Backup and Restore Kubernetes Etcd on the Same Control Plane Node

Image: https://etcd.io

Couple days ago I wrote an article about How to Change Kubernetes Kube-apiserver IP Address which involves keeping the original etcd data.

In this article I will go through the process of backing up and restroing etcd. Before we start, let’s do some basic understand of etcd first. From official, etcd is

a distributed, reliable key-value store for the most critical data of a distributed system.

Also,

etcd is open source, available on GitHub, and backed by the Cloud Native Computing Foundation.

OK, let’s get started with today’s topic. Please do note,

All commands are executed on control…


How to Change Kubernetes Kube-apiserver IP Address

Image: https://kubernetes.io/docs/concepts/overview/components/#kube-apiserver

I have been troubled by the title recently cause I have my cluster deployed on the cloud and in order to down cost, I shut down VMs while not using them.

Since the public ip address of the VM changes once stop and start again, my kube-apiserver ip address becomes inconsistence with the new public ip address. And it cause me unable to access the cluster, while the cluster is actually running and working fine.

I know I can solve this problem by as simeple as assigning an elastic ip address to the server, but on the other…


To create a Kubernetes cluster, we use command kubeadm init. By default, if you do not specific any ip address flag, kubeadm will parse your current networking environment and use it for kube-apiserver.

Unless your server has public ip address by default, otherwise, for server hosts on clouds, Kubernetes cluster will us its private ip address for kube-apiserver. For example, my cluster is hosted on AWS EC2.

Deploy Kubernetes with Specific Public IP Address for Control Plane Endpoint

In this case, if I want to maintain Kubernetes cluster, my device has to be in the same network segment, which is kinda troublesome. …


Regenerate Kubernetes Join Command to Join Work Node

Image: https://vocon-it.com/2018/12/03/how-to-create-a-kubernetes-cluster-with-kubeadm-kubernetes-series-3/

When we first init a K8S cluster, it will output the join command for us to join work node as shown below.


Image: https://www.ovh.com/blog/why-ovh-managed-kubernetes/

Basically I am concentrating what’s been said on the official Kubernetes webpage here, so you can refer for detailed information.

Having Kubernetes up and running on a server, you need,

  1. Install a container runtime
  2. Install K8S command tools

There are three ways listed on the official website to setup Kubernetes and three container runtime choices. In this post, I will use docker as container runtime and kubeadm to setup the control plane.

Please note that in this post, I will only setup PRIVATE K8S cluster with ONE control plane node, NOT any work node.

All commands are executed…


In my previous blog, I have SSL Certificate related setting done and IIS running with both HTTP and HTTPS. There are times where we want to make sure all traffics are using HTTPS, so we must redirect HTTP traffics to HTTPS.

In order to do so, we need to:

  1. Install rewrite module on IIS
  2. Configure HTTP to HTTPS rules
  3. That’s it and verify!

Let’s get started

Install rewrite module on IIS

Install rewrite modules from Microsoft’s website.

Redirect HTTP to HTTPS on Windows IIS — Forced HTTPS

File called urlrewrite2.exe is downloaded, execute it.


In my previous blog, I wrote about Install, Configure and Run IIS on Windows 2016. In this blog, I will write about SSL certificate related settings.

Please be aware that you need to own a domain name in order to do the procedure below.

Steps:

  1. Create Certificate Sign Request (CSR) from IIS.
  2. Apply SSL Certificate from sslforfree.
  3. Complete CSR on IIS.
  4. Bind https on website
  5. Get IIS up and running with HTTS
  6. Export .pfx file from IIS

Let’s get started

Generating CSR from IIS

Click Server Certificates under IIS Server main page.

Create CSR, Apply SSL Certificate and Configure IIS Running on HTTS

Click Create Certificate Request.


Due to the reason that I was assigned a project which involved Windows IIS and since I have not been using or working with Windows for the last 10 years, getting IIS up and running was quick a challenge to me. But after some readings and struggling, I managed to make it work and below is a blog for my own reference, or to anyone who’s new to Windows IIS too.

In this post, I will be doing

  1. Installing IIS
  2. Setting up IIS
  3. Getting IIS up and running

Let’s get started.

Installing IIS

Login your Windows Server and start Server Manager.

Install, Configure and Using IIS on Windows 2016

Start…


Add Users to Azure SQL Database

Image: https://docs.microsoft.com/en-us/azure/azure-sql/azure-sql-iaas-vs-paas-what-is-overview#service-comparison

Okay, before you read on, I want you to know that I will be talking about how to add, assign privileges and other user related operations in SQL Database using SSMS. I want to save you some time and not to find out the content of this post is not what you looking for : )

To cut the story short, let’s first understand what is Azure SQL Database. In short sentence from official:

Azure SQL Database is a fully managed platform as a service (PaaS) database engine that handles most of the database management functions such as…


Account Management on Azure AKS with AAD and AKS RBAC

Image: https://docs.microsoft.com/en-us/azure/aks/concepts-identity#azure-role-based-access-control-azure-rbac

From official:

There are different ways to authenticate, control access/authorize and secure Kubernetes clusters. Using Kubernetes role-based access control (Kubernetes RBAC), you can grant users, groups, and service accounts access to only the resources they need. With Azure Kubernetes Service (AKS), you can further enhance the security and permissions structure by using Azure Active Directory and Azure RBAC. These approaches help you secure your cluster access and provide only the minimum required permissions to developers and operators.

Kubernetes doesn’t provide an identity management solution to control which users can interact with what resources. Instead, you typically integrate your cluster with…

Yst@IT

AWS Certified SA, SysOps & Developer Associate, Alibaba Cloud certified SA. Focusing on Azure, Prometheus w/ Grafana, ELK and K8S now.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store