☸️ Kubernetes

Introduction Authentik is an open-source identity provider that can be used to manage authentication and authorization for your applications. In this guide, I will explain how to install Authentik in a Kubernetes cluster to secure applications. Prerequisites A Kubernetes cluster with Traefik installed. Helm package manager installed and has required permissions to install and manage resources in the cluster. Cloudflare account with your domain configured. Already configured Cloudflare tunnel to use Traefik Ingress Controller. Installation Guide Step 1: Generate Secrets Before we prepare the Helm chart values file, we need to create a secretKey for Authentik to sign the JWT tokens and create a password for PostgreSQL database. ...

Introduction In this guide, we will explore how to secure public web applications running on Kubernetes using Authentik, a modern open-source identity provider. We will also leverage Cloudflare for additional security and performance enhancements. The setup will include Traefik as the ingress controller to manage incoming traffic to our applications. Prerequisites A Kubernetes cluster up and running. Helm installed for managing Kubernetes applications. Traefik installed as the ingress controller. Authentik installed in your Kubernetes cluster. Please check my previous posts for detailed instructions on how to set up Traefik and Authentik in Kubernetes. ...

Introduction In this guide, I will explain how to securely expose the Traefik dashboard in a Kubernetes cluster using Cloudflare. The Traefik dashboard provides insights into the traffic and routing within your cluster, but it should be secured to prevent unauthorized access. Prerequisites A Kubernetes cluster with Traefik installed. Helm package manager installed and has required permissions to install and manage resources in the cluster. Cloudflare account with your domain configured. Already configured Cloudflare tunnel to use Traefik Ingress Controller.

Introduction I am using Nginx Ingress Controller for my Kubernetes cluster, but I wanted to set up Traefik as well for specific use cases. This guide explains how I installed Traefik on my Kubernetes cluster using Helm. Why I want to use Traefik I want to use authentication features for my applications, and my Nginx Ingress Controller setup requires enabling allow-snippet-annotations and setting annotations-risk-level to Critical. This is because Nginx Ingress Controller uses annotations for advanced configurations, which can be risky if not managed properly. Traefik, on the other hand, does not require such risky configurations and provides a safer way to manage ingress rules and features. So I decided to switch to Traefik as my primary Ingress Controller. ...

Introduction Containerd is a core component of Kubernetes that manages container lifecycle. Upgrading containerd can bring performance improvements, bug fixes, and new features. This guide will walk you through the steps to upgrade Containerd on a Kubernetes node. Deployment Script CURRENT_VERSION="v2.1.3" ARCH="linux-amd64" DOWNLOAD_URL="https://github.com/containerd/containerd/releases/download/${CURRENT_VERSION}/containerd-${CURRENT_VERSION#v}-${ARCH}.tar.gz" echo "Draining node..." kubectl drain $(hostname) --ignore-daemonsets --delete-emptydir-data echo "Stopping containerd..." sudo systemctl stop containerd echo "Removing old containerd..." sudo apt remove -y containerd echo "Downloading containerd $CURRENT_VERSION..." wget -q $DOWNLOAD_URL -O containerd.tar.gz echo "Extracting and installing containerd..." tar -xvf containerd.tar.gz sudo cp bin/* /usr/local/bin/ echo "Setting up systemd service..." sudo systemctl unmask containerd sudo wget -q -O /etc/systemd/system/containerd.service https://raw.githubusercontent.com/containerd/containerd/main/containerd.service sudo systemctl daemon-reexec sudo systemctl daemon-reload sudo systemctl enable --now containerd echo "Generating config and setting SystemdCgroup..." sudo mkdir -p /etc/containerd sudo bash -c "containerd config default > /etc/containerd/config.toml" sudo sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml echo "Restarting containerd and kubelet..." sudo systemctl restart containerd sudo systemctl restart kubelet echo "Updated. Current containerd version:" containerd --version