Type your search keyword, and press enter

How to run an ssh server on kubernetes

Let’s say you’d like to run a pod on your cluster that accepts incoming ssh connections. (There are various reasons to do this — I have one application planned for an upcoming post.)

It’s actually quite easy to just run sshd in a container and mount a public key file as /root/.ssh/authorized_keys to allow a user with the corresponding private key to ssh in as root.

It’s a little trickier, though, if you want to allow ssh access without allowing root access.

The main issue is that a non-root user can’t launch the ssh service, so you can’t simply run your pod as a non-root user. And [right now, as far as I know] you can’t mount a file with a different owner than the security context of the pod. But the ~/.ssh/authorized_keys file needs to be owned by its own corresponding user in order for the ssh service to accept it…

Continue reading “How to run an ssh server on kubernetes”

How to move a WordPress blog to kubernetes

WordPress has been a popular blogging/website platform for decades, which means that there are a quite a number of old WordPress-based websites out there. But if you’re hosting one on a VM, it can be difficult to scale it, to maintain it, and to update the look without breaking it. Kubernetes to the rescue!

Cloud Native best practices recommend a clean separation among executable code (in the container), configuration (in the kubernetes manifests), and data (in the database and/or mounted volumes). But WordPress was first designed before the widespread use of containers — so, unfortunately, the code, configuration, and content data are all jumbled together in the filesystem.

Ultimately deploying WordPress on kubernetes is quite doable — and enforcing the separation of components (code/configuration/data) makes it easy to deploy as many copies as you like, which simplifies maintenance and scaling (compared to running it on a VM). But the standard WordPress docker images need to employ some ugly hackery to get the code and configuration into a writable volume for it to work — so the initial setup can be delicate.

If you would like to migrate an existing WordPress blog/site to kubernetes, you will need the following:

Continue reading “How to move a WordPress blog to kubernetes”

startup2scalable.com is open for business!!

When I was the tech lead for DevOps and Cloud Infrastructure at South Pole, I liked to think of all of the various dev teams as my clients. Marketing websites, machine learning projects, data pipelines, and all manner of applications for internal and external clients — the teams doing these projects all needed cloud infrastructure and a bit of help getting set up.

My objective was to design a system of ci/cd pipelines and kubernetes objects that was simple and flexible enough for the developers to understand (without too much extra effort) so that the teams could manage and customize their own releases and deployments — with as much (or as little) ongoing help from me as they wanted.

Now I’m ready to offer the same service to the rest of the world!

Continue reading “startup2scalable.com is open for business!!”

Read-write-many volumes on LKE with NFS

When deciding whether to use Linode as my kubernetes provider, I needed to ensure that I would have read-write-many volumes available for deployments that need them. So I did a quick search, and the only thing that came up was this guide on setting them up with rook — which is deprecated. Not cool.

On other cloud providers, I created read-write-many volumes using a Network File System — so I wondered if I could do the same on Linode. Answer: yes. And it’s actually pretty easy and works well. Here’s how:

Continue reading “Read-write-many volumes on LKE with NFS”