.168.1.41   k8s-master-2
192.168.1.42   k8s-master-3
192.168.1.43   k8s-worker-1
192.168.1.44   k8s-worker-2
192.168.1.45   vip-k8s-master

I have used one additional entry “192.168.1.45   vip-k8s-master” in host file because I will be using this IP and hostname while configuring the haproxy and keepalived on all master nodes. This IP will be used as kube-apiserver load balancer ip. All the kube-apiserver request will come to this IP and then the request will be distributed among backend actual kube-apiservers.

Step 2) Install and Configure Keepalive and HAProxy on all master / control plane nodes

Install keepalived and haproxy on each master node using the following yum command,

$ sudo yum install haproxy keepalived -y

Configure Keepalived on k8s-master-1 first, create check_apiserver.sh script will the following content,

[[email protected] ~]$ sudo vi /etc/keepalived/check_apiserver.sh
#!/bin/sh
APISERVER_VIP=192.168.1.45
APISERVER_DEST_PORT=6443

errorExit() {
    echo "*** $*" 1>&2
    exit 1
}

curl --silent --max-time 2 --insecure https://localhost:${APISERVER_DEST_PORT}/ -o /dev/null || errorExit "Error GET https://localhost:${APISERVER_DEST_PORT}/"
if ip addr | grep -q ${APISERVER_VIP}; then
    curl --silent --max-time 2 --insecure https://${APISERVER_VIP}:${APISERVER_DEST_PORT}/ -o /dev/null || errorExit "Error GET https://${APISERVER_VIP}:${APISERVER_DEST_PORT}/"
fi

save and exit the file.

Set the executable permissions

$ sudo chmod +x /etc/keepalived/check_apiserver.sh

Take the backup of keepalived.conf file and then truncate the file.

[[email protected] ~]$ sudo cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf-org
[[email protected] ~]$ sudo sh -c '> /etc/keepalived/keepalived.conf'

Now paste the following contents to /etc/keepalived/keepalived.conf file

[[email protected] ~]$ sudo vi /etc/keepalived/keepalived.conf
! /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
    router_id LVS_DEVEL
}
vrrp_script check_apiserver {
  script "/etc/keepalived/check_apiserver.sh"
  interval 3
  weight -2
  fall 10
  rise 2
}

vrrp_instance VI_1 {
    state MASTER
    interface enp0s3
    virtual_router_id 151
    priority 255
    authentication {
        auth_type PASS
        
0
Read More

Cache-Free Your Way to Device Spring Cleaning

Every time you browse a website for the first time, information from it is stored in temporary files, and these files are called cache.  Why is there cache, you ask? Isn’t this a little invasion of your privacy because your browser or gadget retains some information about the sites you have visited? Shouldn’t this be prohibited? Cache files, terrible as they may seem when it comes to your security, is helpful when it comes to your browsing speed. See, those temporary files allow you to load the website faster and directly the next time you visit it, leading to a more satisfying browsing experience from you since you don’t have to wait that long for the site to load. If cache files are not present, the browser would need to connect to the site’s server again for proper reloading.

But then, security is not the only downside to cache files, as helpful as they may be. They also slow down your apps and device systems since they use memory and RAM.  Besides, a good number of sites only get visited by a user once, so there is not really a necessity for the cache of these sites to be saved.  Now, the question is, is it a good habit to clear your device’s cache? The answer is yes, and regularly. Why?

You will not see all changes made to the webpage if you rely on the cache. If you frequent a website and are religious in clearing the cache memory of your device, the browser, or the app you are using will be alerted to fetch the webpage’s latest version all the time. Also, when you are using a device that other people may have access to, as mentioned earlier, the next user may get access to your information, as the cache can store information such as your payment modes (e.g., debit and credit card information) and log-in credentials. That’s an additional privacy threat!

So, how do you clear your cache? With a laptop, since most online activities are done through browsing, then clearing the cache of your web browser is the way to go. Otherwise, you can also clear the cache of your iDevice or Android device. Here’s how:

 

Remove your cache in Chrome

Personal laptops run on Chrome. I mean, who uses IE or Microsoft Edge on their personal laptops? To remove cache on your Chrome browser, here are the steps:

To clear the cache and cookies in Chrome, you’ll need to access the browser’s Settings menu. There are three different ways you can get here.

The first way is to click the three vertical dots icon in the top-right corner of the screen, hovering over “More Tools,” and then selecting “Clear Browsing Data.”

(Via: https://www.howtogeek.com/661729/how-to-clear-cache-and-cookies-in-chrome/)

 

Remove your cache in Firefox

Firefox is another popular browser. Here are the steps to remove cache when your browser of choice is Firefox:

Like all internet browsers, Firefox temporarily stores items (such as images) in a cache to help speed up browsing. If Firefox is your preferred browser of choice, you can choose to clear this cache manually by accessing your “Privacy & Security” tab in the browser preferences. Additionally, you can set up custom settings to clear …

0
Read More

How to Dual Boot Linux Mint 20 with Windows 10

Linux Mint 20, also referred to as Ulyana, was released in June 2020 and packs with a basket of new features and enhancements to improve your overall user experience. If you have Windows 10 already on your PC and would like to reap the full benefits of the latest Mint release, you can install it alongside Windows 10.

Upon booting, you will be presented with the option of booting into either Linux Mint 20 or Windows 10. In this guide, we show you how to dual boot Windows 10 and Linux Mint 20.

Prerequisites

Before embarking on configuring the dual-boot setup, ensure that the following requirements are met:

  • A bootable installation medium of Linux Mint 20 (Either USB or DVD)
  • A fast and stable internet connection

Note : In Windows 10, we can make a bootable USB drive from ISO file using Rufus software. Use the following URL to download Linux Mint 20:

Step 1) Create a free partition on Windows for Linux installation

To start off, we need to partition the hard drive and create a separate partition for installation of Linux Mint. So, launch the disk management utility by pressing ‘Windows key + R’ to open the run dialogue. Then type diskmgmt.msc and hit ‘ENTER’.

diskmgmt-msc-command

The Disk Management utility lists all the hard drives attached to the PC and their partitions. In our example, we only have a single hard drive with one partition. We are going to shrink this partition and create a free partition for our Linux Mint 20 installation. Right click on the partition and select the ‘Shrink’ option

Shrink-Volumes-options-windows10

On the pop-up that appears, specify the amount of space that you’d like to shrink the partition to. In this case, we have allocated 15593 MB to the partition that we are going to install Linux Mint on. Once done, click on the ‘Shrink’ button to shrink the volume and create the free partition.

Specify-amount-of-space-shrink-windows10

The unallocated space is now ready to be used for the installation of Linux Mint.

Unallocated-Space-After-Shrinking-Windows10

All you have to do now is to plug in your bootable USB drive and reboot your PC. Be sure to change the BIOS settings and assign your USB/DVD medium the highest boot priority. Thereafter, save the changes and once again, reboot your system.

Step 2) Begin the Installation of Linux Mint 20

Upon rebooting, a grub menu will be displayed with a list of options shown. Select the first option to begin the installation.

Welcome-Screen-LinuxMint20-Installation

This ushers you to the Linux Mint 20 desktop. Mint gives you an option to try out Mint without necessarily installing it. You can explore the new look and various features. But since we are interested in installing Mint, simply click on the ‘Install Linux Mint’ icon as shown.

Install-LinuxMint20-Installation-option

Step 3) Choose Language and Keyboard Layout

On the welcome page, select your preferred installation language and click on the ‘Continue’ button.

Choose-Language-LinuxMint20-Installation

Next, select your keyboard layout as shown and click ‘Continue’.

Keyboard-Layout-during-linuxmint20-installation

Step 4) Choose to ‘Install multimedia codecs’ during the installation

In the this step, check off the ‘Install multimedia codecs’ checkbox to install the latest multimedia codecs to enable you to play …

0
Read More

BitLaunch Review – Pay with Cryptocurrencies for Cloud Servers

BitLaunch is a cloud server hosting provider that offers servers from themselves, Vultr, DigitalOcean, and Linode. Essentially, with BitLaunch, you can use cryptocurrencies to pay for servers by Vultr and other popular cloud server providers. Read our detailed review below. About BitLaunch BitLaunch was launched in late 2017.  Being a VPS provider that accepts cryptocurrencies […]

Source

from ThisHosting.Rocks https://thishosting.rocks/bitlaunch-review/…

0
Read More

How to Setup Kubernetes Cluster on Google Cloud Platform (GCP)

Popularly known as K8s or Kube, Kubernetes is an opensource orchestration platform that automates the deployment, scaling, and monitoring of containerized applications.

In simple terms, Kubernetes allows users to efficiently manage clusters which are made up of groups of running containers such as Linux containers.

Kubernetes clusters can be deployed both on-premise and on public cloud platforms such as AWS, Google Cloud (GCP), and Microsoft Azure. In this guide, we take you through a step-by-step procedure of how you can set up a Kubernetes cluster on Google Cloud Platform (GCP).

Prerequisites

Before proceeding, ensure that you have a Google Cloud Account. You can always create one upon which you get started with $300 worth of credits for a period of 365 days.

Create your first cluster

The first step in deploying your first Kubernetes Cluster is to log in to your Google Cloud Platform. Upon logging in, you will see the dashboard displayed as shown.

Click on the top left button & navigate to Kubernetes Engine –> Clusters

GCP-Kubernetes-Cluster-Option

This opens the ‘Clusters’ section shown below. If you are creating a Kubernetes Cluster for the first time, Google Cloud will take a few minutes enabling the Kubernetes Engine API, so some patience will do.

Enabling-Kuberntes-API-GCP

Once done, click on the ‘Create Cluster‘ button to deploy your first Kubernetes cluster.

In the next section, the default details of the cluster will be displayed as shown.

k8s-cluster-basics-gcp

You can click on the left sidebar to verify further details on your cluster. For example, you can click on the ‘Default-pool’ option to display more information about the node-pool.

Node-Pool-details-GCP

Feel free to make a few tweaks depending on your needs. You can increase the number of nodes, and make a few tweaks to suit your needs. Once you are satisfied with your selections, click the ‘CREATE’ button to create your Kubernetes Cluster.

Choose-Create-Zonal-K8s-Cluster-GCP

This takes a few minutes, so go ahead and grab some tea as Google Cloud begins to initialize and create the Cluster. After a successful deployment of the Kubernetes cluster, the cluster will be listed as shown.

K8s-Cluster-After-deployment-GCP

Connecting to the Kubernetes Cluster

Our cluster is up and running, but it doesn’t help much if you don’t have command-line access. There are 2 ways you can connect to your cluster: Using the Google Cloud Shell and connecting remotely from a Linux system using the Google Cloud SDK kit.

To connect to the Kubernetes cluster using the Google Cloud Shell, click on the ‘Connect’ button adjacent to the cluster.

Connect-k8s-console-gcp

This opens a pop-up screen as shown with a command that you should run in the Cloud Shell to start managing your cluster.

Command-line-access-k8s-gcp

To run the command, click on the ‘Run in Cloud Shell’ button. Google Cloud will start initializing and establishing a connection to the cloud shell.

Connecting-Google-Cloud-Shell-K8S

Finally, the Cloud shell will be displayed with the command already pasted on the shell. Hit ‘ENTER’ to run the command and begin managing your cluster and performing cluster administrative tasks. For example, to display the number of nodes, run the command:

$ kubectl get nodes

K8s-google-cloud-console-access-gcp

As you might have observed, the Kubernetes cluster comprises of 3 nodes as configured by default …

0
Read More

Getting Your Cloud Knowledge On This Lockdown

Since a majority of us are working from home these days and so many pundits are claiming that office work will never be the same again (or at least in the near future), cloud services have become an integral part of the “new normal.” With physical offices becoming passé, cloud storage has become the most suitable option for keeping data. Just months ago, storing data and online files for companies would automatically mean physical devices and in-house servers. But with offices currently located in the living room of a supervisor and a kitchen of a secretary, cloud servers have become a must for storage for various reasons. Accessibility and affordability are just some of the reasons why anyone should be knowledgeable about cloud drives.

For one, online document storage using a cloud is super user-friendly. All you need to do is drag and drop the files in the cloud storage and voila, your document has been “saved” or “uploaded”. You can now access it anywhere as long as you have an internet connection and a device. You can also share your document with your colleagues and teammates by simply giving those you want to have access to the document a link. They can then download the file from their end, thanks to the link you shared. Of course, another benefit of cloud storage is that your files will not be compromised if your gadgets or devices get damaged. Afraid of losing all your beach photos because your phone got wet? Are you in panic mode because you dropped your laptop day before an important meeting? Not to worry if you have tweaked your settings to automatically save everything on a cloud.

Let’s have a look at your options available for the best cloud storage and which expert users constantly recommend:

Microsoft OneDrive

While Google seems to always edge out Microsoft in terms of innovation with online products, the latter can boast of holding its own when it comes to cloud storage solutions. One huge advantage Microsoft OneDrive has over Google or any competition in this field is its seamlessness with other products in the MS Office suite, So, if you are a heavy Excel, Word, or PowerPoint user, then OneDrive is your best cloud storage option.

If you’re more interested in integrating online storage with Microsoft Office then OneDrive is the way to go.

(Via: https://www.pcworld.com/article/3510499/google-drive-vs-microsoft-onedrive.html)

 

Google One/Drive

The fact that so many people are on Gmail would be Google One/Drive’s main selling point. You can easily save attachments and everything you receive on your Gmail on your drive. Any attachments coming from you are also automatically saved on your Google Drive. How’s that for convenience? Moreover, Google is still rolling out some new features, assuring you and millions of its users that it is still on an innovation hot streak.

Google is rolling out a new “Privacy Screen” feature this week that will allow Google Drive users on iOS devices to use passcodes or biometric authentication to protect their files.

(Via: https://www.digitaltrends.com/news/google-drive-privacy-screen/)

 

Dropbox

Aside from Microsoft and Google, one early player in the cloud storage game is Dropbox. Because it is one of the earliest in the market, many users have grown loyal to the …

0
Read More

How to Harden and Secure NGINX Web Server in Linux

Nginx is arguably one of the most widely used free and opensource web server used in hosting high-traffic websites. It is well known for its stability, stellar-performance, low resource consumption, and lean configuration. Some of the popular sites powered by Nginx include WordPress.com, GitHub, Netflix, Airbnb, Hulu, Eventbrite, Pinterest, and SoundCloud to mention a few.

While powerful and stable, the default configurations are not secure and extra tweaks are required to fortify the web server and give it the much-needed security to prevent attacks and breaches.

In this article, we touch base on some of the steps you can take to harden and secure your Nginx web server and get the most out of it.

1) Implement SSL Certificate

One of the preliminary and crucial steps in hardening your Nginx web server is to secure it by using an SSL certificate. The SSL certificate is a cryptographic digital certificate that encrypts traffic between your web server and the web browsers of your site’s visitors. It also forces your site to use the secure HTTPS protocol and drop HTTP which sends traffic in plain text. By so doing, communication back and forth is secured and kept safe from hackers who might try to eavesdrop and steal confidential information such as usernames, passwords, and credit card information.

You can take advantage of the Free Let’s Encrypt SSL certificate that is easy to install and configure and is valid for 90 days. Once you have it installed, you can verify the strength of the SSL encryption by testing your domain on SSL Labs. The results are shown below.

SSL-Report-Before-disable-weak-ssl-tls

As you can see, the domain we are using scored a grade B, due to weak protocol support highlighted in Yellow. We still need to make a few tweaks to take it to Grade A. Let’s see how we can improve on the Protocol support in the next step.

2) Disable weak SSL / TLS protocols

As you have seen from the results, implementing SSL does not necessarily imply that your site is fully secured. Deprecated versions such as TLS 1.0, TLS 1.1, and SSL 3 are considered weak and present vulnerabilities that hackers can exploit and eventually compromise your web server. These protocols are prone to vulnerabilities such as POODLE, BEAST and CRIME.

In fact, most popular and widely used web browsers have announced the end of support for TLS 1.0 and TLS 1.1 within the deadlines shown.

  • Browser Name           Date
  • Google Chrome           January 2020
  • Mozilla Firefox             March 2020
  • Safari/Webkit               March 2020
  • Microsoft Edge             June 2020

With this information at hand, it would be prudent to conform with the latest security protocols, and at the time of writing this article, the latest protocol is  TLS 1.2 with TLS 1.3 expected later in 2020.

To implement TLS 1.2 and  TLS 1.3, we are going to edit 2 files:

  • /etc/nginx/nginx.conf  –  This is the main nginx configuration file
  • /etc/nginx/sites-available/example.com (or /default)

If you are running Let’s Encrypt SSL, be sure to edit the following files

  • /etc/nginx/nginx.conf
  •  /etc/letsencrypt/options-ssl-nginx.conf

Use the following steps to disable weak SSL / TLS Protocols

Step 1) Edit the nginx.conf file

Firstly, ensure you take a backup of the /etc/nginx/nginx.conf file before making any changes. Then open the file using the text …

0
Read More

Web Hosting Services Market COVID-19 Impact on Key Players, Industry Stake and Growth Position  

The Covid-19 global pandemic has brought about hundreds of little changes in every aspect of our lives. From the way we shop to the way we greet people, work, and even exercise, everything has changed. One of the most significant changes and its impacts that all of us around the world are actively feeling – […]

Source

from ThisHosting.Rocks https://thishosting.rocks/web-hosting-services-market-covid-19-impact/…

0
Read More

Speed Up Your WordPress Site – Tips That Everyone Should Know

Speeding up a WordPress website is a hot topic because it’s the preferred platform for millions of bloggers and online businesses. Fortunately, there are so many ways bloggers can successfully speed up their WordPress sites. You enjoy your site more when it’s performing at its best, and your visitors will too. To know your site […]

Source

from ThisHosting.Rocks https://thishosting.rocks/speed-up-your-wordpress-site-tips/…

0
Read More

How to Boot Linux Mint 20 in Rescue / Emergency Mode

There are some situations like user forget his / her password, file system is 100 % utilized, file system got corrupted and invalid entries in fstab file. So, to recover Linux system in these situations, we have to boot Linux system into rescue mode or single user mode.

In this article, we will learn how to boot Linux Mint 20 in rescue and emergency mode.

Booting Linux Mint 20 into Rescue / Single User Mode

Rescue mode is also known as single user mode, in order to boot Linux Mint 20 in rescue mode,

Step 1) Go to grub screen by pressing “SHIFT” key and then press “ESC” key. We will get the following Grub boot loader screen,

LinuxMint20-Grub-Screen

Choose first option and then press ‘e‘ to edit

Step 2) Append “systemd.unit=rescue.target” to end of line which begins with linux word

In the boot loader screen, look for the line which begins with “linux” word and append “systemd.unit=rescue.target“, example is shown below

LinuxMint20-systemd-rescue

Now, Press F10 or CTRL-X to boot the system in rescue mode,

Step 3) Perform troubleshooting steps and recover the system

We will get the following rescue mode screen; press enter and then do the troubleshooting steps. I am assuming “James” user has forget his password, so we will be resetting his password from rescue mode.

LinuxMint20-Rescue-Mode

Once you are done with troubleshooting steps then run “systemctl reboot” command to restart the system.

Booting Linux Mint 20 Into an Emergency Mode

Emergency mode is used where we can not boot Linux system into single user mode, In this mode, file system is mounted in read only mode. To make any changes in the system we must first mount filesystem in read-write mode.

In order to boot Linux Mint 20 in emergency mode, go to Grub boot loader screen and choose the first option and then press “e”  to enter into boot loader edit mode.

Look for the line which starts with ‘linux’ word and append “systemd.unit=emergency.target” at the end of line,

LinuxMint20-systemd-emergency-target

Now, press ctrl-x or F10 to boot. Once the system is booted into emergency mode, we will get the following screen,

To mount / file system in read-write mode, use following command:

# mount -o remount,rw /

Perform all the troubleshooting steps to recover system,

LinuxMint20-Emergency-Mode-Commands

Once you are satisfied with all the troubleshooting steps and then reboot the system with “systemctl reboot” command.

That’s all from this article. I hope you got the clear idea on how we boot our Linux Mint 20 into rescue and emergency mode. Please don’t hesitate to share your feedback and comments in the comments section below.

from Linuxtechi https://www.linuxtechi.com/boot-linux-mint-rescue-emergency-mode/…

0
Read More