Manage Kubernetes locally with RKE DIND

Rancher Kubernetes Engine (RKE) is an open-source Kubernetes installer written in Golang which is easy to use and highly customizable, it uses containerized deployment for kubernetes components and can work on many platforms, it support installation on bare-metal and virtualized servers plus it supports integeration with many cloud providers including AWS, Openstack, VSphere, and Azure. For more information about RKE you can checkout the official documentation. Managing Kubernetes Locally There are many options to run Kubernetes locally, the most popular option is to use Minikube which runs a single node kubernetes cluster inside a virtual machine on your local computer, Minikube supports many kubernetes features and can run on any platform, more options are also available to install Kubernetes locally that includes Minishift which installs a community version of Openshift for local developement, also microk8s which provides a single command installation of the latest Kubernetes version and is considered very fast way to get Kubernetes locally.
Read more

Docker Tunneling in Go

A trick i learned recently is that Docker client in Golang can accept custom dialer which can be so useful to connect to a remote Docker engine through SSH tunneling, all you need is a working SSH connection to a remote server and Docker engine on this server that listens on a local UNIX socket. First let’s look at the NewClient function for Docker client: func NewClient(host string, version string, client *http.
Read more

Kubernetes Installers (1): Kubespray

Kubernetes installation is considered a tough problem for any infrastructure operator, picking the right solution to deploy and run Kubernetes depends mainly on the user’s need, there is no one right solution for deploying Kubernetes however it depends on many variables including cloud provider, HA, network plugins, etc. These series of posts will try to list some different popular approaches to install and run Kubernetes, and will try to compare different solutions and give a quick example on each installer, and I will start with kubespray which is one of popular approaches to install kubernetes.
Read more

Creating Private Docker Registry 2.0 with Token Authentication Service

Docker Registry is a stateless server-side application that can act as a central repository for Docker images, Docker has its own free to use central registry called Docker Hub. Setting up your own Docker Registry in your production environment, gives you control over what image being stored and control over the Continuous Integration/Continuous Delivery (CI/CD) workflow, where you can push changes to the source control repo, then the CI tool of your choice pulls the image from your private Registry, run the tests and then build the image and push it to the private registry, then a Docker API will be triggered to deploy the new image into production.
Read more

Using Ansible With Digitalocean

I started using Ansible about two months ago, because it appeared back then as an easy way to the automation world, it turns out, i was right. Ansible is a powerful configuration management and IT automation tool created by Michael DeHaan at 2012. Ansible can be used starting from gathering information about you local machine, rolling updates, deploying small software, all the way to orchestrating a highly scalable infrastructure and managing a fleet of servers.
Read more

Amazon S3 Automated Backups

Amazon S3 buckets can be a great place to store regular backups, using AWS API storing backups at S3 buckets can be done easily. S3cmd is one of the free tools, that can send files to the S3 buckets as well as Google cloud storage. In this post i will demonstrate how to create automatic backup system that can send regular backups every day to S3 bucket using s3cmd tool.
Read more

Building Php Application With Docker

Using Docker, deploying application components in production environment can be done in minutes. In this post i will build a simple wordpress PHP application stack using Nginx (front-end container), and two Application servers (back-end containers) which are connected to a MySQL container. Using the link feature in docker, we will be able to link the containers with each other without the need to expose the ports on the host machine, or worry about the IPs of the linked containers.
Read more

Control Resources With Cgroups

Controlling and limiting system resources is a great deal for sysadmins, especially on heavy loaded machines. When mentioning limiting or prioritization, some terms pop into my head like nice, and ulimit, that was before cgroups. CGroups (Control Groups) is a linux kernel feature written by Paul Menage and Rohit Seth at 2006, that limits and allocates system resources to different process groups. Cgroups considered the base technology used in Linux containers (LXC), Google’s lmctfy (“Let Me Contain That For You”) containers solution which uses only cgroups to implement OS-level virtualization, and of course Docker.
Read more

Using Overlayfs With Lxc

Overlay-filesystem (or Unionfs) is a filesystem service that uses union mount to mount different filesystems hierarchies to appear as one unified filesystem. The overlay-filesystem overlays one filesystem above the other into a layered representation. When a directory appears in both layers, overlayfs forms a merged directory for both of them. In case of two files have the same name in both layers, only one is served from the upper or the lower layer, but if a file only exists in the lower layer and an edit needs to be done on that file, a copy of this file is created on the upper layer to be edited.
Read more

Getting Started With Lxc

LXC (Linux Containers) is an OS-level Virtualization method, used to run separated linux containers on the same machine without hardware emulation layer between the containers and the OS. LXC uses some kernel features to create an isolated containers much like the ordinary virtual machines, the main kernel features that lxc relies on are: cgroups and namespaces. LXC also called lightweight virtualization that’s because LXC creates an isolated environment on the same kernel as the host which means creating a container can be made in a matter of seconds.
Read more