NWS
Tutorials
Step-by-step instructions for Kubernetes and our cloud services.
Kubernetes Tutorials
Kubernetes Policies with OPA Gatekeeper
Once you have got started with Kubernetes and are in productive operation, new requirements are often added to the existing environments over time. These can be diverse: from consistent labels for rolled-out applications to security-relevant settings, there are many...
Nextcloud configuration with Kustomize
In this guide, we will show you how to implement your Nextcloud configuration with Kustomize on a Kubernetes cluster. Note: These instructions are not intended for productive use. It only serves as a basic illustration of how you can customize applications with...
LUKS Encrypted storage in Kubernetes
Today, more and more stateful applications are finding their way into production Kubernetes clusters. Therefore, it is likely that you are already using persistent volumes or persistent volume claims(PVs/PVCs) for the workloads you or your organization deploy. If you...
Secure Ingress-NGINX with Cert-Manager
In one of the first tutorials on our site, we showed you how to install and set up Ingress-NGINX in your cluster. Today we'll go one step further and look at how you can secure Ingress-NGINX and your services with the help of TLS certificates through Cert-Manager! What is Cert-Manager? Cert-Manager is a CNCF project for the automatic or programmatic provisioning of TLS certificates. The program continuously monitors annotated resources (e.g. Ingress objects) and a collection of...
Kubernetes with Cilium: Traffic filtering based on L7
With the new version of the Cilium CNI on our Kubernetes service, you get the ability to filter traffic based on L7 properties. This is normally reserved for service meshes and can be very helpful in securing your services. In this tutorial, we will secure an API endpoint so that our client can only access certain routes. All other requests will not be forwarded to the service in the first place to minimize the load on the API. Prerequisites Before you start, you will need the following: A...
RWX with the NFS Ganesha Provisioner
You have the requirement that your application must scale across multiple nodes for load balancing, but need access to a common PVC? For this purpose, you need a PVC that is ReadWriteMany (RWX)-capable. As part of our Managed Kubernetes Cluster, it is possible to create a CSI Cinder Blockstorage. However, due to technical limitations, this is only ReadWriteOnce (RWO) capable. We will show you here how we can still create an RWX-capable PVC using a workaround based on a practical example! What...
Increase persistent volumes in Kubernetes
Do you want to enlarge a PersistentVolume (PV) in Kubernetes? This tutorial will show you how to do this. What PVs are and how to create them is explained in the tutorial Creating persistent volumes in Kubernetes, on which this tutorial is based. You need more features around volumes in Kubernetes? NETWAYS Managed Kubernetes offers you encryption, automated backups and snapshots, as well as different storage classes, suitable for your application. Enlarge PV in K8s: Let's go Scaling up a PV in...
Connection limit for load balancer
Would you like to set your own limit for incoming connections to your load balancer? In this tutorial you will learn how to do this. About the connection limit The connection limit describes the maximum number of connections per second that are permitted for a load balancer listener (open frontend port). You may be asking yourself, why should you set a connection limit at all? The most obvious reason is to prevent a flood of HTTP requests to the Kubernetes apps. With a stronger limit, the...
Automatic Fedora CoreOS updates for Kubernetes
You want automatic Fedora CoresOS updates for your Kubernetes? And what do Zincati and libostree have to do with it? Get a quick overview here! Fedora CoreOS is used as the operating system for many Kubernetes clusters. This operating system, which specializes in containers, scores points above all with its simple, automatic updates. Unlike usual, it is not updated package by package. Fedora CoreOS first creates a new, updated image of the system and finalizes the update with a reboot. A...
X-Forwarded-For and Proxy-Protocol
Want to know how to get the IP addresses of your clients in your Kubernetes cluster? You'll have an overview in five minutes! Need more help configuring Kubernetes? Our MyEngineers® are always there for you! From HTTP client to application In the nginx ingress controller tutorial, we show you how to make an application publicly accessible. In the case of the NETWAYS Cloud, your Kubernetes cluster uses an Openstack load balancer, which forwards the client requests to an nginx ingress controller...
Kubernetes alerting with Prometheus
In a previous tutorial , Sebastian explained how you can monitor your Kubernetes cluster with the Prometheus Operator. This article builds on this and shows how you can set up notifications by email and as push notifications with the Alertmanager. Installing the monitoring stack with Helm In addition to the method shown by Sebastian for deploying the Prometheus Operator, there is another variant that can be used to set up a complete Prometheus stack in the Kubernetes cluster. This is with the...
Logging with Loki and Grafana in Kubernetes
You already know the most important building blocks for starting your application from our tutorial series. Are you still missing metrics and logs for your applications? After this tutorial, you can check off the latter. Logging with Loki and Grafana in Kubernetes - an overview To collect and manage your logs, Kubernetes also offers one of the most well-known, heavyweight solutions. These usually consist of Logstash or Fluentd for collecting, paired with Elasticsearch for storing and Kibana or...
Manage node groups in Kubernetes
As of this week, our customers can use the "Nodegroup feature" for their NWS Managed Kubernetes clusters. What are nodegroups and what can I do with them? Our seventh tutorial in the series explains this and more. What are node groups? Nodegroups make it possible to create multiple Kubernetes node groups and manage them independently of each other. A node group describes a number of virtual machines that have various attributes as a group. Essentially, this determines which flavor - i.e. which...
Creating persistent volumes in Kubernetes
You want to create a persistent volume in Kubernetes? Here you can find out how this works with Openstack Cinder in NWS Managed Kubernetes. Pods and containers are by definition more or less volatile components in a Kubernetes cluster and are created and destroyed as required. However, many applications such as databases can rarely be operated sensibly without long-lived storage. With the industry standard Container Storage Interface (CSI), Kubernetes offers a standardized integration for...
Monitoring Kubernetes with Prometheus
Monitoring - a certain love-hate relationship for many. Some like it, others demonize it. I'm one of those who usually demonize it, but then complain if you can't see certain metrics and information. Regardless of personal preferences on this topic, the consensus is clear: monitoring is important and a setup is only as good as its associated monitoring. If you want to develop and operate your applications on the basis of Kubernetes, sooner or later you will inevitably ask yourself how you can...
Kubernetes Nginx Ingress Controller – Here’s how it works
With the first steps with Kubernetes you already know how to start applications in your Kubernetes cluster. Now let's expose your application online. In the following, I will explain how this works and how you can get started with a Kubernetes Nginx Ingress Controller using an example. To make applications in a Kubernetes cluster accessible from the outside, you can use a load balancer type service. In the NETWAYS Cloud, we start an Openstack Octavia LB with a public IP in the background and...
First steps with Kubernetes
Do you have a brand new Kubernetes cluster and want to get started? But regardless of whether you're running a local minikube or a managed Kubernetes with all the bells and whistles, the first Kubernetes objects in the super simple YAML format will make almost everyone frown at first. What are deployments, services and the like? And why all the labels? Let's try to shed some light on this. The most important Kubernetes objects To manage and control a Kubernetes cluster, you use Kubernetes API...
How to start your Managed Kubernetes
Interested in how to start a Managed Kubernetes at NWS? Here you can find out how to get started! First you need an account for our NETWAYS Web Services platform. After registering, you can start our open source managedservices such as GitLab and also create access to our cloud and Kubernetes. Take a look at our demo! Christian shows you our Managed Kubernetes in the recorded webinar. Pictures say more than a thousand words? Of course, you decide on a Kubernetes account and after a few clicks...
Managed Kubernetes vs. on-premises
Managed Kubernetes vs. Kubernetes on-premises - should I use a managed Kubernetes offering or is it better to run Kubernetes myself? For some, of course, this question does not even arise, as it is strategically dictated by the company or their own operations. For everyone else, the following lines should help to provide an overview of the advantages and disadvantages of managed Kubernetes and on-premises and point out technical challenges. Why Kubernetes? In order to pick up readers who are...
Cloud tutorials
Cloud Deployment in 15 Minutes with Terraform and Docker
In today's world of the cloud, it's easy to lose track: VMs, Kubernetes, Serverless, the possibilities are almost endless, and the "best" way to run applications is not always clear. It is often worth creating a proof of concept and going through a cloud deployment...
Immutable Backups with S3: How to Protect Your Data
Object Storage offers a number of technical features that can look complicated and seemingly superfluous when taken out of context. When combined, however, they become extremely handy for certain use‑cases - for example, immutable backups with S3. In this hands‑on...
VM rescue on OpenStack
Accidentally terminated the SSH service, deleted the boot partition, or complications after updating the operating system? Most of us have stood in front of an inaccessible, misconfigured or otherwise broken server at some point and no longer had access. Fortunately,...
LUKS encrypted storage on OpenStack
Conscientiously securing your IT landscape has become increasingly important in recent years. With a steady increase in (user) data that needs to be managed, processed and stored, encrypting this data should be on your agenda for a holistically secured IT infrastructure.That's why in this tutorial we'll look at how LUKS encrypted storage on OpenStack can help secure your volumes at rest . We will look at two approaches to defining and using encrypted volumes in OpenStack: via the web interface...
Migration of servers on VMware to OpenStack
In this tutorial we look at migrating servers on VMware to OpenStack. Following the recent acquisition of VMware by Broadcom, many smaller Cloud Service Providers (CSPs) have received notices to terminate their membership in VMWare's partner program in recent weeks. Many end customers are therefore in an uncertain situation, which is made even more acute by the lack of information.The first providers of compatible software are already considering the possibility of supporting alternative...
Update from Ubuntu 20.04 to 22.04 with Nextcloud 26 and PHP 8.1
Every few years, Ubuntu releases a new LTS version of its operating system, and with it comes a bunch of new applications and dependencies. This can be both exciting and challenging for system administrators who have to make sure everything works after an upgrade. One of the upgraded features in Ubuntu 22.04 is the transition from PHP7.x to PHP8.x. This brings a performance boost, great new features and longer support. To make the transition easier for you, we'll go through the steps required...
Terraform and OpenStack
Many of you are probably already familiar with the use of Terraform in combination with Azure or AWS. And although these are the most commonly used platforms, there are uncertainties - often with regard to data protection (GDPR) - and therefore still a need for reliable alternatives. As all of our systems are based on open source, we will look at the use of Terraform in combination with OpenStack. We always try to integrate all our services into OpenStack and then create tutorials to help the...
Dynamic Inventory – An Ansible and OpenStack love story
For those of you who may not be too familiar with Ansible: It's a great tool to get started in the world of automation and makes your life in configuration management much easier. The familiarization phase In this tutorial, we will go through a basic playbook that you can use with OpenStack and look at using dynamic inventories. Dynamic inventories have one big advantage: you don't have to manually update the file every time you set up a new server in a project. If Ansible is used with...
Monitoring for machines with Icinga 2 Master
With our OpenStack Cloud, it is child's play to set up your own environment according to your own ideas. Start a few machines quickly and easily using Terraform, make the service available to the outside world via an attached floating IP and associated security group and the project is up and running. But no environment runs flawlessly and monitoring is a big issue - you like to notice in front of your own users or customers when something doesn't quite work as it should. I think every reader...
Start the project and create the first server
We are celebrating success with our new cloud environment - performance, stability, flexibility and low prices are impressing our customers. However, the multitude of functions can be overwhelming for some users when using it for the first time. However, we are happy to help shed light on this and show how easy it actually is. To begin with, we need an NWS account. Here you simply enter an e-mail address and the desired password, as well as whether it is a business or standard account. A short...
Backup and snapshot
Sooner or later, everyone who runs a server will probably reach the point where the VM (or parts of it) are irreversibly "torn apart" - for whatever reason.Anyone who has dedicated themselves to backing up their data in advance now has a clear advantage and can expect significantly lower adrenaline levels - especially if the last backup was less than 24 hours ago. Backups and snapshots are quick and easy to set up in our NWS interface, so that automatic backups of your VMs are made every...
Scaling on demand
Depending on the type of in-house production, it may be worthwhile for some server operators to automatically create virtual machines for a certain period of time using a script and - once the work is done - to delete them again just as automatically; for example, if a computing job with your own hardware would take longer than is acceptable. Our cloud will be happy to take care of this for you - even if it involves resources other than processors. In this example, I will go through the first...
Manage and assign security groups
Once you have clicked on the first new instance in our cloud web interface and assigned an SSH public key with which you want to connect to this VM, you are faced with the small problem that you cannot access the instance from outside; we have the "default" security group to thank for this. It contains the rules: - Allow incoming connections with any protocol, on any port, but only from hosts in the internal network that also use the "default" security group (IPv4 and IPv6)- Allow outgoing...
Create and use S3 object storage
In times of high availability and multiple web servers, central data storage, data security and fast access times must be harmonized. This is precisely why more and more users are now using technologies that lure them in with buzzwords such as S3, buckets, object storage and Swift. We at NETWAYS Web Services have been offering this for some time now. We have created this tutorial to shed some light on the subject. In this tutorial we will explain it step by step: Why Objectstorage Creation of...
Corosync Cluster with Failover IP
One of the first customer requirements you usually read is: High availability. It has long been the norm to ensure that the project can still be reached without any problems even in the event of partial failures and that single points of failure are avoided. A Corosync / Pacemaker cluster is often used for this, the technology behind it has been tried and tested for over a decade - the basic idea behind it is to create virtual resources that can be started on any connected node. The following...
The ABCs of the cloud
The NETWAYS Group offers a very wide range of services and products relating to the development, management, automation and monitoring of IT infrastructure in the open source sector. We operate a hardware store, hold training courses, organize conferences, provide operational support and advise customers on challenges relating to the automation and monitoring of their on-prem systems. With our NETWAYS Web Services we have also established ourselves as a successful cloud provider for...
AI Tutorials
No Results Found
The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.
No Results Found
The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.