helm repo add apisix https://charts.apiseven.com
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update

Set to version 3

#  We use Apisix 3.0 in this example. If you're using Apisix v2.x, please set to v2
ADMIN_API_VERSION=v3

Install APISIX

Make sure you have access to Kubernetes cluster using kubeconfig file

helm upgrade --install apisix apisix/apisix \
  --set gateway.type=LoadBalancer \
  --set service.type=LoadBalancer \
  --set ingress-controller.enabled=true \
  --create-namespace \
  --namespace ingress-apisix \
  --set ingress-controller.config.apisix.serviceNamespace=ingress-apisix \
  --set ingress-controller.config.apisix.adminAPIVersion=$ADMIN_API_VERSION

The post APISIX Digital Ocean Setup appeared first on TEKSpace Blog.

Step 1. Generate the private key:

openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:2048

Step 2: Generate the Public Key from the Private Key:

openssl rsa -pubout -in private_key.pem -out public_key.pem

Step 3: Convert the Private Key to Base64:

openssl base64 -A -in private_key.pem -out private_key_base64.txt

Step 4: Convert the Public Key to Base64:

openssl base64 -A -in public_key.pem -out public_key_base64.txt

The -A flag in the openssl base64 command ensures that the Base64 output is in a single line.

The post How to generate private and public keys using OpenSSL command appeared first on TEKSpace Blog.

scp [OPTION] [user@]SRC_HOST:]file1 [user@]DEST_HOST:]file2

Here are some examples of how you can use scp:

1. Copying a file from your local machine to a remote server:

   scp /path/to/local/file username@remote_server:/path/to/remote/directory

This command copies a file from your local machine to the specified directory on the remote server. Replace /path/to/local/file with the path to the file you want to copy, username with your username on the remote server, remote_server with the IP address or hostname of the remote server, and /path/to/remote/directory with the destination directory on the remote server.

2. Copying a file from a remote server to your local machine:

   scp username@remote_server:/path/to/remote/file /path/to/local/directory

This does the opposite of the first example: it copies a file from the remote server to your local machine.

3. Copying a directory recursively from your local machine to a remote server:

   scp -r /path/to/local/directory username@remote_server:/path/to/remote/directory

The -r option is used to copy directories recursively. Replace /path/to/local/directory with the path to the local directory you want to copy, and adjust the other placeholders as in the previous examples.

4. Copying a file from one remote server to another remote server:

   scp username1@remote_server1:/path/to/file username2@remote_server2:/path/to/directory

This command copies a file directly between two remote servers. You will need to have SSH access from the source server to the destination server for this to work without prompting for a password mid-transfer.

Remember to replace placeholders like username, remote_server, /path/to/local/file, and /path/to/remote/directory with your actual user names, server addresses, and file paths. If the SSH server is running on a port other than the default (22), you can specify the port with the -P option, like so: scp -P port_number ....

The post SCP Command to copy files to new server appeared first on TEKSpace Blog.

Connecting to a PostgreSQL Database:

• Connect to a PostgreSQL database:

psql -d database_name -U user_name

• Connect to a PostgreSQL database on a specific host and port:

psql -h host_name -p port_number -d database_name -U user_name

Listing Databases and Tables:

• List all databases: \l or \list
• List all tables in the current database: \dt (for tables in the public schema) or \dt *.* (for tables in all schemas)

Switching Databases:

• Switch connection to another database: \c database_name

Viewing Table Structure:

• Describe a table’s structure (columns, types, etc.): \d table_name

Executing SQL Queries:

• Execute an SQL query directly from the command line:

psql -d database_name -U user_name -c "SELECT * FROM table_name;"

Exporting and Importing Data:

• Export data to a file:

psql -d database_name -U user_name -c "COPY table_name TO '/path/to/file.csv' DELIMITER ',' CSV HEADER;"

• Import data from a file:

psql -d database_name -U user_name -c "\COPY table_name FROM '/path/to/file.csv' DELIMITER ',' CSV HEADER;"

Managing Users and Permissions:

• Create a new user: CREATE USER user_name WITH PASSWORD 'password';
• Grant privileges to a user on a database: GRANT ALL PRIVILEGES ON DATABASE database_name TO user_name;
• Revoke privileges from a user on a database: REVOKE ALL PRIVILEGES ON DATABASE database_name FROM user_name;

Database Maintenance:

• Vacuum a database (clean up and optimize): VACUUM (VERBOSE, ANALYZE) table_name;
• Reindex a database: REINDEX DATABASE database_name;
• Show running queries: SELECT * FROM pg_stat_activity;
• Cancel a running query: SELECT pg_cancel_backend(pid);

Exiting psql:

• Exit the psql utility: \q

These commands cover a broad range of operations you might need to perform when managing PostgreSQL databases from the command line. Remember to replace placeholders like database_name, user_name, table_name, and file paths with your actual database names, user names, table names, and file paths.

The post Useful PostgreSQL commands for command line appeared first on TEKSpace Blog.

1. List all databases: To see all the databases in PostgreSQL, you use the command:

   \l

or

   \list

This command displays the list of databases along with other information like the database owner, encoding, and access privileges.

2. Use (or switch to) a specific database: To select a database to work with, you use the \c command followed by the name of the database. For example, if your database name is exampledb, you would use:

   \c exampledb

This command connects you to the exampledb database, allowing you to execute queries against it.

3. Query tables within the selected database:

• List all tables: Once you’ve switched to your database, to see all the tables within that database, use the command: \dt This lists all the tables in the current database schema. If you want to see tables from all schemas, you can use: \dt *.*
• Querying data from a table: To query data from a specific table, you use the standard SQL SELECT statement. For example, if you want to select all columns from a table named employees, you would use: SELECT * FROM employees;
• Describing a table structure: To get detailed information about the columns of a table, you can use the \d command followed by the name of the table. For example: \d employees This command shows the column names, data types, and other information about the employees table.

These are the basic commands to get started with managing and querying databases and tables in PostgreSQL. Remember, to use these commands, you need to have access to the PostgreSQL server and appropriate permissions to view and query the databases and tables.

The post PostgreSQL list database and query tables appeared first on TEKSpace Blog.

Step 1: Go to Microsoft 365 Admin Center and sign in with your admin account.

Step 2: Go to Users > Active Users.

Step 3: Click on Multi-Factor Authentication

A page with all the users will pop up.

Step 4: Click on the user you would like to disable MFA:

Step 5: Click on disable and click yes

The post How to Disable Multi-Factor Authentication In Microsoft 365 appeared first on TEKSpace Blog.

Base64 encoding converts groups of 3 bytes (24 bits) from binary data into 4 characters from a set of 64 predefined characters, which usually include uppercase letters, lowercase letters, digits, and a few special characters. When the length of binary data is not divisible by 3, padding characters, often represented by the symbol ‘=’, are added to the encoded output. This ensures that the total number of characters is a multiple of 4.

From the Linux command line interface, execute the below commands to encode or decode string values.

Encoding

echo -n 'tekspace' | base64

Output:

dGVrc3BhY2U=

Decoding

echo -n dGVrc3BhY2U= | base64 -d

Output:

tekspace

The post Linux Base64 encoding and decoding string value appeared first on TEKSpace Blog.

NOTE: Azure, Google, IBM, AWS now offer Kubernetes services that offer free cluster management, so you do not have to worry any longer. Windows containers are yet to be offered and should be available soon. Check out their official websites to find out more information on when they will be able to offer windows containers.

In this tutorial, I will go over how to Setup windows node and join that to existing Kubernetes cluster with 1.14 version. If you do not have a Kubernetes cluster and would like to learn how to set it up. Check out the below prerequisites.

Prerequisites

• How to setup Kubernetes 1.14 cluster on CentOS 7.6.
• Windows Server 2019 version 1809 and should have all the updates installed.

NOTE: Before we move forward, ensure you have successfully setup a Kubernetes 1.14 cluster on your Linux machine. If not, check out the prerequisites.

Enable mixed OS scheduling

The below guide was referenced from Microsoft documentation.

Login to your master node and execute the below commands.

cd ~ && mkdir -p kube/yaml && cd kube/yaml

Confirm kube-proxy DaemonSet is set to Rolling Update:

kubectl get ds/kube-proxy -o go-template='{{.spec.updateStrategy.type}}{{"\n"}}' --namespace=kube-system

Download node-selector-patch from GitHub:

wget https://raw.githubusercontent.com/Microsoft/SDN/master/Kubernetes/flannel/l2bridge/manifests/node-selector-patch.yml

Patch your kube-proxy

kubectl patch ds/kube-proxy --patch "$(cat node-selector-patch.yml)" -n=kube-system

Check the status of kube-proxy

kubectl get ds -n kube-system

[rahil@k8s-master-node yaml]$ kubectl get ds -n kube-system
NAME                      DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR                                               AGE
kube-flannel-ds-amd64     2         2         2       0            2           beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux   106m
kube-flannel-ds-arm       0         0         0       0            0           beta.kubernetes.io/arch=arm                                 106m
kube-flannel-ds-arm64     0         0         0       0            0           beta.kubernetes.io/arch=arm64                               106m
kube-flannel-ds-ppc64le   0         0         0       0            0           beta.kubernetes.io/arch=ppc64le                             106m
kube-flannel-ds-s390x     0         0         0       0            0           beta.kubernetes.io/arch=s390x                               106m
kube-proxy                2         2         2       2            2           beta.kubernetes.io/os=linux                                 21h

Your kube-proxy node selector status should show beta.kubernetes.io/os=linux get applied.

Setting up flannel networking

Below guide was referenced from Microsoft documentation.

Since I already have kube-flannel setup from previous tutorial, I will go ahead and edit it by following the below guide and update the values accordingly.

On your master node, edit kube-flannel and apply changes that are needed to configure windows worker node.

kubectl edit cm -n kube-system kube-flannel-cfg

If you already know how to use the vi editor, you should be able to navigate with in the edit mode. Go ahead and find the below block of code and update it with the as shown below:

cni-conf.json: |
    {
      "name": "vxlan0",
      "plugins": [
        {
          "type": "flannel",
          "delegate": {
            "hairpinMode": true,
            "isDefaultGateway": true
          }
        },
        {
          "type": "portmap",
          "capabilities": {
            "portMappings": true
          }
        }
      ]
    }

And, your net-conf.json should look like this shown below:

net-conf.json: |
    {
      "Network": "10.244.0.0/16",
      "Backend": {
        "Type": "vxlan",
        "VNI" : 4096,
        "Port": 4789
      }
    }

Once you have updated your kube-flannel configmap, go ahead and save it to apply those changes.

Target your kube-flannel to only Linux by executing the below command:

kubectl patch ds/kube-flannel-ds-amd64 --patch "$(cat node-selector-patch.yml)" -n=kube-system

Install Docker on your Windows node

Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
Install-Package -Name Docker -ProviderName DockerMsftProvider
Restart-Computer -Force

Download and stage Kubernetes packages

Step 1: Open PowerShell as an administrator and execute the below command to create a directory called k.

mkdir c:\k; cd c:\k

Step 2: Download Kubernetes 1.14.0 from github and download kubernetes-node-windows-amd64.tar.gz.

Step 3: Extract the package to c:\k path on your Windows node.

NOTE: You may have to use a third party tool to extract tar and gz files. I recommend using portable 7zip from here. So that you don’t have to install it.

Find kubeadm,kubectl, kubelet, and kube-proxy and copy it on windows node under c:\k\. Should look like below.

Copy Kubernetes certificate file from master node

Go to your master node under ~/.kube/config of your user home directory and paste it to c:\k\config.

You can use xcopy or winscp to download config file from master node to windows node.

Add paths to environment variables

Open PowerShell as an administrator and execute the following commands:

$env:Path += ";C:\k"; $env:KUBECONFIG="C:\k\config"; [Environment]::SetEnvironmentVariable("Path", $env:Path + ";C:\k", [EnvironmentVariableTarget]::Machine); [Environment]::SetEnvironmentVariable("KUBECONFIG", "C:\k\config", [EnvironmentVariableTarget]::User)

Reboot your system before moving forward.

Joining Windows Server node to Master node

To join the Flannel network, execute the below command to download the script.

Step 1: Open PowerShell as Administrator:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
 wget https://raw.githubusercontent.com/Microsoft/SDN/master/Kubernetes/flannel/start.ps1 -o c:\k\start.ps1

Step 2: Navigate to c:\k\

cd c:\k\

Step 3: Execute the below command to join Flannel cluster

.\start.ps1 -ManagementIP 192.168.0.123 -NetworkMode overlay -InterfaceName Ethernet -Verbose

Replace ManagementIP with your Windows node IP address. You can execute ipconfig to get these details. To understand the above command, please refer to this guide from Microsoft.

PS C:\k> .\kubectl.exe get nodes
NAME                STATUS     ROLES    AGE   VERSION
k8s-master-node     Ready      master   35h   v1.14.0
k8s-worker-node-1   Ready      <none>   35h   v1.14.0
win-uq3cdgb5r7g     Ready      <none>   11m   v1.14.0

Testing windows containers

If everything went well, and you see your Windows node joined the cluster successfully. You can deploy a Windows container to test if everything is working as expected. Execute the below commands to deploy a Windows container.

Download YAML file:

wget https://raw.githubusercontent.com/Microsoft/SDN/master/Kubernetes/flannel/l2bridge/manifests/simpleweb.yml -O win-webserver.yaml

Create new deployment:

kubectl apply -f .\win-webserver.yaml

Check the status of container:

kubectl get pods -o wide -w

Output

PS C:\k> .\kubectl.exe get pods -o wide -w
NAME                            READY   STATUS              RESTARTS   AGE   IP       NODE              NOMINATED NODE   READINESS GATES
win-webserver-cfcdfb59b-fkqxg   0/1     ContainerCreating   0          40s   <none>   win-uq3cdgb5r7g   <none>           <none>
win-webserver-cfcdfb59b-jbm7s   0/1     ContainerCreating   0          40s   <none>   win-uq3cdgb5r7g   <none>           <none>

Troubleshooting

If you are receiving something like below. That means your kubeletwin/pause wasn’t built correctly. After spending several hours. I dig through all the script that start.ps1 script does, and I found out that whenever Docker image was built, it didn’t use the correct version of container image.

Issue

Error response from daemon: CreateComputeSystem 229d5b8cf2ca94c698153f3ffed826f4ff69bff98d12137529333a1f947423e2: The container operating system does not match the host operating system.
(extra info: {"SystemType":"Container","Name":"229d5b8cf2ca94c698153f3ffed826f4ff69bff98d12137529333a1f947423e2","Owner":"docker","VolumePath":"\\\\?\\Volume{d03ade10-14ef-4486-aa63-406f2a7e5048}","IgnoreFlushesDuringBoot":true,"LayerFolderPath":"C:\\ProgramData\\docker\\windowsfilter\\229d5b8cf2ca94c698153f3ffed826f4ff69bff98d12137529333a1f947423e2","Layers":[{"ID":"7cf9a822-5cb5-5380-98c3-99885c3639f8","Path":"C:\\ProgramData\\docker\\windowsfilter\\83e740543f7683c25c7880388dbe2885f32250e927ab0f2119efae9f68da5178"},{"ID":"600d6d6b-8810-5bf3-ad01-06d0ba1f97a4","Path":"C:\\ProgramData\\docker\\windowsfilter\\529e04c75d56f948819cd62e4886d865d8faac7470be295e7116ddf47ca15251"},{"ID":"f185c0c0-eccf-5ff9-b9fb-2939562b75c3","Path":"C:\\ProgramData\\docker\\windowsfilter\\7640b81c6fff930a838e97c6c793b4fa9360b6505718aa84573999aa41223e80"}],"HostName":"229d5b8cf2ca","HvPartition":false,"EndpointList":["CE799786-A781-41ED-8B1F-C91DFEDB75A9"],"AllowUnqualifiedDNSQuery":true}).

Solution

1. Go to c:\k\ and open Dockerfile.
2. Update first line to FROM mcr.microsoft.com/windows/nanoserver:1809 and save the file.
3. Execute the below command to build an image as administrator from a PowerShell console.

cd c:\k\; docker build -t kubeletwin/pause .

4. Open win-webserver.yaml and update image tag to image: mcr.microsoft.com/windows/servercore:1809.
5. Delete and Re-apply your deployment by executing the below command.

kubectl delete win-webserver
kubectl apply -f .\win-webserver.yaml

Now all your pods should show in running state.

PS C:\k> kubectl get pods
NAME                            READY   STATUS    RESTARTS   AGE
win-webserver-cfcdfb59b-gk6g9   1/1     Running   0          6m44s
win-webserver-cfcdfb59b-q4zxz   1/1     Running   0          6m44s

The post Setup Windows Node with Kubernetes 1.14 appeared first on TEKSpace Blog.

NOTE: Please make sure swap is disabled on master and worker nodes for Kubernetes setup to be successful. You can follow the guide from here.

Prerequisites

• Swap is disabled.
• You should know how to install CentOS 7 and knowledge of sudo user.

Master node Tutorial

System updates

Let’s go ahead and first update our Linux system with all security patches or any other upgrades that will ensure our system is up-to-date.

sudo yum update -y

After your system has been updated, we are now ready to set up a Kubernetes cluster. We will first set up Docker and then setup Kubernetes.

Install and setup Master and Worker Nodes

Please ensure you have applied the following steps to both master and worker nodes before moving on to steps specific to each node. The below steps are common for both master and worker nodes.

Install and Setup Docker

Execute the below command to install Docker.

sudo yum install -y docker

Now we need to enable and start Docker as a service.

sudo systemctl enable docker && sudo systemctl start docker

To verify if you have Docker version 1.13 and higher, execute the below command.

sudo docker version

Install Kubernetes packages

In order to grab the latest package for Kubernetes, we need to configure our yum repository. Copy and paste the page below line of code to create a new config file for Kubernetes yum repo.

sudo bash -c 'cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude=kube*
EOF'

Disable SELinux to prevent any communication issues on all the nodes.

sudo setenforce 0sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config

sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes

After the installation is completed, let’s enable kubelet as a service.

sudo systemctl enable kubelet && sudo systemctl start kubelet

Master node setup

Allow 6443 and 10250 from firewalld on master node

sudo firewall-cmd --permanent --add-port=6443/tcp && sudo firewall-cmd --permanent --add-port=10250/tcp && sudo firewall-cmd --reload

NOTE: If you do not execute the above commands, you will see the below warning during Kubernetes initialization.
[WARNING Firewalld]: firewalld is active, please ensure ports [6443 10250] are open, or your cluster may not function correctly.
error execution phase preflight: [preflight] Some fatal errors occurred:

Set IPTables settings
Copy and paste the below line of code on your master and worker node.

sudo bash -c 'cat <<EOF >  /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF'

Apply changes by execute the below command.

sudo sysctl --system

Load br_netfilter module

sudo lsmod | grep br_netfilter

Configure Kubernetes Master node

Now that we are done installing the required packages and configuration of your system. Let’s go ahead and start the configuration.

First we need to get all the images that are going to be used during Kubernetes initialization. It is optional and kubeadm will automatically pull it during initialization. But I recommend it to first get the images, so you don’t have to worry about images.

sudo kubeadm config images pull

After it is pulled all the images let’s get started with cluster setup.

sudo kubeadm init --pod-network-cidr=10.244.0.0/16

During initialization, if you received the following error, that means you didn’t disable your swap. Please go ahead and disable swap and reboot your system and try again.

[ERROR Swap]: running with swap on is not supported. Please disable swap
[preflight] If you know what you are doing, you can make a check non-fatal with --ignore-preflight-errors=...

Or, if you received the below error, ensure you have applied the correct IPTable settings as provided above.

[ERROR FileContent–proc-sys-net-bridge-bridge-nf-call-iptables]: /proc/sys/net/bridge/bridge-nf-call-iptables contents are not set to 1
[preflight] If you know what you are doing, you can make a check non-fatal with --ignore-preflight-errors=...

After you have successfully set up your Kubernetes cluster, your output should look similar to below. Please make a note of the key for joining worker nodes to Kubernetes cluster.

[init] Using Kubernetes version: v1.14.0
[preflight] Running pre-flight checks
        [WARNING Firewalld]: firewalld is active, please ensure ports [6443 10250] are open or your cluster may not function correctly
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Activating the kubelet service
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [k8s-master-node kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.0.120]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [k8s-master-node localhost] and IPs [192.168.0.120 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [k8s-master-node localhost] and IPs [192.168.0.120 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[apiclient] All control plane components are healthy after 16.501860 seconds
[upload-config] storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.14" in namespace kube-system with the configuration for the kubelets in the cluster
[upload-certs] Skipping phase. Please see --experimental-upload-certs
[mark-control-plane] Marking the node k8s-master-node as control-plane by adding the label "node-role.kubernetes.io/master=''"
[mark-control-plane] Marking the node k8s-master-node as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: 3j2pkk.xk7tnltycyz2xh5n
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] creating the "cluster-info" ConfigMap in the "kube-public" namespace
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.0.120:6443 --token khm95w.mo0wwenu2o9hglls \
    --discovery-token-ca-cert-hash sha256:aeb0ca593b63c8d674719858fd2397825825cebc552e3c165f00edb9671d6e32

Adding cluster settings to regular users to be able to access Kubernetes cluster locally.

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

Apply network settings for pods

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml

That’s it! You have your master node setup.

Worker node setup

If you have more than one node, apply the below steps to each worker node.

Use the information received from your master node to join the cluster. The below information may be different for you.

sudo kubeadm join 192.168.0.120:6443 --token khm95w.mo0wwenu2o9hglls \
    --discovery-token-ca-cert-hash sha256:aeb0ca593b63c8d674719858fd2397825825cebc552e3c165f00edb9671d6e32

If you receive the following output. That means you have successfully connected to the Kubernetes master node.

[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.14" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Activating the kubelet service
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

To check if your node joined the cluster, execute the below command from master node.

kubectl get nodes

Your output should look something like below.

NAME                STATUS     ROLES    AGE     VERSION
k8s-master-node     NotReady   master   37m     v1.14.0
k8s-worker-node-1   NotReady   <none>   8m19s   v1.14.0

Troubleshooting Master node issues

If you are receiving CrashLoopBackOff for coredns as shown below, it is likely your firewalld on worker node is blocking connectivity with the master node.

[rahil@k8s-master-node ~]$ kubectl get pods -A -o wide
NAMESPACE     NAME                                      READY   STATUS             RESTARTS   AGE   IP              NODE                NOMINATED NODE   READINESS GATES
kube-system   coredns-fb8b8dccf-9jd8r                   0/1     CrashLoopBackOff   15         19h   10.244.1.7      k8s-worker-node-1   <none>           <none>
kube-system   coredns-fb8b8dccf-kfjsz                   0/1     CrashLoopBackOff   15         19h   10.244.1.6      k8s-worker-node-1   <none>           <none>

The recommended solution is to stop firewalld completely to resolve this issue. Execute the below command to stop firewalld on your worker nodes.

sudo systemctl disable firewalld && sudo systemctl stop firewalld && sudo systemctl status firewalld

[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[kubelet-check] Initial timeout of 40s passed.

Unfortunately, an error has occurred:
	timed out waiting for the condition

This error is likely caused by:
	- The kubelet is not running
	- The kubelet is unhealthy due to a misconfiguration of the node in some way (required cgroups disabled)

If you are on a systemd-powered system, you can try to troubleshoot the error with the following commands:
	- 'systemctl status kubelet'
	- 'journalctl -xeu kubelet'

Additionally, a control plane component may have crashed or exited when started by the container runtime.
To troubleshoot, list all containers using your preferred container runtimes CLI, e.g. docker.
Here is one example how you may list all Kubernetes containers running in docker:
	- 'docker ps -a | grep kube | grep -v pause'
	Once you have found the failing container, you can inspect its logs with:
	- 'docker logs CONTAINERID'

If your master node setup wasn’t successful, and you are seeing the above errors, I recommend starting all over again. I spent several hours and ended up re-imaging my VM and reconfiguring all of it step by step. Good luck!

Optional but recommended setting for Kubernetes dashboard

From master node execute below command to create new deployment for Kubernetes dashboard. You can also reference it from their github site as well for more information.

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml

The post Setup Kubernetes 1.14 Cluster on CentOS 7.6 appeared first on TEKSpace Blog.

Mixed Content: The page at ‘https://example.com/ghost/#/site‘ was loaded over HTTPS, but requested an insecure resource ‘http://example.com/‘. This request has been blocked; the content must be served over HTTPS.

In this tutorial, I will demonstrate how to remove this warning and load all the content over https.

NOTE: This tutorial is demonstrated for ghost v2. If your blog is v1 it may differ, but I highly doubt that. The majority of ghost blog versions adhere to similar standards. If you are having problems. Please leave a comment below.

Assuming you have installed your ghost blog correctly and have your site hosted at /var/www/ghost. If your web hosting path is different. Navigate to that folder path and execute the below commands.

1. By default, your site is set as HTTP. You can change that to HTTPS by executing the below command.

Navigate to the correct hosting path.

cd /var/www/ghost

Set site to HTTPS

ghost config set url https://example.com

2. Once you have set your site URL to HTTPS, you can restart your ghost blog by executing the below command.

ghost restart

Thank you for following this tutorial. If you have feedback or any issues, feel free to share it below in the comments.

The post Ghost blog content not secure warning appeared first on TEKSpace Blog.