“Technology” Category page 1 / 2

Microk8s Control Plane API Load Balancing

Here’s a tale of how I came to load balance the Control Plane API of my 3 node microk8s cluster running on VM’s in my home lab.

How?
Why?
Other ideas I probably should have thought of
- DNS round-robin
Other things I tried that didn’t work

How?

Before we get started, here’s some of my choices, limitations and requirements:

Pruning microk8s containerd when k8s garbage collection fails

microk8s, well k8s as a whole tbf, seems to really struggle with garbage collection when the disk is (nearly) full. Which seems odd to me. When you really need garbaga collection to work, it’s failing on you. Why is that? Grinds my gears, it does.

Anyway, you might see node events like this:

 Type Reason...


    
      
        Extending/resizing a logical volume file system
        
        
          In my infinite wisdom, I recently decided to “Just add more disk” to address a problem I was having with garbage collection. I wanted to add another 16GB of storage to my LVM filesystem to just stop my monitoring from carrying on about there being <20% available. Plus, the microk8s garbage collection was being garbage.
 I’m using proxmox as my...
        
      
    
      
        Windows Server Virtual Interface with a configured VLAN with a custom MAC
        
        
          I’m not a Windows server kinda guy, but do you think I could find a nice, easy to follow, walk-through on how to create a Windows Server Virtual Interface on a given VLAN and using a custom MAC?

No, no I couldn’t. Perhaps I wasn’t searching with the correct search terms. Perhaps this is assumed knowledged on a Windows Server. I don’t know.

Here is how I ended up solving my problem.



The problem

We have a Windows Server. It’s going to be our internal, non-production, database server.
But, it’s going to host multiple databases for multiple environments (dev, sit, uat, etc, etc).
We split and protect each of our environments using VLAN’s.

The requirements


  The server needs to have multiple VLAN’s attached to it.
  The server has 2x 10GB NIC’s.
  These 2 NIC’s must be configured for automatic failover, to protect us in the event of failure of cable/switch/port/etc. We’ll be using “NIC Teaming” for this.
  The VLAN Virtual Interfaces need to have their own, individual, MAC. NIC teaming still uses the base, physical/teamed, card’s MAC for the VLAN Virtual Interface(s).


The solution


        
      
    
      
        The Source
        
        
          A little while ago I penned a quick (and funny?) ditty about source code, loosely based on the theme song of the Mr Ed show.



The source is the source

Of course, of course

And no-one can resource the source, of course

Unless, of course, the resource is the faaaamous Mr Ed.

        
      
    
      
        AWS Internet access from a Private subnet
        
        
          To enable internet access from a private subnet, you will need do a couple of things.
  Create a new public subnet (if you don’t have one already)
 Create an Internet Gateway and associate it with this public subnet, making it the default gateway
 Create a NAT Gateway associated with this public subnet (it must have a public subnet IP...
        
      
    
      
        Quick SSL/TLS certificate check
        
        
          While doing a lot of SSL/TLS renewals, transfers, migrations, etc recently; I was looking for a really simple tool to help me verify the certificate being served was the absolute correct one. It needed to check the:
  Issuer
 Valid from dates
 Valid to dates
 Distinguished Name
 Subject Alternate Names
 
 I used the openssl utility to help me do...
        
      
    
      
        How-To extend a Logical Volume using LVM on Linux
        
        
          While not a difficult process, it’s not the easiest of things to do either. Logical Volume Manager (LVM) lives up to *NIX’s user friendly mantra - “UNIX is user friendly, it’s just picky about who it’s friends are”.
 Because LVM is actually really powerful and flexible in managing your storage, this inherently means complexity maintaining/controlling LVM.
 The basic process to...
        
      
    
      
        Manual cert-bot renewals for certificates hosted on a Sophos UTM
        
        
          Renew your cert-bot certificate

I have a cert-bot certificate on my home licensed Sophos UTM. Yeah, yeah. I should upgrade to the Home XG. One of these days … maybe. 
I also use the Remote Access feature (SSL VPN) to gain access to my stuff at home when I’m out and about. I don’t have to leave my SSH, or other, ports wide open. It’s just good practise. But, because it needs the user portal to get your certificates and configs for the OpenVPN SSL VPN, I can’t use cert-bot’s automatic renewal, as the required URL’s aren’t normally available. The reverse proxy configuration (Web Server Protection) doesn’t seem to work with the User Portal also enabled. So, I have to go manual.

The basic steps for me go like this:


  Start the cert-bot manual process
  Disable the Sophos User Portal
  Start up a Web Server Protection config to send my requests to a backend server. This could the cert-bot temp web server. But not in my case. Because “reasons”.
  Put the codes into the files (or it gets the hose) as cert-bot expects to browse them.
  Verify it all works
  Complete the cert-bot renewal
  Disable the Web Server Protection
  Re-enable the User Portal
  Convert the certificates into a PKCS#12 cert
  Upload to Sophos Certificate Manager
  Change your Sophos config to use the new PKCS#12 cert
  Good to go



        
      
    
      
        JVC Everio MOD files to MPG
        
        
          I keep needing to convert the MOD files from my JVC Everio video camera to MPEG4 files, ready for building into a DVD. And everytime I keep going back to Google to find the commands. I don’t do it often enough to remember it, I don’t even do it often enough to remember to script it. So, with that in...


  
  
    
    Older →