Intro At work, we’ve asked our team members to pass the official Linux Foundation certification exams for Kubernetes. The exams are challenging, practical, and realistic. They serve perfectly as a minimum bar for our engineers who work with Kubernetes. The exams don’t cover everything that is typically needed to manage a Kubernetes cluster (e.g. helm, helmfile, etc.), but they do ensure that an engineer demonstrates basic competence.
The CKAD and CKA Exams The exams are:
In this guide, we’ll create a bare-metal Ceph RBD cluster which may provide persistent volume support for a Kubernetes environment.
Our Ceph RBD cluster will be composed of a single Ceph monitor (MON) and two Ceph Object Storage Daemon (OSD) nodes. In Ceph, MON nodes track the state of the cluster, and OSD nodes hold the data to be persisted.
Kubernetes and the Need for Ceph RBD Creating a Kubernetes cluster environment equivalent to hosted solutions (GKE) and turn-key solutions (Kubernetes on AWS or GCE) requires 3 things:
Installing Kubernetes on bare-metal machines is dead simple, and a million times easier than installing OpenStack. The bulk of the instructions below involve setting up the bare-metal machines on packet.net.
What You’ll Get with These Instructions One may use these instructions to create a basic Kubernetes cluster. In order to create a cluster environment equivalent to a hosted solution (GKE) or turn-key solutions (Kubernetes on AWS or GCE), you’ll need persistent volume and load-balancer support.
Description I’ve created a secure routed VPN network between all of my family’s home networks. Here’s what it looks like, followed by how I did it.
DD-WRT Network Diagram Here’s an overview of the components:
Home Network OpenVPN concentrator Netgear WNR3500L (480Mhz CPU, 8MB Flash, 64MB RAM) DD-WRT Mega/Big (Includes OpenVPN), with jffs enabled Local Network: 192.168.1.0/24 Dynamic DNS: xxxx.dyndns.org Remote Client Networks 1 and 2 OpenVPN client Linksys WRT54G (266Mhz CPU, 4MB Flash, 16MB RAM) DD-WRT VPN (Includes OpenVPN), with jffs enabled Client Network 1 Local Network: 192.
I spend too much time on my home network infrastructure, but it is too much fun… Components to brag about include:
Embedded linux on a wireless access point Vpn concentrator and clients using certificate authentication to route between family member networks Virtual server and multiple virtual guest machines Fully automated backup process for all data Fileserver for nfs and samba filesharing Web servers which run wordpress, mediawiki Reverse proxies Home Network Diagram I used the Dia utility to draw a great-looking diagram of my home network.
If you connect to a network served by a Cisco VPN concentrator, then you can run the Cisco VPN client on a router, instead of your computer. Running Cisco VPN on a router creates several advantages:
Masquerades (NAT) the local network so that all computers behind the router can access the VPN network Re-connects on dropped connections. Splits and sends only traffic destined to the foreign network over the VPN connection.
My Brother MFC-9840cdw multi-functional printer/scanner/coper/fax can scan to email. However gmail requires SSL, which the printer is not able to support. Using xinetd and openssl, my Linux machine is able to proxy local pop3 requests to gmail’s SSL pop3s service, and local smtp requests to gmail’s SSL smtps service.
Here are the basics on what you need. These ideas are not original.
Tunneling smtp to smtps
# xinetd: tunnel local smtp to gmail smtps service smtp { disable = no socket_type = stream wait = no user = root server = /etc/xinetd.