Posts

Cilium is an advanced, eBPF-based CNI plugin for Kubernetes which offers direct routing, eliminates the needs of kube-proxy & iptables, network policies, load balancing, and observability (real-time network traffic monitoring and tracing with Hubble). One of the notable feature of Cilium is its deep integration of eBPF, which facilitates advanced networking capabilities, such as direct routing, without the performance penalties associated with overlay networks. This results in better scalability and improved resource usage, especially for large-scale clusters....

So you just deployed your kubernetes cluster and got the kubeconfig file to interact with it. What if you lose that file or want to share it only with trusted individuals? In this case, we can protect the kubeconfig file against OIDC authentication. Authentik is an open-source identity provider that can be integrated with an existing environment to enhance security through various authentication protocols. In this guide, we will see how to integrate Authentik OIDC with Google Kubernetes Engine (GKE) to add an extra layer of security for interacting with the cluster....

If you are running PHP-FPM applications in Kubernetes, you have likely hit by the following warning: WARNING: [pool www] server reached pm.max_children setting, consider raising it. When this happens, applications load very slowly. So what you need to do is configure the pm.max_children accordingly. We can adjust the FPM configuration and add more pods horizontally in order to deal with the max_children issue. Prerequisite: Make sure you have the Prometheus/VictoriaMetrics stack with Grafana installed....

In this tutorial we will see how to setup K3s cluster on oracle cloud. We also configure load balancer and ingress controller which is a bit tricky to setup on bare-metal cluster. Oracle gives free ARM compute resources (24GB RAM & 4 vCPUs) which is enough for running Kubernetes cluster on cloud without any penny. You can launch two ARM VMs (dividing the resources between two, like 12+12GB ram and 2+2 vCPUs) for making one node as master and another for worker....

OpenMPTCProuter is an open source project which aimed to aggregate multiple internet connections into a single one which results higher bandwidth, failover, security and latency optimization. It uses MPTCP under the hood. So if you have multiple internet connections (Fiber, ADSL, VDSL, 3G, 4G, 5G…) which you are currently using only for load balancing or failover purpose, you can now bond those connections and get maximum throughput. You can setup OpenMPTCProuter in various devices....

Site to Site VPN creates a private tunnel with a remote destination for transferring data securely. AWS provides managed VPN solution but if you want to configure NAT on top of it, you need to provision additional instance and make it NAT compatible. AWS provides a documentation on how to configure NAT for managed VPN However, if the VPN solution is not managed then you can follow this tutorial to setup NAT traversing on your custom VPN CIDR....

Centralized logging is one of the essential part in Kubernetes environment. In this tutorial, we will deploy Elasticsearch, Fluend and Kibana with Helm chart for logging. Elasticsearch is a scalable search engine which is mainly used to index and search within the vast volumes of log data. Fluentd collects the data from pods and nodes (deployed in each nodes via daemonsets) and transform and ship the logs to the Elasticsearch....

If you have OpenVPN server with multiple clients, you might need to monitor the clients location, bandwidth usage or other informations. There are many OpenVPN monitoring tools out there but today I will show you my favorite one, furlongm/openvpn-monitor; which is easy to configure, open source web based monitoring tool. Though making it working in Docker is challenging. I had to spend several hours in order to make it work with Docker compose....

GlusterFS is a network attached distributed storage solution that connects multiple storage pool from different machines and act as a simple unified storage. It’s a high available, durable storage solution that can scale out and able to store petabyte of data. In this tutorial, we will see how to setup GlusterFS volume for Kubernetes cluster. Prerequisite First, you need a working multi-node Kubernetes cluster. You can follow my other tutorial on Deploy multi-node Kubernetes Cluster locally with Rancher....

Rancher is a complete Kubernetes management tool which simplifies the Kubernetes cluster management. It is an open-source multi-cluster orchestration platform which addresses operational and security challenges. In this tutorial, we will use Rancher to deploy our Kubernetes cluster locally. Prerequisite: Before starting, we need to setup a static private IP to our host machine. In my case it is 192.168.1.185. It might be different on your side. So grab your private IP address from the network interface....