Blog

I’m a bit conservative about automating my home because of the vendor lock-in or the requirement to have a central hub. Last Black Friday I came across the Shelly products. Shelly doesn’t require a central hub and only needs a Wi-Fi connection and there isn’t a vendor lock-in because the modules do have their own web interface and API. Interesting and I bought a couple of Shelly 1’s! In this article more about the Shelly 1 and how I use them to automate my front door and back door lights.

In this blog post, I’ll explain how you deploy a brand new Kubernetes Cluster with Rancher Kubernetes Engine (RKE). Rancher Kubernetes Engine doesn’t include the Rancher management application itself and will deploy a vanilla Kubernetes Cluster for you, the exact same thing as kubeadm can do for you but much more simple!

Kubernetes Certificate Manager (cert-manager) is a native Kubernetes controller helping you to issue certificates from a variety of sources, such as Let’s Encrypt, HashiCorp Valut, a signing keypair and self-signed. The Certificate Manager ensures certificates are valid and up-to-date, and attempt to renew certificates at a configured time before expiry.

Keycloak is an open source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and services with little to no code. I’m using Keycloak as an Identity Broker and have multiple Active Directories added to Keycloak.

Officially, GitLab doesn’t support RBAC enabled Kubernetes clusters yet, but with some manual configuration, it is possible to integrate your Kubernetes cluster into Gitlab with RBAC enabled.

I try to automate almost everything. I use Docker to containerize in-house developed software and run these containers on CentOS 7 machines. When you’re using a modern CentOS 7 version, the XFS filesystems are configured correctly with d_type support activated. But when you want to run Docker containers on an older version of CentOS 7, d_type support could be disabled causing a lot of trouble when you’re chowning and chmoding files in a container: files are not found or skipped, etc.

Database servers and clusters should be backed up regularly to prevent data loss when an error or disaster occurs. You can backup database servers logically using mysqldump, but you can also backup databases physically using Percona XtraBackup. XtraBackup enables you to run full and incremental backups, stream backups, compress and encrypt backups. TwinDB has simplified the usage of Xtrabackup and will automatically backup your Percona XtraDB cluster on an hourly basis.

In high-available production environments like a Software-as-a-Service Cloud environment, you have to minimize any kind of downtime as much as possible. In most cases, an application needs at least a database server. If this database server gets unavailable, the application won’t function anymore. In this case, the database software is your most critical SPOF to resolve. Percona XtraDB cluster can help you to eliminate this SPOF by setting up a master-master HA cluster.

In Kubernetes it is possible to use Persistent Volumes to add persistent storage to your Docker containers. When creating a Persistent Volume (Claim) you have to configure a storage type and storage capacity. When your application gets successful and your storage exceeds the limits, you have to extend the volume or create a new persistent volume. The latter isn’t a feasible solution in a production environment, but extending a persistent volume isn’t supported out-of-the-box in Kubernetes. There is a solution though! Extending the volume outside Kubernetes!

I try to automate almost everything. I use Docker to containerize in-house developed software and run these containers on CentOS 7 machines. When you’re using a modern CentOS 7 version, the XFS filesystems are configured correctly with d_type support activated. But when you want to run Docker containers on an older version of CentOS 7, d_type support could be disabled causing a lot of trouble when you’re chowning and chmoding files in a container: files are not found or skipped, etc.