Forem: Krisha Arya

Deploying NGINX on Minikube Using Helm

Krisha Arya — Fri, 06 Feb 2026 19:50:00 +0000

Environment Details

OS: Windows 11
Container Runtime: Docker Desktop (Linux containers)
Kubernetes: Minikube
Package Manager: Helm

Objective

Install Helm on Windows
Start Minikube cluster
Create a Helm chart
Deploy NGINX using Helm
Expose the application using NodePort
Verify application internally and externally
Understand why some commands fail and alternatives are used

Installing Helm on Windows

Helm is a package manager for Kubernetes, used to deploy applications using reusable charts.

Method 1: Install using Winget

winget install Helm.Helm

📌 Why this method?

Simplest and fastest
Automatically adds Helm to PATH
Recommended for beginners

Method 2: Manual Installation (Alternative)

Download Helm binary:

https://get.helm.sh/helm-v4.1.0-windows-amd64.zip

Extract it and place in:

C:\helm

Add Helm to PATH:

$env:Path += ";C:\helm"

Verify Helm Installation

helm version

✔ Confirms Helm is installed and accessible

Starting Minikube Cluster

Helm works on top of Kubernetes, so Minikube must be running first.

Start Minikube

minikube start --driver=docker

📌 Why Docker driver?

Best supported on Windows
Lightweight and stable

Possible Errors are:
1) Starting Minikube — Initial Failure
❌ Command
minikube start

❌ Error
PROVIDER_DOCKER_NOT_RUNNING
deadline exceeded running "docker version"

📌 Reason

Minikube is configured to use the Docker driver, but:
Docker Engine was not running.
OR Docker context was incorrect.
Minikube cannot create a Kubernetes cluster without Docker running.

2) Fixing Docker Environment
✅ Step 1: Remove incorrect Docker host variable
Remove-Item Env:DOCKER_HOST

📌 Why?
Sometimes Docker tools inherit a stale DOCKER_HOST variable, which breaks communication with Docker Desktop.

✅ Step 2: Verify variable is removed
echo $Env:DOCKER_HOST

Expected output:
(empty)

✅ Step 3: Switch Docker context
docker context use desktop-linux

📌 Why?
Minikube on Windows requires Linux containers, not Windows containers.

3) Pulling Kubernetes Images (Optional but Used Here)

You manually pulled Kubernetes images:

docker pull registry.k8s.io/kube-apiserver:v1.34.0
docker pull registry.k8s.io/kube-controller-manager:v1.34.0
docker pull registry.k8s.io/kube-scheduler:v1.34.0
docker pull registry.k8s.io/kube-proxy:v1.34.0
docker pull registry.k8s.io/coredns/coredns:v1.12.1
docker pull registry.k8s.io/etcd:3.6.4-0
docker pull registry.k8s.io/pause:3.10.1
docker pull docker.io/kicbase/stable:v0.0.48

📌 Why this was done

Minikube had network trouble reaching registry.k8s.io
Pre-pulling images avoids download failure inside the Minikube container

Check Cluster Status

kubectl get nodes

Expected:

STATUS: Ready

4) Starting Minikube Successfully
✅ Command Used
minikube start --driver=docker --force

📌 Why --force?

Skips some validations
Useful when Docker/network warnings exist
Allows Minikube to fall back to alternative image sources

Creating a Helm Chart

Helm charts provide a template-based way to deploy applications.

Create Chart

helm create my-first-chart

📌 What this does

Creates a complete application structure
Includes Deployment, Service, and configuration templates

Chart Structure

my-first-chart/
├── charts/
├── templates/
├── Chart.yaml
├── values.yaml

Editing `values.yaml`

values.yaml contains default configuration values for the chart.

✅ Open file

notepad values.yaml

✅ Replace content with below one.

replicaCount: 1

image:
  repository: nginx
  pullPolicy: IfNotPresent
  tag: "latest"

imagePullSecrets: []

nameOverride: ""
fullnameOverride: ""

serviceAccount:
  create: true
  automount: true
  annotations: {}
  name: ""

podAnnotations: {}
podLabels: {}

podSecurityContext: {}
securityContext: {}

service:
  type: NodePort
  port: 80

ingress:
  enabled: false
  className: ""
  annotations: {}
  hosts: []
  tls: []

# THIS BLOCK FIXES YOUR ERROR
httpRoute:
  enabled: false
  annotations: {}
  parentRefs: []
  hostnames: []
  rules: []

resources: {}

livenessProbe:
  httpGet:
    path: /
    port: http

readinessProbe:
  httpGet:
    path: /
    port: http

autoscaling:
  enabled: false
  minReplicas: 1
  maxReplicas: 10
  targetCPUUtilizationPercentage: 80

volumes: []
volumeMounts: []

nodeSelector: {}
tolerations: []
affinity: {}

📌 Why NodePort?

Easy exposure in Minikube
No Ingress needed initially
Suitable for learning/testing

Installing the Helm Chart

✅ Install Command

helm install nginx-release .

📌 What happens

Helm renders templates
Kubernetes objects are created:
- Deployment
- Service
- Pod

Verifying Deployment

🔍 Check Pods

kubectl get pods

Expected:

STATUS: Running

🔍 Check Service

kubectl get svc nginx-release-my-first-chart

Expected:

TYPE: NodePort
PORT: 80:<nodePort>

Getting Node IP & NodePort (Manual Way)

$env:NODEIP = kubectl get nodes -o jsonpath="{.items[0].status.addresses[0].address}"
$env:NODEPORT = kubectl get svc nginx-release-my-first-chart -o jsonpath="{.spec.ports[0].nodePort}"
echo "http://$env:NODEIP`:$env:NODEPORT"

📌 Why this is done

NodePort services are accessed via:

  http://<NodeIP>:<NodePort>

Internal Connectivity Test (From Inside Cluster)

Possible errors are:

❌ BusyBox Test (May Fail)

kubectl run test --rm -it --image=busybox -- wget -qO- nginx-release-my-first-chart

❌ Sometimes fails due to:

Limited networking tools
DNS issues in BusyBox

✅ Correct Alternative (Curl Image)

kubectl run test --rm -it --image=curlimages/curl --restart=Never -- curl http://nginx-release-my-first-chart

✔ Output:

Welcome to nginx!

📌 Why curl image works

Built specifically for HTTP testing
Reliable DNS + networking

Accessing Service Using Minikube (Recommended Way)

✅ Command

minikube service nginx-release-my-first-chart

📌 What this does

Automatically fetches NodePort
Creates a tunnel (required for Docker driver on Windows)
Opens browser with correct URL

Summary of Errors & Fixes

Error	Reason	Fix
Docker not running	Docker Desktop stopped	Restart Docker
BusyBox timeout	Image limitations	Use curl image
PowerShell `--` error	Linux syntax used	Use single-line command
NodePort not opening	Docker driver limitation	Use `minikube service`

Key Learnings (Beginner Friendly)

Helm simplifies Kubernetes deployments
values.yaml controls app behavior
NodePort is easiest exposure method in Minikube
Docker driver needs tunnel for service access
Not all test images behave the same

Conclusion

You successfully:

Installed Helm
Created a Helm chart
Deployed NGINX using Helm
Exposed it via NodePort
Verified access internally and externally

Stay tuned for next kubernetes topic ! 😊

EKS Cluster Setup, Deployment & LoadBalancer Exposure (Using eksctl) in Kubernetes

Krisha Arya — Tue, 03 Feb 2026 17:30:08 +0000

Overview

This practical demonstrates a complete end-to-end Kubernetes workflow on AWS EKS using eksctl from a Windows PowerShell environment.
The goal is to:

Create a new EKS cluster
Provision worker nodes
Deploy applications on Kubernetes
Expose the application to the outside world using a LoadBalancer
Perform complete cleanup to avoid AWS charges

This documentation is based on real execution logs and troubleshooting, not theoretical steps.

Prerequisites

Windows OS
PowerShell
AWS Account
AWS CLI installed
kubectl installed
eksctl installed

STEP 1: Verify eksctl Installation

eksctl version

Output:

0.221.0

✅ Confirms eksctl is installed and ready.

STEP 2: Configure AWS Credentials

aws configure

Entered details:

AWS Access Key ID
AWS Secret Access Key
Default region: us-east-1
Output format: json

Sure 👍 here’s a clear, step-by-step guide to get AWS Access Key ID and Secret Access Key from the AWS Security (IAM) section.
This is exactly what you should write in documentation / practical files.

🔐 How to Get AWS Access Key ID & Secret Access Key (IAM)

Login to AWS Console

Go to 👉 https://aws.amazon.com/console/
Click Sign in to the Console
Login using your AWS root account or IAM user

Open IAM (Security Service)

In the AWS Console search bar, type IAM
Open IAM – Identity and Access Management

👉 IAM is used to manage users, permissions, and access keys.

Go to Users

In the left sidebar, click Users
Click on your IAM User name

⚠️ Best practice:
Use an IAM user, not the root account, for CLI access.

Open Security Credentials

Inside the user page, go to the Security credentials tab
Scroll down to Access keys

Create Access Key

Click Create access key
Select Command Line Interface (CLI)
Check the confirmation box
Click Next
(Optional) Add a tag
Click Create access key

Copy Access Keys (VERY IMPORTANT)

You will see:

Access Key ID
Secret Access Key

⚠️ IMPORTANT RULES

Secret Access Key is shown ONLY ONCE
Copy and store it safely
If lost, you must create a new key

Example:

Access Key ID     : AKIAxxxxxxxxxxxx
Secret Access Key : xxxxxxxxxxxxxxxxxxxxxxxxx

STEP 3: Verify AWS Identity

aws sts get-caller-identity

Output:

{
    "UserId": "198961699878",
    "Account": "198961699878",
    "Arn": "arn:aws:iam::198961699878:root"
}

✅ Confirms AWS authentication is working.

STEP 4: Verify Configured Region

aws configure get region

Output:

us-east-1

STEP 5: Create EKS Cluster with Managed Node Group

eksctl create cluster `
  --name my-cluster `
  --region us-east-1 `
  --nodegroup-name standard-workers `
  --node-type t3.medium `
  --nodes 3

What this does:

Creates an EKS cluster named my-cluster
Uses Kubernetes version 1.32
Provisions 3 EC2 worker nodes
Installs core add-ons:
- kube-proxy
- CoreDNS
- VPC CNI
- metrics-server

⏱️ Cluster creation took ~15 minutes.

Final Status:

EKS cluster "my-cluster" in "us-east-1" region is ready

STEP 6: Update kubeconfig for kubectl

aws eks update-kubeconfig --name my-cluster --region us-east-1

Output:

Added new context arn:aws:eks:us-east-1:198961799878:cluster/my-cluster

STEP 7: Verify Worker Nodes

kubectl get nodes

Output:

ip-192-168-21-14.ec2.internal   Ready
ip-192-168-28-52.ec2.internal   Ready
ip-192-168-49-76.ec2.internal   Ready

✅ All worker nodes are in Ready state.

STEP 8: Create ConfigMap (Application Configuration)

Initial PowerShell Multiline Error

Linux-style \ caused parsing errors in PowerShell.

Correct Command (Single Line)

kubectl create configmap app-config --from-literal=APPENV=production --from-literal=LOGLEVEL=info

Output:

configmap/app-config created

Verify ConfigMap

kubectl get configmap
kubectl describe configmap app-config

STEP 9: Create Pod Using ConfigMap

Create YAML File

notepad config-pod.yaml

`config-pod.yaml`

apiVersion: v1
kind: Pod
metadata:
  name: config-pod
spec:
  containers:
  - name: app
    image: nginx
    env:
    - name: APPENV
      valueFrom:
        configMapKeyRef:
          name: app-config
          key: APPENV

Apply Pod

kubectl apply -f config-pod.yaml

Verify Pod

kubectl get pods
kubectl exec -it config-pod -- printenv APPENV

Output:

production

STEP 10: Create Deployment (Multiple Replicas)

Create Deployment YAML

notepad nginx-deployment.yaml

`nginx-deployment.yaml`

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.25
        ports:
        - containerPort: 80

Apply Deployment

kubectl apply -f nginx-deployment.yaml

Verify

kubectl get deployments
kubectl get pods

STEP 11: Expose Deployment Using LoadBalancer

kubectl expose deployment nginx-deployment --type=LoadBalancer --port=80

Verify Service

kubectl get svc

Output:

nginx-deployment   LoadBalancer   a26036e6e746042178d8b53a365c218b.us-east-1.elb.amazonaws.com

✅ AWS Elastic Load Balancer was created automatically.

STEP 12: Cleanup Kubernetes Resources

kubectl delete deployment nginx-deployment
kubectl delete svc nginx-deployment
kubectl delete pod config-pod
kubectl delete configmap app-config

Verify Cleanup

kubectl get all

Output:

service/kubernetes (default system service only)

STEP 13: Delete EKS Cluster (MOST IMPORTANT)

eksctl delete cluster --name my-cluster --region us-east-1

What this deletes:

Worker nodes
EKS control plane
Load balancers
CloudFormation stacks
Networking resources

Final Status:

all cluster resources were deleted

Conclusion

This practical successfully demonstrated:

EKS cluster creation using eksctl
Managed worker node provisioning
ConfigMap creation and usage
Pod and Deployment lifecycle
External access using LoadBalancer
Complete and safe cleanup to avoid AWS charges

Stay connected for next kubernetes tutorial! 😊

Manual Kubernetes Cluster Setup on AWS (kubeadm + Flannel)

Krisha Arya — Tue, 03 Feb 2026 16:45:16 +0000

Introduction

Setting up a Kubernetes cluster manually is the best way to understand how Kubernetes works internally.
In this guide, we set up a 2-node Kubernetes cluster on AWS EC2, where:

One instance acts as the Master Node
One instance acts as a Worker Node

This documentation is based on real troubleshooting, not just ideal steps. It includes:

Correct setup steps
Common beginner mistakes
Real errors faced during setup
Why those errors happened
Exact commands used to fix them
AWS Security Group configuration
Final NGINX deployment and access

By the end, you will have:

A working Kubernetes cluster
Clear understanding of pod networking
Knowledge of CNI (Flannel)
Practical exposure to NodePort services

Cluster Components

Component	Description
Master Node	Kubernetes control plane
Worker Node	Runs application pods
Runtime	containerd
CNI	Flannel (VXLAN)
Exposure	NodePort

🔹 STEP A: Create AWS EC2 Instances

Create 2 EC2 instances in AWS.

Instance Details

OS: Ubuntu 22.04 / 24.04 LTS
Instance Type: t2.medium (minimum)
VPC/Subnet: Same for both instances
Key Pair: k8s.pem

Instance Names

Master Node: master-node
Worker Node: worker-node-1

🔹 STEP B: Configure Security Group (IMPORTANT)

Attach the same Security Group to both instances.

Inbound Rules

Type	Protocol	Port	Source
SSH	TCP	22	Your IP
Kubernetes API	TCP	6443	VPC CIDR
NodePort	TCP	30080	0.0.0.0/0

⚠️ Without port 30080 open, NodePort will not work in the browser.

🔹 STEP C: Get Public IPs

After instances start, note:

Master Public IP
Worker Public IP

Example:

Worker Node Public IP: 65.0.4.177

🔹 STEP D: Prepare SSH Key on Windows (PowerShell)

Open PowerShell as Administrator in the folder containing k8s.pem.

Fix permission issues (VERY IMPORTANT on Windows)

icacls k8s.pem /inheritance:r
icacls k8s.pem /grant:r "$($env:USERNAME):(R)"

This avoids:

Bad permissions
Permission denied (publickey)

🔹 STEP E: SSH into EC2 Instances

Connect to Master Node

ssh -i k8s.pem ubuntu@<MASTER_PUBLIC_IP>

Connect to Worker Node

ssh -i k8s.pem ubuntu@65.0.4.177

👉 You are now inside the Linux terminal of your EC2 instance.

🔹 STEP F: Verify Connection

Run on both nodes:

whoami
hostname

Expected Output

ubuntu
master-node / worker-node-1

STEP 1: Set Hostnames & Hosts File

Master Node

sudo hostnamectl set-hostname master-node
hostname

Worker Node

sudo hostnamectl set-hostname worker-node-1
hostname

Update `/etc/hosts` on BOTH nodes

sudo nano /etc/hosts

Example:

172.31.xx.xx master-node
172.31.yy.yy worker-node-1

STEP 2: Disable Swap & Enable Kernel Networking

Run on BOTH nodes.

Disable Swap

sudo swapoff -a
sudo sed -i '/ swap / s/^/#/' /etc/fstab

Load Required Kernel Modules

sudo modprobe overlay
sudo modprobe br_netfilter
sudo modprobe vxlan

Persist Modules

cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
vxlan
EOF

Enable sysctl Settings

cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF

sudo sysctl --system

STEP 3: Install containerd Runtime

Run on BOTH nodes.

sudo apt update
sudo apt install -y containerd

Generate Default Config

sudo mkdir -p /etc/containerd
containerd config default | sudo tee /etc/containerd/config.toml

Enable systemd Cgroup

sudo sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' \
/etc/containerd/config.toml

Restart & Enable

sudo systemctl restart containerd
sudo systemctl enable containerd

STEP 4: Install Kubernetes Components

Run on BOTH nodes.

sudo apt update
sudo apt install -y apt-transport-https ca-certificates curl gpg

Add Kubernetes Repository

curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key | \
sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg

echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] \
https://pkgs.k8s.io/core:/stable:/v1.30/deb/ /" | \
sudo tee /etc/apt/sources.list.d/kubernetes.list

Install Components

sudo apt update
sudo apt install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl

STEP 5: Initialize Master Node

sudo kubeadm init --pod-network-cidr=10.244.0.0/16

Note: Above IP is fixed. Use same IP.

STEP 6: Configure kubectl (Master Node)

mkdir -p $HOME/.kube
sudo cp /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

STEP 7: Install Flannel CNI

Initial Confusion

kubectl get pods -n kube-system | grep flannel

➡️ Output was empty (Flannel does not run in kube-system)

Correct Installation Command

kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml

Correct Namespace Check

kubectl get ds -n kube-flannel
kubectl get pods -n kube-flannel

❌ Errors Faced & How They Were Fixed

❌ Error 1: Flannel CrashLoopBackOff

Cause

br_netfilter not loaded
vxlan missing
/proc/sys/net/bridge not present

Fix

sudo modprobe br_netfilter
sudo modprobe vxlan
lsmod | egrep 'vxlan|br_netfilter'

❌ Error 2: sysctl bridge error

cannot stat /proc/sys/net/bridge/bridge-nf-call-iptables

Cause

br_netfilter not loaded on worker

Fix (Worker Node)

sudo modprobe br_netfilter
sudo sysctl -w net.bridge.bridge-nf-call-iptables=1
sudo sysctl -w net.bridge.bridge-nf-call-ip6tables=1

Persist Settings

cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes.conf
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF

sudo sysctl --system

❌ Error 3: CoreDNS stuck in ContainerCreating

Cause

Flannel networking not ready

Fix

kubectl delete pod -n kube-flannel -l app=flannel
kubectl get pods -n kube-flannel

Once Flannel became Running, CoreDNS automatically turned Running.

STEP 8: Join Worker Node

sudo kubeadm join <MASTER-IP>:6443 --token <TOKEN> \
--discovery-token-ca-cert-hash sha256:<HASH>

STEP 9: Validate Cluster

kubectl get nodes
kubectl get pods -n kube-system
kubectl get pods -n kube-flannel

All components must be Running.

🚀 Deploy NGINX Application

`nginx-deployment.yaml`

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deploy
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:latest
        ports:
        - containerPort: 80

kubectl apply -f nginx-deployment.yaml
kubectl get pods

`nginx-service.yaml` (NodePort)

apiVersion: v1
kind: Service
metadata:
  name: nginx-service
spec:
  type: NodePort
  selector:
    app: nginx
  ports:
  - port: 80
    targetPort: 80
    nodePort: 30080

kubectl apply -f nginx-service.yaml
kubectl get svc

Access Application

From Worker Node

curl http://localhost:30080

From Browser

http://<WORKER_PUBLIC_IP>:30080

⚠️ Requires AWS Security Group port 30080 open

Conclusion

This setup demonstrated:

Kubernetes cluster creation using kubeadm
Real CNI networking issues and fixes
Importance of kernel modules for Flannel
AWS networking & NodePort behavior
End-to-end deployment of an application

Minikube + Kubernetes Complete Installation & Setup Guide (Windows)

Krisha Arya — Tue, 03 Feb 2026 11:00:29 +0000

This document explains Minikube installation, setup, common errors, fixes, and Kubernetes basics step‑by‑step. It is written for absolute beginners, especially those running Windows 11 + Docker Desktop.

What is Minikube?

Minikube allows you to run a single‑node Kubernetes cluster locally on your system.
It is mainly used for: - Learning Kubernetes - Testing deployments locally - Practicing kubectl commands.
Minikube needs a driver to run Kubernetes, such as: - Docker (recommended on Windows) - Hyper‑V / VirtualBox (optional).

Prerequisites (IMPORTANT)

Before starting, make sure you have:
✅ Windows Requirements
• Windows 10/11 (64‑bit)
• Virtualization enabled in BIOS
✅ Software to Install

Docker Desktop (Required) o Enable WSL2 backend during installation o After installation, open Docker Desktop and ensure it is Running
Minikube o Download from: https://minikube.sigs.k8s.io/docs/start/
kubectl (Kubernetes CLI)
o Usually installed automatically with Minikube
Verify Installation
Open PowerShell and run:

minikube version

kubectl version --client

If both commands work → installation is successful.

📝 NOTE: Minikube Installation Path & PATH Environment Variable (Common Beginner Confusion)

Many beginners think that since Minikube is downloaded from the Downloads folder, the minikube start command must also be run from the Downloads directory.
👉 This is a misconception.
On Windows, when you install Minikube using the official installer, the setup process automatically handles everything for you.
• The minikube.exe file is copied into a bin folder, usually:
• C:\Program Files\Kubernetes\Minikube\
• This bin folder path is automatically added to Windows Environment Variables (PATH) during installation.
Because the PATH variable is already configured:
• Windows knows where minikube.exe is located.
• You do NOT need to go to the installation folder.
• You do NOT need to stay in the Downloads folder.
• You can run minikube start from any directory in PowerShell or Command Prompt.
In simple terms:
Minikube works from anywhere because its bin path is saved in the PATH environment variable automatically during installation.
This behavior is normal, expected, and handled automatically, so no manual path configuration is required from the user.

Starting Minikube (Docker Driver)

minikube start

What Happened Internally
• Minikube detected Docker driver
• Pulled Kubernetes base image
• Created a control‑plane container
• Configured networking (CNI)
Common Warning You Faced
Failing to connect to https://registry.k8s.io/
👉 This happens due to: - Network restriction - Proxy - DNS issue
Important: Even with this warning, Minikube can still start if images are cached or later loaded manually.

Verify Cluster Status

minikube status

Expected Output: - host: Running - kubelet: Running - apiserver: Running
Also verify Kubernetes access:

kubectl cluster-info
kubectl get nodes

Fix for Docker Context & Environment Issue (VERY IMPORTANT)

Sometimes Minikube fails due to wrong Docker context.
Run these commands in every new terminal:

Remove-Item Env:DOCKER_HOST
echo $Env:DOCKER_HOST

docker context use desktop-linux
This ensures Minikube uses Docker Desktop correctly.

Manual Image Pull Fix (Registry Access Issue)
If Minikube cannot pull images automatically, do this manually.
Pull Kubernetes Images Using Docker

docker pull registry.k8s.io/kube-apiserver:v1.34.0
docker pull registry.k8s.io/kube-controller-manager:v1.34.0
docker pull registry.k8s.io/kube-scheduler:v1.34.0
docker pull registry.k8s.io/kube-proxy:v1.34.0
docker pull registry.k8s.io/coredns/coredns:v1.12.1
docker pull registry.k8s.io/etcd:3.6.4-0
docker pull registry.k8s.io/pause:3.10.1
docker pull registry.k8s.io/k8s-minikube/storage-provisioner:v5
docker pull docker.io/kicbase/stable:v0.0.48

Load Images into Minikube

minikube image load registry.k8s.io/kube-apiserver:v1.34.0
minikube image load registry.k8s.io/kube-controller-manager:v1.34.0
minikube image load registry.k8s.io/kube-scheduler:v1.34.0
minikube image load registry.k8s.io/kube-proxy:v1.34.0
minikube image load registry.k8s.io/coredns/coredns:v1.12.1
minikube image load registry.k8s.io/etcd:3.6.4-0
minikube image load registry.k8s.io/pause:3.10.1
minikube image load registry.k8s.io/k8s-minikube/storage-provisioner:v5
minikube image load docker.io/kicbase/stable:v0.0.48

Restart Minikube Cleanly

minikube delete
minikube start --driver=docker --force

Creating Your First Pod (YAML Way)
Apply Nginx Pod

kubectl apply -f nginx-pod.yaml

Check Pod Status

kubectl get pods

Expected flow: - ContainerCreating → Running

Access Pod Using Port Forwarding

kubectl port-forward pod/nginx-pod 8080:80

Now open browser:
http://localhost:8080

Pod Lifecycle Commands
Describe Pod (Debugging)

kubectl describe pod nginx-pod

Delete Pod

kubectl delete pod nginx-pod

Deployment (Recommended Way)
Create Deployment

kubectl create deployment web --image=nginx

Check Status

kubectl get deployments
kubectl get pods

Scaling Application
Scale Up

kubectl scale deployment web --replicas=3
kubectl get pods

Scale Down

kubectl scale deployment web --replicas=1

Self‑Healing Demo
Delete any pod manually:

kubectl delete pod <pod-name>

Expose Application (Service)

kubectl expose deployment web --type=NodePort --port=80
kubectl get services

Access Application

minikube service web

Cleanup Commands

kubectl delete service web
kubectl delete deployment web

Stop & Delete Cluster

minikube stop
minikube delete

Generic kubectl Command Reference
Delete Resources

kubectl delete pod <pod-name> -n <namespace> 
//kubectl delete pod nginx-pod -n default

kubectl delete deployment <deployment-name>
//kubectl delete deployment nginx-deployment

kubectl delete namespace <namespace-name>
//kubectl delete namespace dev

kubectl delete configmap <configmap-name>
//kubectl delete configmap app-config

Create Resources

kubectl create <resource-type> <name>

Examples for creating different resources:

🔹 Create a Namespace

kubectl create namespace dev

🔹 Create a Deployment

kubectl create deployment nginx-deployment --image=nginx

🔹 Create a Pod (quick test)

kubectl run test-pod --image=nginx

🔹 Create a ConfigMap (from literal)

kubectl create configmap app-config \
  --from-literal=APP_ENV=production

Get / View Resources

kubectl get <resource-type>

Examples of get/view different resources:

🔹 Get Pods

kubectl get pods

🔹Specific namespace:

kubectl get pods -n dev

🔹 Get Deployments

kubectl get deployments

🔹 Get All Resources

kubectl get all

🔹 Get ConfigMaps

kubectl get configmap

🔹 Detailed Info (VERY useful)

kubectl describe pod nginx-pod
kubectl describe deployment nginx-deployment

Important Beginner Tips

✅ Always check namespace when working with pods
✅ Use kubectl describe when something fails
✅ Prefer Deployment over Pod in real projects
✅ If Minikube fails → delete and restart cleanly

Summary

You have successfully: - Installed Minikube - Fixed Docker & registry issues - Created pods and deployments - Exposed services - Understood scaling & self‑healing.

Check out the next part which has covered more about kubernetes!😊

Your First Mini Terraform Project: Install, Configure, and Deploy on AWS

Krisha Arya — Tue, 02 Dec 2025 18:20:05 +0000

🌟 What is Terraform?

Terraform by HashiCorp is an Infrastructure as Code (IaC) tool used to:

✔ Provision AWS / Azure / GCP resources
✔ Automate infrastructure
✔ Maintain repeatable, version-controlled deployments
✔ Destroy and recreate resources easily

It uses its own DSL called HCL (HashiCorp Configuration Language).

In this guide, we will:

Install Terraform
Configure AWS access
Create a Terraform project
Deploy AWS infrastructure

Step 1: Install Terraform on Ubuntu

sudo apt update
sudo apt install -y wget unzip

Download Terraform binary:

wget https://releases.hashicorp.com/terraform/1.6.3/terraform_1.6.3_linux_amd64.zip
unzip terraform_1.6.3_linux_amd64.zip
sudo mv terraform /usr/local/bin/
terraform -v

You should now see Terraform version.

Step 2: Install AWS CLI

sudo apt install -y awscli
aws --version

Step 3: Configure AWS Credentials

aws configure

You will be prompted:

Enter AWS Access Key ID     : AKIAS4UYMELDA4JHKVP4
Enter AWS Secret Access Key : 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
Default region name         : ap-south-1
Default output format       : json

Note: You can get "AWS Access Key ID" and "AWS Secret Access Key" by following this path (either create or get if already created):

AWS Console → IAM → Users → Your User → Security Credentials → Access Keys → Create Access Key

Also, decide default region name according to nearest data center of your region.

Step 4: Create Terraform Project Structure

mkdir terraform_demo
cd terraform_demo

Your folder structure will be:

terraform_ansible_demo/
└── terraform/
├── provider.tf
├── main.tf
├── variables.tf
├── terraform.tfvars
└── outputs.tf

Step 5: Write Terraform Files

provider.tf

provider "aws" {
  region = var.region
}

In this file, we define which provider we are going to use.

variables.tf

variable "region" {}
variable "instance_type" {}
variable "key_name" {}

In this file, we are going to define all variables which have been used in provider.tf and main.tf files.

terraform.tfvars

region        = "ap-south-1"
instance_type = "t2.micro"
key_name      = "nagios"

In this file, we are going to define actual value of variables which have been defined in variables.tf file.

main.tf

resource "aws_instance" "web" {
  ami           = "ami-0a0f1259dd1c90938"
  instance_type = var.instance_type
  key_name      = var.key_name

  tags = {
    Name = "Terraform-Web"
  }
}

This is the main code file where we define all setups or configurations we want for EC2 instances.

Note: For getting ami, you need to run below command to get correct ami of your selected region.

For latest Ubuntu AMI (preferred):

aws ec2 describe-images --owners canonical --filters "Name=name,Values=ubuntu/images/hvm-ssd/ubuntu-*" --query 'Images[*].[ImageId,Name]' --output table

For latest Amazon Linux 2 AMI:

aws ec2 describe-images --owners amazon --filters "Name=name,Values=amzn2-ami-hvm-*-x86_64-gp2" --query 'Images[0].ImageId' --output text

Then after, select latest one!

outputs.tf

output "public_ip" {
  value = aws_instance.web.public_ip
}

This file saves the output we get after running "terraform apply" command.

Step 6: Initialize Terraform

cd ~/terraform_demo/terraform
terraform init

Step 7: Generate an Execution Plan

terraform plan

It will show what Terraform is going to create.

Step 8: Apply & Create Infrastructure

terraform apply

Type yes.
You will get the public EC2 IP at the end.

🎉 Terraform Setup Completed!

You now have infrastructure deployed fully automatically.

How to Deploy a Web App Using Ansible in 10 Minutes

Krisha Arya — Tue, 02 Dec 2025 16:47:11 +0000

💡 What is Ansible?

Ansible is a powerful automation tool used for:

✔ Server configuration
✔ Application deployment
✔ Orchestration
✔ Multi-server management

It works over SSH, requires no agent, and uses YAML playbooks to automate tasks.
Ansible is extremely popular in DevOps because of its simplicity and agentless architecture.

In this guide, you will learn:

How to install Ansible
How to set up a project structure
How to create inventory files
How to write playbooks
How to deploy a web page using Ansible

Step 1: Install Ansible on Ubuntu

sudo apt update
sudo apt install ansible -y
ansible --version

Step 2: Create Ansible Project Structure

Create project folder:

mkdir ansible_demo
cd ansible_demo

Create inventory & playbooks directories:

mkdir inventory playbooks

Create inventory file:

cd inventory
touch hosts.ini

Create playbook file:

cd ../playbooks
touch web_prac.yml

Step 3: Add SSH Key to the Project

In the project root directory:

cd ..
mkdir ssh
cd ssh
touch nagios.pem

Paste your PEM key content into nagios.pem.
Then assign secure permissions:

chmod 600 nagios.pem

Step 4: Test SSH Connection with PEM

ssh -i ssh/nagios.pem ubuntu@ip_address_of_any_instance

If you successfully log in → connection OK.

Step 5: Create Files Folder for Static Content

This is used when deploying frontend assets (like index.html):

cd ../playbooks
mkdir files
cd files
touch index.html

You can add your HTML content inside index.html.

Step 6: Sample Playbook (web_prac.yml)

Inside ansible_demo/playbooks/web_prac.yml

---
- name: Setup Web Server
  hosts: webserver
  become: yes

  tasks:

    - name: Install NGINX
      apt:
        name: nginx
        state: present
        update_cache: yes

    - name: Copy index.html to web server
      copy:
        src: files/index.html
        dest: /var/www/html/index.html
        owner: www-data
        group: www-data
        mode: '0644'

    - name: Start and enable NGINX
      service:
        name: nginx
        state: started
        enabled: yes

Step 7: Inventory File — hosts.ini

Inside ansible_demo/inventory/hosts.ini

[webserver]
13.201.29.244 

ansible_user=ubuntu 
ansible_ssh_private_key_file=../ssh/nagios.pem

Step 8: Run the Ansible Playbook

From the ansible_demo directory:

ansible-playbook -i inventory/hosts.ini playbooks/web_prac.yml

If successful →
✔ NGINX installed
✔ index.html deployed
✔ Web server active

Step 9: Verify on Browser

Open:

http://ip_address_of_instance

You should see your index.html content served via NGINX.

🎉 Final Result

By the end of this guide, you have:

Installed Ansible
Created a professional project structure
Created an inventory file
Created a YAML playbook
Added SSH key for authentication
Automated deployment of a web page

How I Installed Nagios on EC2 and Created My Own Disk Monitoring Plugin

Krisha Arya — Tue, 02 Dec 2025 10:24:56 +0000

🌟 What is Nagios?

Nagios is a powerful open-source monitoring tool used to track:
✔ Server health
✔ Services (SSH, HTTP, CPU, disk, memory)
✔ Network devices
✔ Custom application metrics

It alerts you instantly when a service goes down.
Nagios is widely used in DevOps and IT operations for real-time monitoring.

In this guide, you’ll learn:

How to install Nagios Core on AWS EC2
How to configure hosts & services
How to create your own custom Nagios plugin (disk monitoring)
How to validate & restart Nagios configuration

Step 1: Launch an AWS EC2 Ubuntu Instance

Use Ubuntu 22.04 with port 80 open in security groups (for web UI).

Step 2: SSH into Your EC2 Instance

(Open your window powershell)

ssh -i yourkey.pem ubuntu@EC2_PUBLIC_IP

Step 3: Install Required Packages

sudo apt update && sudo apt upgrade -y
sudo apt install -y build-essential libgd-dev openssl libssl-dev unzip apache2 php libapache2-mod-php

Step 4: Create Nagios User & Groups

sudo useradd nagios
sudo groupadd nagcmd
sudo usermod -aG nagcmd nagios
sudo usermod -aG nagcmd www-data

Step 5: Download & Extract Nagios Core

cd /tmp
wget https://github.com/NagiosEnterprises/nagioscore/releases/download/nagios-4.4.14/nagios-4.4.14.tar.gz
tar -xzvf nagios-4.4.14.tar.gz
cd nagios-4.4.14

Step 6: Configure & Compile Nagios

./configure --with-command-group=nagcmd
make all
sudo make install
sudo make install
sudo make install-init
sudo make install-commandmode
sudo make install-config
sudo make install-webconf
sudo a2enmod cgi
sudo systemctl restart apache2

Step 7: Set Nagios Admin Login

sudo htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
sudo systemctl restart apache2

Step 8: Install Nagios Plugins

cd /tmp
wget https://nagios-plugins.org/download/nagios-plugins-2.3.3.tar.gz
tar -xzvf nagios-plugins-2.3.3.tar.gz
cd nagios-plugins-2.3.3
./configure --with-nagios-user=nagios --with-nagios-group=nagcmd
make
sudo make install

Step 9: Start & Enable Nagios

sudo systemctl start nagios
sudo systemctl enable nagios
sudo systemctl status nagios

Nagios UI will be available at:

👉 http://EC2_PUBLIC_IP/nagios
Login: nagiosadmin

Step 10: Create Custom Configuration File

sudo nano /usr/local/nagios/etc/objects/nagios_demo.cfg

Open main Nagios config:

sudo nano /usr/local/nagios/etc/nagios.cfg

Add your config file:

cfg_file=/usr/local/nagios/etc/objects/nagios_demo.cfg

Step 11: Define Hosts & Services in nagios_demo.cfg

Note: We can define more than one host and service in same nagios_demo.cfg file.

sudo nano /usr/local/nagios/etc/objects/nagios_demo.cfg

Define two hosts:

define host{
    use                    linux-server
    host_name              nagios-prac
    address                172.31.34.62
    max_check_attempts     5
}

define host{
    use                    linux-server
    host_name              nagios-prac1
    address                172.31.34.62
    max_check_attempts     5
}

Define SSH service:

define service{
    use                    generic-service
    host_name              nagios-prac
    service_description    SSH
    check_command          check_ssh
}
define service{
    use                    generic-service
    host_name              nagios-prac1
    service_description    SSH
    check_command          check_ssh
}

Define HTTP (Ping) service:

define service{
    use                    generic-service
    host_name              nagios-prac
    service_description    HTTP
    check_command          check_ping!100.0,20%!500.0,60%
}

Note: We are defining all these in same file i.e nagios_demo.cfg

Step 12: Create Custom Disk Check Plugin

Nagios allows custom plugins, so let’s create one for disk usage.

sudo nano /usr/local/nagios/libexec/check_disk_custom.sh

Add:

#!/bin/bash

DISK_USAGE=$(df / | grep / | awk '{print $5}' | sed 's/%//')
WARN=$1
CRIT=$2

if [ "$DISK_USAGE" -ge "$CRIT" ]; then
    echo "CRITICAL - Disk usage ${DISK_USAGE}% | usage=${DISK_USAGE}"
    exit 2
elif [ "$DISK_USAGE" -ge "$WARN" ]; then
    echo "WARNING - Disk usage ${DISK_USAGE}% | usage=${DISK_USAGE}"
    exit 1
else
    echo "OK - Disk usage ${DISK_USAGE}% | usage=${DISK_USAGE}"
    exit 0
fi

Make executable:

sudo chmod +x /usr/local/nagios/libexec/check_disk_custom.sh

Step 13: Register Custom Command in commands.cfg

sudo nano /usr/local/nagios/etc/objects/commands.cfg

Add:

define command {
    command_name    check_disk_custom
    command_line    /usr/local/nagios/libexec/check_disk_custom.sh $ARG1$ $ARG2$
}

Step 14: Create Service Entry for Disk Monitoring

Make any service and use this command inside nagios_demo.cfg

define service {
    use                     generic-service
    host_name               nagios-prac
    service_description     Disk Load
    check_command           check_disk_custom!-w 20% -c 10%
}

Step 15: Validate Configuration

sudo /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

If no errors -> restart nagios

sudo systemctl restart nagios

🎉 Final Output

Your Nagios dashboard will now show:

✔ Host status
✔ SSH monitoring
✔ Ping/HTTP monitoring
✔ Disk monitoring using your custom plugin
✔ Alerts for Warning/Critical states

From Zero to Automation: Setting Up Puppet Master & Agent on AWS EC2

Krisha Arya — Tue, 02 Dec 2025 09:31:57 +0000

🔹 What is Puppet?

Puppet is an open-source configuration management and automation tool used to manage infrastructure at scale.
It helps you:

Automate software installation
Enforce system configuration
Manage thousands of servers consistently
Reduce manual repetitive tasks

Using Puppet, you define your server state in manifests (written in Puppet DSL), and Puppet ensures your system always stays in that state.

In this guide, we’ll set up:
✔️ Puppet Master
✔️ Puppet Agent
✔️ A demo module that installs NGINX and serves a custom webpage

All using AWS EC2 Ubuntu 22.04 instances.

Step 1: Launch Two AWS EC2 Instances

You need:

1 Puppet Master
1 Puppet Agent
Use Ubuntu 22.04 and open required ports (SSH, HTTP).

Step 2: Configure the Puppet Master (puppetmaster)

(Open your window powershell)
✔ SSH into master

ssh -i "C:\Users\User\Downloads\nagios.pem" ubuntu@15.206.178.143

Note: "C:\Users\User\Downloads\nagios.pem" is your nagios.pem file path and "15.206.178.143" is AWS EC2 instance of puppetmaster.

✔ Set hostname

sudo hostnamectl set-hostname puppetmaster

✔ Update /etc/hosts

sudo nano /etc/hosts

Add:

<ip-address-of-puppetmaster-ec2-instance> puppetmaster puppet
<ip-address-of-puppetagent-ec2-instance> puppetagent

Install Puppet Server

wget https://apt.puppet.com/puppet8-release-jammy.deb
sudo dpkg -i puppet8-release-jammy.deb
sudo apt update
sudo apt install puppetserver -y

✔ Enable + start service:

sudo systemctl enable puppetserver
sudo systemctl start puppetserver
sudo systemctl status puppetserver

Sign Agent Certificate (Will be used later)

sudo /opt/puppetlabs/bin/puppetserver ca list
sudo /opt/puppetlabs/bin/puppetserver ca sign -all

Step 3: Configure Puppet Agent (puppetagent)

(Open another window powershell)

✔ SSH into agent

ssh -i "C:\Users\User\Downloads\nagios.pem" ubuntu@3.108.65.97

Note: "C:\Users\User\Downloads\nagios.pem" is your nagios.pem file path and "15.206.178.143" is AWS EC2 instance of puppetagent.

✔ Set hostname

sudo hostnamectl set-hostname puppetagent

✔ Update /etc/hosts

sudo nano /etc/hosts

Add:

<ip-address-of-puppetmaster-ec2-instance> puppetmaster puppet
<ip-address-of-puppetagent-ec2-instance> puppetagent

Install Puppet Agent

wget https://apt.puppet.com/puppet8-release-jammy.deb
sudo dpkg -i puppet8-release-jammy.deb
sudo apt update
sudo apt install puppet-agent -y

Update Puppet Configuration (puppet.conf)

sudo nano /etc/puppetlabs/puppet/puppet.conf

Add:

[main]
certname = puppetagent
server = puppet
environment = production

▶ Start Puppet Agent

sudo systemctl enable puppet
sudo systemctl start puppet
sudo /opt/puppetlabs/bin/puppet agent -t #this command send request for certificate signup to master

Step 4: Create a Puppet Module (sample_nginx)

sudo nano /etc/puppetlabs/code/environments/production/modules/sample_nginx

Folder Structure:

sample_nginx/
├── manifests
│ └── nginx.pp
└── templates
└── index.erb

nginx.pp (Manifest File)

class sample_nginx::nginx {
  package { 'nginx':
    ensure => installed,
  }

  file { '/var/www/html/index.html':
    ensure  => file,
    content => template('sample_nginx/index.erb'),
  }

  service { 'nginx':
    ensure => running,
    enable => true,
    require => Package['nginx'],
  }
}

Step 5: Update site.pp to Apply This Class

sudo nano /etc/puppetlabs/code/environments/production/manifests/site.pp

Add:

node default {
  include sample_nginx::nginx
}

Step 6: Write Template File (index.erb)

<h1>Hello from Puppet NGINX!</h1>
<p>This is a custom page managed by Puppet.</p>

Step 7: Restart Master and Run Agent

On Master

sudo systemctl restart puppetserver

On Agent

sudo /opt/puppetlabs/bin/puppet agent -t

On Master

sudo /opt/puppetlabs/bin/puppetserver ca list
sudo /opt/puppetlabs/bin/puppetserver ca sign --all

If everything is correct:

✔ NGINX will be installed
✔ Custom page will appear at /var/www/html/index.html
✔ Puppet will manage service → auto-start + running

🎉 Final Output

You can now visit:

👉 http://AGENT_PUBLIC_IP
You will see:

Hello from Puppet NGINX!
This is a custom page managed by Puppet.

Hello everyone! Hope you’re all doing well. I’ve been exploring AWS and serverless lately, and I enjoy sharing clear, simple explanations of what I learn. Looking forward to good discussions and connecting with like-minded people here!

Krisha Arya — Thu, 20 Nov 2025 16:09:55 +0000

Serverless Made Simple: Why Lambda Is Changing the Future of Cloud

Krisha Arya — Thu, 20 Nov 2025 16:04:05 +0000

What is Serverless?

Serverless does NOT mean “there are no servers.
It means...
You don't manage the servers. AWS manages everything for you.

You only write code, and AWS handles:

servers
scaling
uptime
patches
networking
infrastructure

You pay only when your code runs.

Let's understand with example...

Imagine you want to run a function.
Instead of buying a computer, you ask AWS:
‘Please run this code whenever needed.’
AWS does the rest.

Why Serverless Exists?

Before serverless:

you must choose server size
you must keep it running
you must pay 24/7
you must scale manually
you must monitor and reboot

With serverless:

no servers to manage
no scaling worries
no idle costs
automatically handles millions of users
ideal for APIs, cron jobs, triggers

What is AWS Lambda?

AWS Lambda is THE most famous serverless service.

Lambda = run your code without servers.

You upload your code → AWS executes it when needed → you pay only for milliseconds used.

How Lambda works???

                     Event Occurs
                           |
                  Lambda (Runs Code)
                           |
                        Output

Examples of events that trigger Lambda:

API call from API Gateway
File uploaded to S3
DynamoDB table change
SNS message
SQS queue message
CloudWatch cron job
IoT event

Let's understand how Lambda executes code internally!

Firstly, any event happens. Like user hits button or login API.
Lambda who was sleeping,wakes up!
User code executes.
Lambda return results or writes to database.
Lambda goes for sleep again!(shuts down..no server stays running)

Cold Start vs Warm Start (Important)

When a Lambda function runs, AWS needs to prepare an execution environment for it.
This environment includes:

CPU + memory allocation
Runtime setup (Node/Python/Java…)
Your code loading
Dependencies loading (npm, libs, etc.)
Environment variables
Network setup (VPC ENI if used)

Depending on whether this environment already exists or not, Lambda behaves differently.

COLD START

A cold start happens when:

It’s the first time Lambda is running
Lambda hasn’t been used for some time
Lambda is deployed new version
AWS scaled up and needed new containers
You changed VPC settings (most costly cold starts)

Because Lambda doesn’t keep containers alive forever.
It sleeps after inactivity to save cost.

Also when traffic spikes:

If suddenly 1000 users come at once → AWS creates 1000 fresh containers → cold starts for many.

WARM START

A warm start happens when AWS already has a prepared container for your Lambda.

Meaning:

Lambda ran recently
AWS kept the container alive (in warm pool)
No setup needed
Code executes instantly

AWS keeps Lambda containers warm for some minutes (usually 5–15 minutes), hoping the function will be used again.

Understand with a simple story...

Warm Start - Suppose a gas stove is already hot and you can cook immediately.
Cold Start - Suppose a gas stove is cold and you must light it,heat it and then start cooking.

Lambda vs EC2

Feature	Lambda	EC2
Server Management	None	You manage
Pricing	Pay per execution	Pay per hour
Scaling	Automatic	Manual/Auto scaling
Ideal For	Small bursts, events	Heavy apps, long-running apps
Always running?	No	Yes
Cold start	Yes	No
Control Level	Low	High
OS access	No	Yes

When to Use Lambda?

Use Lambda when:

You need API endpoints.
You want event-driven apps.
You only need code to run occasionally.
You want low cost.
You want no server maintenance.

When NOT to Use Lambda?

Use EC2 instead if:

You need app running 24/7
You have heavy CPU tasks
You need custom OS configurations
You want to host databases or big backend apps
You need persistent connections (sockets, games, chat servers)

What is the Serverless Framework?

The Serverless Framework is a tool used to create and deploy serverless apps easily.So, instead of:

creating Lambda manually
adding triggers manually
connecting API Gateway manually
configuring permissions manually

❗ Serverless Framework does everything for you.

File syntax is something like this:

service: my-service
provider:
  name: aws
  runtime: nodejs18.x

functions:
  hello:
    handler: handler.hello
    events:
      - http:
          path: hello
          method: get

Then, we run below command on terminal:

serverless deploy

And boom 💥
It creates:

Lambda
API Gateway routes
Permissions (IAM roles)
Logs (CloudWatch)
And deploys everything

Serverless Framework = DevOps Shortcut

It automates:

Packaging code
Creating CloudFormation
Deploying Lambda
Creating APIs
Versioning
Permissions
Environment variables
Stages (dev, prod, test)

Very popular in companies for serverless architectures.

Let's see complete architecture!

Overview of the Most Commonly Used AWS Services

Krisha Arya — Wed, 19 Nov 2025 17:06:06 +0000

Hello everyone, I am going to explain the most commonly used AWS cloud tools in a simple and easy way. These AWS services are widely used in real companies to build websites, mobile apps, APIs, and large cloud systems.

Let’s begin exploring the AWS world in the simplest way possible.

What is AWS?

It is a cloud platform created by Amazon. It gives many tools to build apps, websites, databases, servers, storage and many more without buying any physical machine.
Suppose, instead of buying your own computer, storage, or servers, you borrow them from Amazon whenever you need them. You use them online, pay only for what you use, and Amazon takes care of everything. If your app gets 1 → 10 → 10,000 → 10,00,000 users, AWS automatically handles the load.

Let’s start by explaining tools now:

What is Amazon EC2?

EC2 is basically a virtual computer that lives inside AWS. You don’t buy a physical computer…
AWS gives you one through the internet.

Why EC2 exists?

Before cloud:
• Companies had to buy servers
• Pay for electricity
• Maintain cooling
• Handle hardware failures
With EC2:
• No hardware needed
• Pay only when ON
• Can start/stop anytime
• AWS takes care of everything
Example:
You want to run services like frontend, backend, monitoring system like Nagios, we can do by deploying their codes and configurations on EC2.

What is a Security Group?

Security Group = A firewall (gatekeeper) for your AWS resources.
It decides:
• Who can enter
• Which port they can use
• Which IP they come from
Simple words:
A Security Group controls which traffic is ALLOWED into your EC2, RDS, or other AWS services.
It controls Inbound rules (incoming traffic to your server) and outbound rules (outgoing traffic from your server).

INTERNET --> SECURITY GROUPS --> (decides which one to allow) --> EC2 INSTANCE

What is VPC?

It is Virtual Private Cloud. Our own private network inside AWS. Imagine AWS is a big city.
Inside this city, VPC is your own house with rooms, doors, windows, and boundary walls.

Why VPC Exists?
Because companies need:
• Private space
• Secure network
• Separate environments
• Control over traffic
VPC gives you:
✔ isolation
✔ security
✔ network control
✔ full customization

VPC (House)
├─ Subnets (Rooms)
│ ├─ Public Subnet (Room with window i.e has internet access)
│ └─ Private Subnet (Room with no window i.e no internet access)
├─ Route Table (decides traffic will go to which path)
├─ Internet Gateway (main gate of house. Decides who are allowed.)
├─ NAT Gateway (Private rooms/private subnets use this to communicate safely)
├─ Security Groups (firewall rules, applies to house doors)
└─ NACLs (firewall rules, applies to subnets)

                 INTERNET
                     |
              Internet Gateway
                     |
           ---------------------
           |     VPC Network   |
           |-------------------|
           |                   |
  Public Subnet           Private Subnet
 (frontend servers)     (databases, backend)
           |                   |
      Route Table         Route Table
           |                   |
           |              NAT Gateway
           |                   |
           ------- OUTBOUND to Internet

What is API Gateway?

API Gateway is the front door for your backend.
It receives API requests from users → checks them → sends them to the correct service like:
• Lambda
• EC2
• ECS
• DynamoDB
• Any backend endpoint
Think of it as a traffic police standing at your application's entry point.
Your app has many APIs:
• /login
• /signup
• /products
• /cart
• /orders
Without API Gateway:
Every API needs separate firewall, domain, rate limit → mess.
With API Gateway:
One single entry point handles everything.

User ---> API Gateway ---> Lambda / EC2 / Database

What is Lambda?

Lambda allows you to run your code without having a computer running all the time.
Lambda is like a magic box. You put your code inside it. Whenever something happens, the box wakes up, runs your code, and goes back to sleep.It is serverless as we don't need to configure function , it will do for ourself unlike EC2. But slower than EC2 because it goes for sleep after finishing the work and wake up while calling (which takes some time).

Event (like someone clicking button) --> AWS Lambda (runs code)-->
Output

What is Route 53?

When you type a website name, something needs to tell the internet "Where is this website?".
Route 53 does that job.
Route 53 is like a phonebook for websites. You ask: 'Where is www.yourWebsite.com?' and Route 53 tells you the correct address.

You type: www.yourWebsite.com -->Route 53--> Gives server address

What is CloudFront?

CloudFront stores copies of your website around the world so users get fast loading.
CloudFront is like keeping your toys in every room. So no matter where you are, you get your toy fast!

CloudFront Edge Locations
/ | | \
User--Fast Fast Fast Fast

What is CloudFormation?

You write a YAML file saying what resources you want. AWS builds everything automatically.
CloudFormation is like giving AWS a blueprint of a house. AWS reads it and builds the whole house for you automatically.

Blueprint (YAML) -->CloudFormation ---> Builds EC2, S3, RDS, etc.

What is DynamoDB?

A fast, serverless database that stores key-value data.
DynamoDB is like a giant table where every row has a key. When you search by key, it gives answer in a blink!

Key: user123 ---> DynamoDB ---> User Data

What is DocumentDB?

DocumentDB is a NoSQL database that stores flexible JSON documents.

Imagine you have a big shelf where every item (document) can look different.
One page may have name + age.
Another page may have name + hobbies.
Another page may have name + skills + phone.

DocumentDB allows different shapes and structures of data.Unlike SQL where rows should be in same form.DocumentDB has no such restriction.
Example:
Document 1: {name, age}
Document 2: {name, hobby}

Feature	DocumentDB	DynamoDB
Data Type	Document JSON	Key-Value
Structure	Flexible	Simple
Queries	Rich queries	Limited
Best for	User profiles, CMS, catalogs	Cart, sessions, OTP, counters
Scaling	Good	Best (serverless)
API	MongoDB API	Dynamo API

What is ElastiCache?

It is the caching service of AWS.Basically,Caching means keeping data in memory (RAM) so you can get it super fast.

AWS offers two engines:
Redis
Memcached

Most companies use Redis, so we will focus more on that.

Your main notebook (database) is kept far away.
But you keep important pages in your pocket for quick access.
Your pocket = CACHE.

ElastiCache = pocket
Database = big notebook

User -> Backend -> Redis (if found then return response) -> Database (if not found in redis)

Now, if you are wondering.....What is memcached???

Feature	Redis	Memcached
Data types	Many (lists, sets, hashes)	Only strings
Expiry	Yes	Yes
Persistence	Yes	No
Pub/Sub	Yes	No
Use cases	Sessions, cache, leaderboard	Simple cache only
Popularity	Very high	Less

Redis = Swiss Army Knife
Memcached = Simple Spoon

What is Amazon RDS?

RDS = Relational Database Service
It is AWS’s way of giving you SQL databases without you needing to install or manage them.

Imagine you want a school notebook (database) where everything is neatly written in rows and columns.

Amazon gives you a ready-made notebook.
You just write data — Amazon takes care of keeping it clean, safe, and backed up.

That notebook = RDS

Why do companies use RDS?
Because AWS handles the difficult parts:
No installation
No updates
No backups
No maintenance
No server problems
No hardware issues

AWS handles EVERYTHING.

You only:
Store data
Read data
Query data

What is Amazon Aurora?

It is super-fast upgraded version of MySQL/PostgreSQL provided by AWS.It behaves like MySQL/Postgres.BUT is 3x to 5x faster, more secure, more reliable, and auto-scaling.

Why Aurora Exists?

Because normal RDS MySQL/Postgres becomes slow
when:

thousands of users come
queries get heavy
traffic spikes
big companies run large apps

Aurora solves everything.

Simple Explanation

Aurora stores 6 copies of your data:

2 copies in AZ-1
2 copies in AZ-2
2 copies in AZ-3

So even if:

1 disk fails → safe
1 AZ fails → still safe
2 copies fail → still safe

Your data is ALWAYS safe.

Feature	RDS	Aurora
Speed	Normal	3–5x faster
Durability	1-2 copies	6 copies in 3 AZs
Failover	Slow	Instant
Scaling	Limited	Automatic
Recovery	Slow	Very fast
Cost	Lower	Slightly higher
Ideal For	Small-medium apps	High traffic apps

What is SNS?

SNS = Simple Notification Service
It is AWS’s messaging system used to send:
Notifications
Emails
SMS
Alerts
Messages to Lambda
Messages to SQS

SNS follows a pub-sub model

(Publisher → Topic → Subscribers)
|
(Topic- A “group” created to send messages to many receivers.)

Imagine a teacher shouting one announcement in class,
and ALL students hear it at the same time.”

Teacher = Publisher
Announcement = Message
Students = Subscribers
Classroom = SNS Topic

One message → many receivers
This is SNS.

Note: SNS uses push, meaning:
Messages automatically go to subscribers.
You do NOT need to check or request the message.

Publisher (Order Placed)
|
v
SNS Topic
/ | \
Email SMS Lambda

What is SQS?

SQS = Simple Queue Service
It is AWS’s message queue used to store messages temporarily until a worker (Lambda/EC2) processes them.
SQS = Line/Queue system
One message → processed by one worker at a time.

Imagine kids standing in a line at school.
Teacher checks each kid one by one.”

That line = SQS queue
Each kid = message
Teacher = worker (Lambda/EC2)

No one can jump the line.
No one can skip.
First come → first served.

Why SQS Exists?
Because backend tasks cannot be done all at once.

Example tasks:
Process orders
Resize images
Compress files
Generate invoices
Send bulk emails

Doing these instantly = slow + heavy load.
So they go in a queue, worker processes them one by one.

Messages → [ SQS Queue ] → Worker → Processed

Order Placed --> SNS --> SQS --> Lambda Worker --> invoice, email, updates...

Feature	SNS	SQS
Type	Pub-sub	Queue
Delivery	Push	Pull
Receivers	Many	One
Use	Notifications	Background tasks
Message	Broadcast	Process sequentially

What is CloudWatch?

It is monitoring and logging system of AWS.It keeps an eye on all your AWS services and tells you:

What is running?
What is failing?
What errors happened?

Imagine your house has CCTV cameras, a thermometer, and an alarm.
The thermometer tells if the room is hot
The CCTV tells what is happening
The alarm tells when something is wrong.

This whole system = CloudWatch.

Why CloudWatch Exists?

Because companies need to know:
Is the system healthy?
Is the server overloaded?
Are errors increasing?
Should we auto-scale?
Should admin be alerted?

Without CloudWatch →
You are blind.

With CloudWatch →
You can see everything happening in your AWS environment.

Main Features of CloudWatch

Metrics (Performance numbers) CloudWatch automatically collects numbers like:

CPU %
Memory
Network usage
Disk usage
Lambda duration
API Gateway errors
DynamoDB read/write errors

Logs Collects logs from:

Lambda
API Gateway
EC2
ECS
RDS
Custom apps

Alarms You can set alarms like:

CPU > 80% → send alert
Errors > 10 → notify
Lambda failures → alert
Low disk space → alert

Dashboards
Visual charts for your whole system.
Events / EventBridge
Trigger actions on events like:

EC2 stop/start
Backup success
User login
Auto-scaling events

                EC2 Metrices/Lambda Logs/API Errors
                                 |
                             CloudWatch
                                 |
                                SNS
                                 |
                             Email/SMS

What is CloudTrail?

It is activity recorder of AWS.
It records:

Who did what
When it was done
From where
On which resource
Using which AWS API

Imagine your school keeps a diary that notes:

Who entered classroom
Who took which book
Who used the computer
Who changed something

This diary = CloudTrail.”
CloudTrail records EVERY action done inside your AWS account.

Why CloudTrail Exists?

Companies need:
Security
Auditing
Detecting unauthorized access
Debugging issues
Compliance (ISO, PCI, GDPR)
Tracing mistakes

Example:
Someone accidentally deletes an EC2 instance →
CloudTrail tells you WHO did it and WHEN.

What CloudTrail Tracks?

Logs every API call:
Examples:

EC2 Started
Lambda Updated
S3 Bucket Deleted
RDS Snapshot Created
IAM User Login
Security Group Modified
DynamoDB Table Deleted

Tracks console + CLI + SDK actions
Whether action came from:

AWS Console
CLI
Terraform
API
Everything is recorded.

Tracks IP address
From where the action came.

Tracks time and region
Every action is timestamped.

            +-----------------------------+
            |        Users / AWS CLI      |
            |   (Human or Application)    |
            +--------------+--------------+
                           |
                           |  API Calls (Actions)
                           v
             +-----------------------------+
             |         AWS Services        |
             |  EC2, S3, IAM, Lambda, etc. |
             +--------------+--------------+
                           |
                           |  Every Action Recorded
                           v
             +-----------------------------+
             |         CloudTrail          |
             | (CCTV of AWS — logs every   |
             |  API call, who, when, where)|
             +--------------+--------------+
                           |
                           |  Store Logs
                           v
   +-------------------+                +------------------+
   |      S3 Bucket    |   <optional>   | CloudWatch Logs  |  
   | (Long-term logs)  |--------------- | (For monitoring  |   
   +-------------------+                |   + alerts)      |   
                                        +------------------+

Feature	CloudTrail	CloudWatch
Purpose	Security & Auditing	Monitoring & Performance
Records	“Who did what?”	“How is system behaving?”
Example	User changed SG	CPU = 90%
Used by	Security teams	DevOps teams

So, these were some tools which should be in our knowledge.Let's see final architecture of how all these tools work together.

COMPLETE ARCHITECTURE

                        INTERNET
                            |
                       Route 53     
                     (Domain Name)  
                            |
                       CloudFront   
                     (CDN for Speed)    
                            |                                                     
                     API Gateway    
                     (Entry Door)                        
                            |
          ------------------------------------
          |                                  |                                                      
        Lambda                              EC2            
    (Serverless Code)              (Backend Servers)       

          |                                  |
          |                                  |
          |                                  |
          v                                  v

     DynamoDB                          RDS / Aurora      
(Fast NoSQL Key-Value)                (SQL Database)         
            |                               |
            |                               |
            v                               v
 +-------------------+               +--------------------+
 |   ElastiCache     |               |   DocumentDB       |
 |     (Redis)       |               | (MongoDB-like JSON)|
 +-------------------+               +--------------------+

            |                                      |
            |                                      |
            -----------------+   +------------------
                              v  v
                         +-------------------+
                         |       SNS         |
                         | (Notifications)   |
                         +-------------------+
                                  |
                                  | PUSH
                                  v
                       +----------------------+
                       |         SQS          |
                       | (Background Queue)   |
                       +----------------------+
                                  |
                                  v
                       +-----------------------+
                       |   Lambda Workers      |
                       | (Processes Messages)  |
                       +-----------------------+

 -------------------------------------------------------------
                            OBSERVABILITY
 -------------------------------------------------------------

         +----------------------+    +----------------------+
         |     CloudWatch       |    |    CloudTrail        |
         | (Monitoring, Logs,   |    |(CCTV — Who Did What?)|
         |   Alarms)            |    +----------------------+
         +----------------------+ 
                   |
                   v
              +----------+
              |   SNS    |
              | Alerts   |
              +----------+
                   |
                   v
               EMAIL / SMS

Nagios Core 4.4.6 Installation and Setup on Ubuntu VM

Krisha Arya — Thu, 25 Sep 2025 11:25:21 +0000

Introduction

Nagios is an open-source monitoring system that allows IT administrators to monitor servers, services, and network infrastructure. It provides real-time alerts for failures or threshold breaches, ensuring high availability and reliability. Nagios supports monitoring of host resources (CPU, memory, disk), network services (HTTP, FTP, SMTP), and custom applications.

Purpose of This Setup

The goal of this setup is to install Nagios Core with a web interface on Ubuntu VM to:

Monitor the health and performance of servers and services.
Receive alerts for system failures.
Provide a centralized dashboard for easy monitoring.
Gain practical experience with Linux system administration, service monitoring, and web-based dashboards.

1. System Update & Install Prerequisites

sudo apt update
sudo apt install wget unzip curl openssl build-essential libgd-dev libssl-dev \
libapache2-mod-php php-gd php apache2

Installs build tools, Apache web server, PHP, and required libraries.

2. Download & Extract Nagios Core

cd /tmp
wget https://assets.nagios.com/downloads/nagioscore/releases/nagios-4.4.6.tar.gz
sudo tar -zxvf nagios-4.4.6.tar.gz
cd nagios-4.4.6

3. Compile Nagios

sudo ./configure
sudo make all

Prepares the build environment and compiles Nagios.

4. Create Users & Groups

sudo make install-groups-users
sudo usermod -a -G nagios www-data

Creates nagios user and nagcmd group.
Adds Apache user www-data to nagios group for web command access.

5. Install Nagios Core

sudo make install
sudo make install-commandmode
sudo make install-config

Installs Nagios binaries, sets permissions, and copies default configuration files.

6. Install Web Interface

sudo make install-webconf
sudo a2enmod rewrite
sudo a2enmod cgi
sudo systemctl restart apache2

Installs Nagios web files and enables required Apache modules.

7. Configure Firewall

sudo ufw allow apache
sudo ufw enable
sudo ufw reload

Allows HTTP traffic to the Nagios web interface.

8. Set Up Web Authentication

sudo htpasswd -c /usr/local/nagios/etc/htpasswd.users linuxhint

Username: linuxhint
Password: (as entered during command)
Used to log in to the Nagios web dashboard.

9. Install Nagios Plugins

cd /tmp
sudo wget https://nagios-plugins.org/download/nagios-plugins-2.3.3.tar.gz
sudo tar -zxvf nagios-plugins-2.3.3.tar.gz
cd nagios-plugins-2.3.3
sudo ./configure --with-nagios-user=nagios --with-nagios-group=nagios
sudo make install

Plugins enable checks for CPU, memory, disk, network, and services.

10. Verify Nagios Configuration

sudo /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

Ensures all configuration files are correct before starting Nagios.
No errors should appear; check “Total Warnings” and “Total Errors”.

11. Start Nagios

sudo systemctl start nagios

Or manually:

sudo /usr/local/nagios/bin/nagios /usr/local/nagios/etc/nagios.cfg

Starts Nagios monitoring service.

12. Find VM IP Address

hostname -I

Example output: 192.168.171.129
This is the IP to access the Nagios web interface from a browser.

13. Access Nagios Web Interface

Open your browser and go to:

http://<VM-IP>/nagios

Replace <VM-IP> with the IP from the previous step.
Username: linuxhint
Password: (as set in htpasswd)
You will see the Nagios Core dashboard with hosts, services, and alerts.

Summary

This setup provides a fully functional Nagios monitoring environment:

Monitors system metrics, services, and network resources.
Provides real-time alerts to prevent downtime.
Web interface allows centralized monitoring and control.
Prepares users for practical IT monitoring and Linux administration skills.

Motto: “Monitor, Alert, and Maintain — Keeping IT systems healthy and reliable.”

Forem: Krisha Arya

Deploying NGINX on Minikube Using Helm

Environment Details

Objective

Installing Helm on Windows

Method 1: Install using Winget

Method 2: Manual Installation (Alternative)

Verify Helm Installation

Starting Minikube Cluster

Start Minikube

Check Cluster Status

Creating a Helm Chart

Create Chart

Chart Structure

Editing values.yaml

✅ Open file

✅ Replace content with below one.

Installing the Helm Chart

✅ Install Command

Verifying Deployment

🔍 Check Pods

🔍 Check Service

Getting Node IP & NodePort (Manual Way)

Internal Connectivity Test (From Inside Cluster)

❌ BusyBox Test (May Fail)

✅ Correct Alternative (Curl Image)

Accessing Service Using Minikube (Recommended Way)

✅ Command

Summary of Errors & Fixes

Key Learnings (Beginner Friendly)

Conclusion

EKS Cluster Setup, Deployment & LoadBalancer Exposure (Using eksctl) in Kubernetes

Overview

Prerequisites

STEP 1: Verify eksctl Installation

STEP 2: Configure AWS Credentials

🔐 How to Get AWS Access Key ID & Secret Access Key (IAM)

Login to AWS Console

Open IAM (Security Service)

Go to Users

Open Security Credentials

Create Access Key

Copy Access Keys (VERY IMPORTANT)

STEP 3: Verify AWS Identity

STEP 4: Verify Configured Region

STEP 5: Create EKS Cluster with Managed Node Group

What this does:

STEP 6: Update kubeconfig for kubectl

STEP 7: Verify Worker Nodes

STEP 8: Create ConfigMap (Application Configuration)

Initial PowerShell Multiline Error

Correct Command (Single Line)

Verify ConfigMap

STEP 9: Create Pod Using ConfigMap

Create YAML File

config-pod.yaml

Apply Pod

Verify Pod

STEP 10: Create Deployment (Multiple Replicas)

Create Deployment YAML

nginx-deployment.yaml

Apply Deployment

Verify

STEP 11: Expose Deployment Using LoadBalancer

Verify Service

STEP 12: Cleanup Kubernetes Resources

Verify Cleanup

STEP 13: Delete EKS Cluster (MOST IMPORTANT)

What this deletes:

Conclusion

Manual Kubernetes Cluster Setup on AWS (kubeadm + Flannel)

Introduction

Cluster Components

🔹 STEP A: Create AWS EC2 Instances

Instance Details

Instance Names

🔹 STEP B: Configure Security Group (IMPORTANT)

Inbound Rules

🔹 STEP C: Get Public IPs

🔹 STEP D: Prepare SSH Key on Windows (PowerShell)

Editing `values.yaml`

`config-pod.yaml`

`nginx-deployment.yaml`

Update `/etc/hosts` on BOTH nodes

`nginx-deployment.yaml`

`nginx-service.yaml` (NodePort)