/images/avatar.png

Ceph on isolated environment

Ubuntu 22.04 on all nodes Ceph on single host Ceph on isolated environment Let’s prepare our network environment to deploy Ceph without the Internet We need to create 6 nodes: 3 for ceph installation (ceph1, ceph2, ceph3) 1 for apt repository (aptly) 1 for docker registry (harbor) 1 for dns server (infra) Also we need set up 3 networks: Ceph Internal to connect only ceph nodes to each other Internal to connect ceph, aptly and harbor nodes vLan to connect aptly and harbor nodes to the internet And we need a dns server to resolve names connected with ip pools:

Aptly deb repository

Tested on: Ubuntu 22.04 Install Aptly Official instruction here: 1 2 3 4 echo "deb [signed-by=/etc/apt/keyrings/aptly.asc] http://repo.aptly.info/ squeeze main" | sudo tee /etc/apt/sources.list.d/aptly.list sudo mkdir -p /etc/apt/keyrings; sudo chmod 755 /etc/apt/keyrings sudo wget -O /etc/apt/keyrings/aptly.asc https://www.aptly.info/pubkey.txt sudo apt update && sudo apt install aptly Create aptly config: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 cat <<EOF | sudo tee /etc/aptly.

Create tls connect between MongoDB and Java Spring Boot application

Tested on: Ubuntu 22.04 List of parameters used in application.yaml Parameters from mongo Good connect string: mongodb+srv://<login>:<password>@<hostname>/<database-to-connect>?replicaSet=<name-of-replicaset>&readPreference=secondary&retryWrites=true&w=majority&authSource=admin&tls=true Repository with all files Run mongodb inside Docker 1 2 3 4 docker run --rm --name mongodb -p 27017:27017 \ -e MONGO_INITDB_ROOT_USERNAME=admin \ -e MONGO_INITDB_ROOT_PASSWORD=secret \ mongo Connect to admin’s db and create a db with user (auth db will be the same db): 1 2 3 4 5 6 7 8 9 10 11 12 13 14 mongosh "mongodb://admin:secret@localhost/admin?

Generating self-signed certificates

Tested on: Ubuntu 22.04 At first, let’s set environment variables 1 2 3 4 DOMAIN=mongodb SUBJ="/CN=Local trust issuer" # format: # SUBJ="/C=RU/ST=someobl/L=somecity/O=somecompany/CN=$DOMAIN" Get a Certificate Authority certificate 1 2 3 openssl genrsa -out rootCA.key 4096 openssl req -x509 -new -nodes -key rootCA.key \ -sha256 -days 1024 -subj "$SUBJ" -out rootCA.pem Now we have public and private keys: rootCA.key and rootCA.pem. Let’s get information about our root Certificate Authority certificate:

k8s rbac

Script to create cluster-admin and approve trough k8s-cluster: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 K8S_USER=your_user GROUP=cluster-admin openssl genrsa -out "$K8S_USER.

Install k3s with metallb

Requirements https://docs.k3s.io/installation/requirements Spec Minimum Recommended CPU 1 core 2 cores RAM 512 MB 1 GB Create cluster with 3 workers: 1 2 3 4 5 6 7 # map 443 and 80 ports to ethernet on node k3d cluster create mycluster --agents 3 -p "443:443@loadbalancer" -p "80:80@loadbalancer" -p "8000:8000@loadbalancer" --wait # k3d cluster create mycluster --agents 3 --k3s-arg "--disable=traefik@server:0" --wait k cluster-info Kubernetes control plane is running at https://0.0.0.0:39973 CoreDNS is running at https://0.