The latest articles on Forem by Rahul Kiran Gaddam (@rahgadda). https://forem.com/rahgadda https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F612934%2F7121e832-6993-408b-a1dc-7439ef49ab0a.jpeg https://forem.com/rahgadda en Rahul Kiran Gaddam Mon, 08 Jan 2024 09:02:00 +0000 https://forem.com/rahgadda/running-node-app-on-huggingface-spaces-4f68 https://forem.com/rahgadda/running-node-app-on-huggingface-spaces-4f68 <h2> Overview </h2> <ul> <li>We all wanted to showcase our work, unfortunately, we require a compute instance to run our application.</li> <li>Huggingface is used to store Machine Learning Models and Datasets. It has Spaces that can host your application to showcase your work.</li> <li>In this blog, we will try to learn if we can use it to host Node-based docker applications.</li> </ul> <h2> Steps </h2> <ul> <li>Create your Account on Huggingface <a href="https://huggingface.co/">here</a> </li> <li>Click your profile icon on the right-hand top corner and navigate to <code>New Space</code>. <img src="https://res.cloudinary.com/practicaldev/image/fetch/s--F1l2Dv3E--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/hv6125f5wj4e35lx2ti1.png" alt="New Space" width="222" height="204"> </li> <li>On the new space, select options as listed below <img src="https://res.cloudinary.com/practicaldev/image/fetch/s--5mWBBrG6--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/hlyxshrwzc5akupn42xu.png" alt="New Space Options" width="688" height="892"> </li> <li>In the <code>Readm.me</code> file add update port details on which docker container is exposed <img src="https://res.cloudinary.com/practicaldev/image/fetch/s--UH872srM--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/kurt9lu9za68bdfbj73j.png" alt="Docker Port Details" width="201" height="153"> </li> <li>Create three files <a href="https://huggingface.co/spaces/rahgadda/node-hello/blob/main/index.js">index.js</a>, <a href="https://huggingface.co/spaces/rahgadda/node-hello/blob/main/package.json">package.json</a>, <a href="https://huggingface.co/spaces/rahgadda/node-hello/blob/main/Dockerfile">Dockerfile</a>.</li> <li>System will build the application and host it in your space. U can get the URL by navigating to <code>Space setting</code> -&gt; <code>Embed this Space</code> -&gt; <code>Direct URL</code> </li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--ykE47JYb--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/zr5a2jn7hhp38zcoys4e.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--ykE47JYb--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/zr5a2jn7hhp38zcoys4e.png" alt="Space Settings" width="419" height="284"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--bHEvpMFC--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/6tj1eczgh7jlgo7ecook.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--bHEvpMFC--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/6tj1eczgh7jlgo7ecook.png" alt="URL" width="800" height="325"></a></p> <ul> <li>For reference check out my space <a href="https://huggingface.co/spaces/rahgadda/node-hello/tree/main">here</a> , <a href="https://rahgadda-node-hello.hf.space/">here</a> </li> </ul> <h2> References </h2> <ul> <li><a href="https://huggingface.co/docs/hub/spaces-sdks-docker-first-demo">Official Documentation</a></li> </ul> huggingface webdev docker node Rahul Kiran Gaddam Thu, 22 Sep 2022 14:44:36 +0000 https://forem.com/rahgadda/multi-cloud-networking-e1 https://forem.com/rahgadda/multi-cloud-networking-e1 <h2> Philosophy </h2> <ul> <li>Now Multi cloud is the new reality, because not everything is available with every cloud provider.</li> <li>With this being new reality, we need a mechanism to connect cloud environments and create a internal and secured network.</li> </ul> <h2> Overview </h2> <ul> <li> <a href="https://dev.to/rahgadda/installing-k8-on-arm64-4-cpu-24gb-ram-648">Here</a> was my last post on installing kubernetes using <code>Oracle OCI cloud</code>.</li> <li>Instead of creating a single node, can we create a cluster? can we create this cluster between multiple regions? how will they communicate? </li> </ul> <h3> Network Communication Is a <strong>PROBLEM</strong> &gt;&gt;&gt;&gt; </h3> <p><a href="https://i.giphy.com/media/y1WDIwAZRSmru/giphy.gif" class="article-body-image-wrapper"><img src="https://i.giphy.com/media/y1WDIwAZRSmru/giphy.gif"></a></p> <ul> <li>Answer for all these is VPN or we can try <a href="https://www.netmaker.io/" rel="noopener noreferrer">Netmaker.io</a> </li> </ul> <h2> Installation </h2> <ul> <li>Netmaker works on <code>Client</code> - <code>Server</code> architecture like any other network connectivity resolution applications.</li> <li>We will have a <code>Netmaker Server</code> installed on a server and <code>Netmaker Agent/Client</code> installed on the others.</li> <li>Below installation is done on <code>OCI Arm64 - Oracle Linux</code>, which could not be achieved by following steps <a href="https://github.com/gravitl/netmaker" rel="noopener noreferrer">here</a> </li> <li>Create <code>3 Node</code> where <code>2 Node</code> will act as <code>Agents/Clients</code> and <code>1 Server</code> <ul> <li>All nodes should have <code>Public IP</code> </li> <li>Allow firewall for Ports <strong>443 (tcp): for Traefik</strong> &amp; <strong>51821-518XX (udp): for WireGuard</strong> </li> <li>Register below domains <a href="//freenom.com">freenom</a> <ul> <li><strong>base-domain.extenssion</strong></li> <li>broker-<strong>base-domain.extenssion</strong> </li> <li>api-<strong>base-domain.extenssion</strong> </li> <li>dashboard-<strong>base-domain.extenssion</strong> </li> </ul> </li> </ul> </li> </ul> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fa9ryfd9rkxc5s0pc3j5u.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fa9ryfd9rkxc5s0pc3j5u.png" alt="Image description"></a></p> <h3> Server Installation </h3> <ul> <li>I created below folders <img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Faq3hlojuergwkpbpibdq.png" alt="Image description"> </li> <li>Host </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="nv">PUBLIC_IP</span><span class="o">=</span><span class="si">$(</span>curl <span class="nt">-s</span> ifconfig.me<span class="si">)</span> <span class="nv">PRIVATE_IP</span><span class="o">=</span><span class="si">$(</span><span class="nb">hostname</span> <span class="nt">-I</span> | <span class="nb">cut</span> <span class="nt">-f</span> 1 <span class="nt">-d</span> <span class="s2">" "</span><span class="si">)</span> <span class="nv">DOMAIN_NAME</span><span class="o">=</span><span class="s2">"base-domain.extenssion"</span> <span class="nv">MATCHES_IN_HOSTS</span><span class="o">=</span><span class="s2">"</span><span class="si">$(</span><span class="nb">grep</span> <span class="nt">-n</span> <span class="nv">$PUBLIC_IP</span> /etc/hosts<span class="si">)</span><span class="s2">"</span> hostnamectl set-hostname <span class="nv">$DOMAIN_NAME</span> <span class="k">if</span> <span class="o">[</span> <span class="o">!</span> <span class="nt">-z</span> <span class="s2">"</span><span class="nv">$MATCHES_IN_HOSTS</span><span class="s2">"</span> <span class="o">]</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Host Details Already Exisits"</span> <span class="k">else </span><span class="nb">echo</span> <span class="s2">"Registering Host Details"</span><span class="p">;</span> <span class="nb">echo</span> <span class="s2">"==================================="</span><span class="p">;</span> <span class="nb">cat</span> /dev/null <span class="o">&gt;</span> /etc/hosts<span class="p">;</span> <span class="nb">echo</span> <span class="s2">"127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4"</span> <span class="o">&gt;&gt;</span> /etc/hosts<span class="p">;</span> <span class="nb">echo</span> <span class="s2">"::1 localhost localhost.localdomain localhost6 localhost6.localdomain6"</span> <span class="o">&gt;&gt;</span> /etc/hosts<span class="p">;</span> <span class="nb">echo</span> <span class="s2">"</span><span class="nv">$PRIVATE_IP</span><span class="s2"> </span><span class="nv">$PUBLIC_IP</span><span class="s2"> </span><span class="nv">$DOMAIN_NAME</span><span class="s2">"</span> <span class="o">&gt;&gt;</span> /etc/hosts<span class="p">;</span> <span class="nb">echo</span> <span class="s2">"========Updated Details============"</span><span class="p">;</span> <span class="nb">cat</span> /etc/hosts <span class="nb">echo</span> <span class="s2">"==================================="</span><span class="p">;</span> <span class="k">fi</span> </code></pre> </div> <ul> <li>Firewall </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="c"># -- Disabling firewalld</span> systemctl disable firewalld <span class="c"># -- Enabling iptables</span> yum <span class="nb">install </span>iptables-services <span class="nt">-y</span> systemctl start iptables systemctl <span class="nb">enable </span>iptables <span class="c"># -- Flushing iptables</span> iptables <span class="nt">-F</span> <span class="c"># -- Allowing everthing</span> iptables <span class="nt">-A</span> FORWARD <span class="nt">-j</span> ACCEPT iptables <span class="nt">-A</span> INPUT <span class="nt">-j</span> ACCEPT iptables <span class="nt">-A</span> OUTPUT <span class="nt">-j</span> ACCEPT <span class="c"># -- Saving</span> service iptables save systemctl restart iptables <span class="c"># -- Display Settings</span> iptables <span class="nt">-L</span> <span class="nt">-n</span> </code></pre> </div> <ul> <li>Docker </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="c"># -- Enable kernel modules</span> modprobe overlay modprobe br_netfilter <span class="nb">cat</span> <span class="o">&lt;&lt;</span><span class="no">EOF</span><span class="sh"> | tee /etc/modules-load.d/k8s.conf br_netfilter </span><span class="no">EOF </span><span class="nb">cat</span> <span class="o">&lt;&lt;</span><span class="no">EOF</span><span class="sh"> | tee /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 </span><span class="no">EOF </span>sysctl <span class="nt">--system</span> <span class="c"># -- Disabling Swap Memory</span> swapoff <span class="nt">-a</span> <span class="nb">sed</span> <span class="nt">-i</span> <span class="s1">'/ swap / s/^/#/'</span> /etc/fstab setenforce 0 <span class="nb">sed</span> <span class="nt">-i</span> <span class="s1">'s/^SELINUX=enforcing$/SELINUX=permissive/'</span> /etc/selinux/config <span class="c">## Podman is by default provided, K8 can run on Podman</span> <span class="c">## I was unable to install using Podman and need to move to docker</span> <span class="c"># -- Remove Podman</span> yum remove podman buildah <span class="nt">-y</span> <span class="c"># -- Install Docker</span> <span class="nb">sudo </span>yum <span class="nb">install</span> <span class="nt">-y</span> yum-utils <span class="nb">sudo </span>yum-config-manager <span class="nt">--add-repo</span> https://download.docker.com/linux/centos/docker-ce.repo yum <span class="nb">install</span> <span class="nt">-y</span> docker-ce docker-ce-cli containerd.io <span class="c"># -- Configure Docker</span> systemctl stop docker /usr/sbin/usermod <span class="nt">-a</span> <span class="nt">-G</span> docker opc /usr/sbin/sysctl net.ipv4.conf.all.forwarding<span class="o">=</span>1 systemctl start docker <span class="nb">chmod </span>777 /var/run/docker.sock <span class="nb">tee</span> /etc/docker/daemon.json <span class="o">&lt;&lt;</span><span class="no">EOF</span><span class="sh"> { "exec-opts": ["native.cgroupdriver=systemd"], "log-driver": "json-file", "log-opts": { "max-size": "100m" }, "storage-driver": "overlay2" } </span><span class="no">EOF </span><span class="c"># -- Start and enable Services</span> <span class="nb">sudo </span>systemctl daemon-reload <span class="nb">sudo </span>systemctl restart docker <span class="nb">sudo </span>systemctl <span class="nb">enable </span>docker </code></pre> </div> <ul> <li>Netmaker </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># docker-compose.yml</span> <span class="na">version</span><span class="pi">:</span> <span class="s2">"</span><span class="s">3.4"</span> <span class="na">services</span><span class="pi">:</span> <span class="na">netmaker</span><span class="pi">:</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">netmaker</span> <span class="na">image</span><span class="pi">:</span> <span class="s">gravitl/netmaker:v0.15.2@sha256:1e4cb5ca0907eea83eb84b850fe5e242e481dd4c1be59b60f96d5e577c67f5a9</span> <span class="na">cap_add</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">NET_ADMIN</span> <span class="pi">-</span> <span class="s">NET_RAW</span> <span class="pi">-</span> <span class="s">SYS_MODULE</span> <span class="na">sysctls</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">net.ipv4.ip_forward=1</span> <span class="pi">-</span> <span class="s">net.ipv4.conf.all.src_valid_mark=1</span> <span class="pi">-</span> <span class="s">net.ipv6.conf.all.disable_ipv6=0</span> <span class="pi">-</span> <span class="s">net.ipv6.conf.all.forwarding=1</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">always</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">/root/dnsconfig:/root/config/dnsconfig</span> <span class="pi">-</span> <span class="s">/root/sqldata:/root/data</span> <span class="pi">-</span> <span class="s">/root/shared_certs:/etc/netmaker</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">SERVER_NAME</span><span class="pi">:</span> <span class="s2">"</span><span class="s">broker-base-domain.extenssion"</span> <span class="na">SERVER_HOST</span><span class="pi">:</span> <span class="s2">"</span><span class="s">SERVER_PUBLIC_IP"</span> <span class="na">SERVER_API_CONN_STRING</span><span class="pi">:</span> <span class="s2">"</span><span class="s">api-base-domain.extenssion:443"</span> <span class="na">COREDNS_ADDR</span><span class="pi">:</span> <span class="s2">"</span><span class="s">SERVER_PUBLIC_IP"</span> <span class="na">DNS_MODE</span><span class="pi">:</span> <span class="s2">"</span><span class="s">on"</span> <span class="na">SERVER_HTTP_HOST</span><span class="pi">:</span> <span class="s2">"</span><span class="s">api-base-domain.extenssion"</span> <span class="na">API_PORT</span><span class="pi">:</span> <span class="s2">"</span><span class="s">8081"</span> <span class="na">CLIENT_MODE</span><span class="pi">:</span> <span class="s2">"</span><span class="s">on"</span> <span class="na">MASTER_KEY</span><span class="pi">:</span> <span class="s2">"</span><span class="s">REPLACE_MASTER_KEY"</span> <span class="na">CORS_ALLOWED_ORIGIN</span><span class="pi">:</span> <span class="s2">"</span><span class="s">*"</span> <span class="na">DISPLAY_KEYS</span><span class="pi">:</span> <span class="s2">"</span><span class="s">on"</span> <span class="na">DATABASE</span><span class="pi">:</span> <span class="s2">"</span><span class="s">sqlite"</span> <span class="na">NODE_ID</span><span class="pi">:</span> <span class="s2">"</span><span class="s">netmaker-server-1"</span> <span class="na">MQ_HOST</span><span class="pi">:</span> <span class="s2">"</span><span class="s">mq"</span> <span class="na">MQ_PORT</span><span class="pi">:</span> <span class="s2">"</span><span class="s">443"</span> <span class="na">MQ_SERVER_PORT</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1883"</span> <span class="na">HOST_NETWORK</span><span class="pi">:</span> <span class="s2">"</span><span class="s">off"</span> <span class="na">VERBOSITY</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1"</span> <span class="na">MANAGE_IPTABLES</span><span class="pi">:</span> <span class="s2">"</span><span class="s">on"</span> <span class="na">PORT_FORWARD_SERVICES</span><span class="pi">:</span> <span class="s2">"</span><span class="s">dns"</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">51821-51830:51821-51830/udp"</span> <span class="na">expose</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">8081"</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">traefik.enable=true</span> <span class="pi">-</span> <span class="s">traefik.http.routers.netmaker-api.entrypoints=websecure</span> <span class="pi">-</span> <span class="s">traefik.http.routers.netmaker-api.rule=Host(`api-base-domain.extenssion`)</span> <span class="pi">-</span> <span class="s">traefik.http.routers.netmaker-api.service=netmaker-api</span> <span class="pi">-</span> <span class="s">traefik.http.services.netmaker-api.loadbalancer.server.port=8081</span> <span class="na">netmaker-ui</span><span class="pi">:</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">netmaker-ui</span> <span class="na">image</span><span class="pi">:</span> <span class="s">gravitl/netmaker-ui:v0.15.2@sha256:11fe0092e8a8e8a7a6a07e6aa50d448ed2de24ee6d2eb045e3956b3c6c24af50</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">netmaker</span> <span class="na">links</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">netmaker:api"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">always</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">BACKEND_URL</span><span class="pi">:</span> <span class="s2">"</span><span class="s">https://api-base-domain.extenssion"</span> <span class="na">expose</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80"</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">traefik.enable=true</span> <span class="pi">-</span> <span class="s">traefik.http.middlewares.nmui-security.headers.accessControlAllowOriginList=*-base-domain.extenssion</span> <span class="pi">-</span> <span class="s">traefik.http.middlewares.nmui-security.headers.stsSeconds=31536000</span> <span class="pi">-</span> <span class="s">traefik.http.middlewares.nmui-security.headers.browserXssFilter=true</span> <span class="pi">-</span> <span class="s">traefik.http.middlewares.nmui-security.headers.customFrameOptionsValue=SAMEORIGIN</span> <span class="pi">-</span> <span class="s">traefik.http.middlewares.nmui-security.headers.customResponseHeaders.X-Robots-Tag=none</span> <span class="pi">-</span> <span class="s">traefik.http.middlewares.nmui-security.headers.customResponseHeaders.Server=</span> <span class="c1"># Remove the server name</span> <span class="pi">-</span> <span class="s">traefik.http.routers.netmaker-ui.entrypoints=websecure</span> <span class="pi">-</span> <span class="s">traefik.http.routers.netmaker-ui.middlewares=nmui-security@docker</span> <span class="pi">-</span> <span class="s">traefik.http.routers.netmaker-ui.rule=Host(`dashboard-base-domain.extenssion`)</span> <span class="pi">-</span> <span class="s">traefik.http.routers.netmaker-ui.service=netmaker-ui</span> <span class="pi">-</span> <span class="s">traefik.http.services.netmaker-ui.loadbalancer.server.port=80</span> <span class="na">coredns</span><span class="pi">:</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">coredns</span> <span class="na">image</span><span class="pi">:</span> <span class="s">coredns/coredns-arm64@sha256:224c4ecc9d9eea3765d0beee0e624e6cf837230c370440bd38a7d9901dd04dc4</span> <span class="na">command</span><span class="pi">:</span> <span class="s">-conf /root/dnsconfig/Corefile</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">netmaker</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">always</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">/root/dnsconfig:/root/dnsconfig</span> <span class="na">traefik</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">traefik:v2.6@sha256:9aecceb73e3b24b6547d401c95eea6cdf475a99ddfd0b86464c5413925e062da</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">traefik</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.http.acme.email=YOUR_EMAIL"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.http.acme.storage=/letsencrypt/acme.json"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.http.acme.tlschallenge=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.websecure.address=:443"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.websecure.http.tls=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.websecure.http.tls.certResolver=http"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--log.level=INFO"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker.exposedByDefault=false"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--serverstransport.insecureskipverify=true"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">always</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">/var/run/docker.sock:/var/run/docker.sock:ro</span> <span class="pi">-</span> <span class="s">/root/traefik_certs:/letsencrypt</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">443:443"</span> <span class="na">mq</span><span class="pi">:</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">mq</span> <span class="na">image</span><span class="pi">:</span> <span class="s">eclipse-mosquitto:2.0.11-openssl@sha256:459f8503a3a248156855501a8fa718b92783bf02fc5b1ea414fae07ca1d1396d</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">netmaker</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">/root/mosquitto.conf:/mosquitto/config/mosquitto.conf</span> <span class="pi">-</span> <span class="s">/root/mosquitto_data:/mosquitto/data</span> <span class="pi">-</span> <span class="s">/root/mosquitto_logs:/mosquitto/log</span> <span class="pi">-</span> <span class="s">/root/shared_certs:/mosquitto/certs</span> <span class="na">expose</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">8883"</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">traefik.enable=true</span> <span class="pi">-</span> <span class="s">traefik.tcp.routers.mqtts.rule=HostSNI(`broker-base-domain.extenssion`)</span> <span class="pi">-</span> <span class="s">traefik.tcp.routers.mqtts.tls.passthrough=true</span> <span class="pi">-</span> <span class="s">traefik.tcp.services.mqtts-svc.loadbalancer.server.port=8883</span> <span class="pi">-</span> <span class="s">traefik.tcp.routers.mqtts.service=mqtts-svc</span> <span class="pi">-</span> <span class="s">traefik.tcp.routers.mqtts.entrypoints=websecure</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Create Corefile by removing this comment</span> coredns.io <span class="o">{</span> log stdout file /root/dnsconfig/coredns.dat <span class="o">}</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="c"># -- Prerequists</span> <span class="c"># yum install -y wireguard-tools net-tools jq</span> <span class="c"># modprobe ip_tables</span> <span class="c"># echo 'ip_tables' &gt;&gt; /etc/modules</span> <span class="c"># -- Install Docker Compose</span> <span class="c"># curl -L --fail https://github.com/docker/compose/releases/download/v2.11.0/docker-compose-linux-aarch64 -o /usr/sbin/docker-compose</span> <span class="c"># chmod +x /usr/sbin/docker-compose</span> <span class="c"># -- Setting env variables</span> <span class="nv">NETMAKER_BASE_DOMAIN</span><span class="o">=</span><span class="nv">$DOMAIN_NAME</span> <span class="nv">COREDNS_IP</span><span class="o">=</span><span class="si">$(</span>ip route get 1 | <span class="nb">sed</span> <span class="nt">-n</span> <span class="s1">'s/^.*src \([0-9.]*\) .*$/\1/p'</span><span class="si">)</span> <span class="nv">SERVER_PUBLIC_IP</span><span class="o">=</span><span class="si">$(</span>curl <span class="nt">-s</span> ifconfig.me<span class="si">)</span> <span class="nv">MASTER_KEY</span><span class="o">=</span><span class="si">$(</span><span class="nb">tr</span> <span class="nt">-dc</span> A-Za-z0-9 &lt;/dev/urandom | <span class="nb">head</span> <span class="nt">-c</span> 30 <span class="p">;</span> <span class="nb">echo</span> <span class="s1">''</span><span class="si">)</span> <span class="nv">EMAIL</span><span class="o">=</span><span class="s2">"gaddam.rahul@email.com"</span> <span class="nv">MESH_SETUP</span><span class="o">=</span><span class="s2">"true"</span> <span class="nv">VPN_SETUP</span><span class="o">=</span><span class="s2">"false"</span> <span class="nv">NUM_CLIENTS</span><span class="o">=</span>5 <span class="nb">echo</span> <span class="s2">" ----------------------------"</span> <span class="nb">echo</span> <span class="s2">" SETUP ARGUMENTS"</span> <span class="nb">echo</span> <span class="s2">" ----------------------------"</span> <span class="nb">echo</span> <span class="s2">" domain: </span><span class="nv">$NETMAKER_BASE_DOMAIN</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">" email: </span><span class="nv">$EMAIL</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">" coredns ip: </span><span class="nv">$COREDNS_IP</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">" public ip: </span><span class="nv">$SERVER_PUBLIC_IP</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">" master key: </span><span class="nv">$MASTER_KEY</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">" setup mesh?: </span><span class="nv">$MESH_SETUP</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">" setup vpn?: </span><span class="nv">$VPN_SETUP</span><span class="s2">"</span> <span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="k">${</span><span class="nv">VPN_SETUP</span><span class="k">}</span><span class="s2">"</span> <span class="o">==</span> <span class="s2">"true"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">" # clients: </span><span class="nv">$NUM_CLIENTS</span><span class="s2">"</span> <span class="k">fi </span><span class="nb">echo</span> <span class="s2">" ----------------------------"</span> <span class="nb">sleep </span>5 <span class="c"># -- Installation</span> <span class="nb">echo</span> <span class="s2">"setting mosquitto.conf..."</span> wget <span class="nt">-q</span> <span class="nt">-O</span> /root/mosquitto.conf https://raw.githubusercontent.com/gravitl/netmaker/master/docker/mosquitto.conf <span class="nb">echo</span> <span class="s2">"setting docker-compose..."</span> <span class="nb">mkdir</span> <span class="nt">-p</span> /root/dnsconfig <span class="nb">cp</span> /home/opc/setup/netmaker/Corefile /root/dnsconfig/ <span class="nb">mkdir</span> <span class="nt">-p</span> /root/traefik_certs <span class="nb">mkdir</span> <span class="nt">-p</span> /root/shared_certs <span class="nb">mkdir</span> <span class="nt">-p</span> /root/sqldata <span class="nb">mkdir</span> <span class="nt">-p</span> /root/mosquitto_data <span class="nb">mkdir</span> <span class="nt">-p</span> /root/mosquitto_logs <span class="nb">cp</span> /home/opc/setup/netmaker/docker-compose.yml /root/docker-compose.yml <span class="nb">sed</span> <span class="nt">-i</span> <span class="s2">"s/SERVER_PUBLIC_IP/</span><span class="nv">$SERVER_PUBLIC_IP</span><span class="s2">/g"</span> /root/docker-compose.yml <span class="nb">sed</span> <span class="nt">-i</span> <span class="s2">"s/COREDNS_IP/</span><span class="nv">$COREDNS_IP</span><span class="s2">/g"</span> /root/docker-compose.yml <span class="nb">sed</span> <span class="nt">-i</span> <span class="s2">"s/REPLACE_MASTER_KEY/</span><span class="nv">$MASTER_KEY</span><span class="s2">/g"</span> /root/docker-compose.yml <span class="nb">sed</span> <span class="nt">-i</span> <span class="s2">"s/YOUR_EMAIL/</span><span class="nv">$EMAIL</span><span class="s2">/g"</span> /root/docker-compose.yml <span class="nb">echo</span> <span class="s2">"starting containers..."</span> docker-compose <span class="nt">-f</span> /root/docker-compose.yml up <span class="nt">-d</span> test_connection<span class="o">()</span> <span class="o">{</span> <span class="nb">echo</span> <span class="s2">"testing Traefik setup (please be patient, this may take 1-2 minutes)"</span> <span class="k">for </span>i <span class="k">in </span>1 2 3 4 5 6 <span class="k">do </span><span class="nv">curlresponse</span><span class="o">=</span><span class="si">$(</span>curl <span class="nt">-vIs</span> https://api-base-domain.extenssion 2&gt;&amp;1<span class="si">)</span> <span class="k">if</span> <span class="o">[[</span> <span class="s2">"</span><span class="nv">$i</span><span class="s2">"</span> <span class="o">==</span> 6 <span class="o">]]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">" Traefik is having an issue setting up certificates, please investigate (docker logs traefik)"</span> <span class="nb">echo</span> <span class="s2">" exiting..."</span> <span class="nb">exit </span>1 <span class="k">elif</span> <span class="o">[[</span> <span class="s2">"</span><span class="nv">$curlresponse</span><span class="s2">"</span> <span class="o">==</span> <span class="k">*</span><span class="s2">"failed to verify the legitimacy of the server"</span><span class="k">*</span> <span class="o">]]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">" certificates not yet configured, retrying..."</span> <span class="k">elif</span> <span class="o">[[</span> <span class="s2">"</span><span class="nv">$curlresponse</span><span class="s2">"</span> <span class="o">==</span> <span class="k">*</span><span class="s2">"left intact"</span><span class="k">*</span> <span class="o">]]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">" certificates ok"</span> <span class="nb">break </span><span class="k">else </span><span class="nv">secs</span><span class="o">=</span><span class="k">$((</span><span class="nv">$i</span><span class="o">*</span><span class="m">5</span><span class="o">+</span><span class="m">10</span><span class="k">))</span> <span class="nb">echo</span> <span class="s2">" issue establishing connection...retrying in </span><span class="nv">$secs</span><span class="s2"> seconds..."</span> <span class="k">fi </span><span class="nb">sleep</span> <span class="nv">$secs</span> <span class="k">done</span> <span class="o">}</span> <span class="nb">set</span> +e test_connection <span class="nb">cat</span> <span class="o">&lt;&lt;</span> <span class="sh">"</span><span class="no">EOF</span><span class="sh">" __ __ ______ ______ __ __ ______ __ __ ______ ______ /</span><span class="se">\ </span><span class="sh">"-.</span><span class="se">\ \ </span><span class="sh"> /</span><span class="se">\ </span><span class="sh"> ___</span><span class="se">\ </span><span class="sh"> /</span><span class="se">\_</span><span class="sh">_ _</span><span class="se">\ </span><span class="sh">/</span><span class="se">\ </span><span class="sh">"-./ </span><span class="se">\ </span><span class="sh"> /</span><span class="se">\ </span><span class="sh"> __ </span><span class="se">\ </span><span class="sh"> /</span><span class="se">\ \/</span><span class="sh"> / /</span><span class="se">\ </span><span class="sh"> ___</span><span class="se">\ </span><span class="sh"> /</span><span class="se">\ </span><span class="sh"> == </span><span class="se">\ </span><span class="sh"> </span><span class="se">\ \ \-</span><span class="sh">. </span><span class="se">\ </span><span class="sh"> </span><span class="se">\ \ </span><span class="sh"> __</span><span class="se">\ </span><span class="sh"> </span><span class="se">\/</span><span class="sh">_/</span><span class="se">\ \/</span><span class="sh"> </span><span class="se">\ \ \-</span><span class="sh">./</span><span class="se">\ \ </span><span class="sh"> </span><span class="se">\ \ </span><span class="sh"> __ </span><span class="se">\ </span><span class="sh"> </span><span class="se">\ \ </span><span class="sh"> _"-. </span><span class="se">\ \ </span><span class="sh"> __</span><span class="se">\ </span><span class="sh"> </span><span class="se">\ \ </span><span class="sh"> __&lt; </span><span class="se">\ \_\\</span><span class="sh">"</span><span class="se">\_\ </span><span class="sh"> </span><span class="se">\ \_</span><span class="sh">____</span><span class="se">\ </span><span class="sh"> </span><span class="se">\ \_\ </span><span class="sh"> </span><span class="se">\ \_\ \ \_\ </span><span class="sh"> </span><span class="se">\ \_\ \_\ </span><span class="sh"> </span><span class="se">\ \_\ \_\ </span><span class="sh"> </span><span class="se">\ \_</span><span class="sh">____</span><span class="se">\ </span><span class="sh"> </span><span class="se">\ \_\ \_\ </span><span class="sh"> </span><span class="se">\/</span><span class="sh">_/ </span><span class="se">\/</span><span class="sh">_/ </span><span class="se">\/</span><span class="sh">_____/ </span><span class="se">\/</span><span class="sh">_/ </span><span class="se">\/</span><span class="sh">_/ </span><span class="se">\/</span><span class="sh">_/ </span><span class="se">\/</span><span class="sh">_/</span><span class="se">\/</span><span class="sh">_/ </span><span class="se">\/</span><span class="sh">_/</span><span class="se">\/</span><span class="sh">_/ </span><span class="se">\/</span><span class="sh">_____/ </span><span class="se">\/</span><span class="sh">_/ /_/ </span><span class="no"> EOF </span><span class="nb">echo</span> <span class="s2">"visit https://dashboard-base-domain.extenssion to log in"</span> <span class="nb">sleep </span>7 setup_mesh<span class="o">()</span> <span class="o">{(</span> <span class="nb">set</span> <span class="nt">-e</span> <span class="nb">echo</span> <span class="s2">"creating netmaker network (10.101.0.0/16)"</span> curl <span class="nt">-s</span> <span class="nt">-o</span> /dev/null <span class="nt">-d</span> <span class="s1">'{"addressrange":"10.101.0.0/16","netid":"netmaker"}'</span> <span class="nt">-H</span> <span class="s2">"Authorization: Bearer </span><span class="nv">$MASTER_KEY</span><span class="s2">"</span> <span class="nt">-H</span> <span class="s1">'Content-Type: application/json'</span> https://api-base-domain.extenssion/api/networks <span class="nb">sleep </span>5 <span class="nb">echo</span> <span class="s2">"creating netmaker access key"</span> <span class="nv">curlresponse</span><span class="o">=</span><span class="si">$(</span>curl <span class="nt">-s</span> <span class="nt">-d</span> <span class="s1">'{"uses":99999,"name":"netmaker-key"}'</span> <span class="nt">-H</span> <span class="s2">"Authorization: Bearer </span><span class="nv">$MASTER_KEY</span><span class="s2">"</span> <span class="nt">-H</span> <span class="s1">'Content-Type: application/json'</span> https://api-base-domain.extenssion/api/networks/netmaker/keys<span class="si">)</span> <span class="nv">ACCESS_TOKEN</span><span class="o">=</span><span class="si">$(</span>jq <span class="nt">-r</span> <span class="s1">'.accessstring'</span> <span class="o">&lt;&lt;&lt;</span> <span class="k">${</span><span class="nv">curlresponse</span><span class="k">}</span><span class="si">)</span> <span class="nb">sleep </span>5 <span class="nb">echo</span> <span class="s2">"configuring netmaker server as ingress gateway"</span> <span class="nv">curlresponse</span><span class="o">=</span><span class="si">$(</span>curl <span class="nt">-s</span> <span class="nt">-H</span> <span class="s2">"Authorization: Bearer </span><span class="nv">$MASTER_KEY</span><span class="s2">"</span> <span class="nt">-H</span> <span class="s1">'Content-Type: application/json'</span> https://api-base-domain.extenssion/api/nodes/netmaker<span class="si">)</span> <span class="nv">SERVER_ID</span><span class="o">=</span><span class="si">$(</span>jq <span class="nt">-r</span> <span class="s1">'.[0].id'</span> <span class="o">&lt;&lt;&lt;</span> <span class="k">${</span><span class="nv">curlresponse</span><span class="k">}</span><span class="si">)</span> curl <span class="nt">-o</span> /dev/null <span class="nt">-s</span> <span class="nt">-X</span> POST <span class="nt">-H</span> <span class="s2">"Authorization: Bearer </span><span class="nv">$MASTER_KEY</span><span class="s2">"</span> <span class="nt">-H</span> <span class="s1">'Content-Type: application/json'</span> https://api-base-domain.extenssion/api/nodes/netmaker/<span class="nv">$SERVER_ID</span>/createingress <span class="nb">sleep </span>5 <span class="nb">echo</span> <span class="s2">"finished configuring server and network. You can now add clients."</span> <span class="nb">echo</span> <span class="s2">""</span> <span class="nb">echo</span> <span class="s2">"For Linux, Mac, Windows, and FreeBSD:"</span> <span class="nb">echo</span> <span class="s2">" 1. Install the netclient: https://docs.netmaker.org/netclient.html#installation"</span> <span class="nb">echo</span> <span class="s2">" 2. Join the network: netclient join -t </span><span class="nv">$ACCESS_TOKEN</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">""</span> <span class="nb">echo</span> <span class="s2">"For Android and iOS clients, perform the following steps:"</span> <span class="nb">echo</span> <span class="s2">" 1. Log into UI at dashboard-base-domain.extenssion"</span> <span class="nb">echo</span> <span class="s2">" 2. Navigate to </span><span class="se">\"</span><span class="s2">EXTERNAL CLIENTS</span><span class="se">\"</span><span class="s2"> tab"</span> <span class="nb">echo</span> <span class="s2">" 3. Select the gateway and create clients"</span> <span class="nb">echo</span> <span class="s2">" 4. Scan the QR Code from WireGuard app in iOS or Android"</span> <span class="nb">echo</span> <span class="s2">""</span> <span class="nb">echo</span> <span class="s2">"Netmaker setup is now complete. You are ready to begin using Netmaker."</span> <span class="o">)}</span> setup_vpn<span class="o">()</span> <span class="o">{(</span> <span class="nb">set</span> <span class="nt">-e</span> <span class="nb">echo</span> <span class="s2">"creating vpn network (10.201.0.0/16)"</span> curl <span class="nt">-s</span> <span class="nt">-o</span> /dev/null <span class="nt">-d</span> <span class="s1">'{"addressrange":"10.201.0.0/16","netid":"vpn","defaultextclientdns":"10.201.255.254"}'</span> <span class="nt">-H</span> <span class="s2">"Authorization: Bearer </span><span class="nv">$MASTER_KEY</span><span class="s2">"</span> <span class="nt">-H</span> <span class="s1">'Content-Type: application/json'</span> https://api-base-domain.extenssion/api/networks <span class="nb">sleep </span>5 <span class="nb">echo</span> <span class="s2">"configuring netmaker server as vpn inlet..."</span> <span class="nv">curlresponse</span><span class="o">=</span><span class="si">$(</span>curl <span class="nt">-s</span> <span class="nt">-H</span> <span class="s2">"Authorization: Bearer </span><span class="nv">$MASTER_KEY</span><span class="s2">"</span> <span class="nt">-H</span> <span class="s1">'Content-Type: application/json'</span> https://api-base-domain.extenssion/api/nodes/vpn<span class="si">)</span> <span class="nv">SERVER_ID</span><span class="o">=</span><span class="si">$(</span>jq <span class="nt">-r</span> <span class="s1">'.[0].id'</span> <span class="o">&lt;&lt;&lt;</span> <span class="k">${</span><span class="nv">curlresponse</span><span class="k">}</span><span class="si">)</span> curl <span class="nt">-s</span> <span class="nt">-o</span> /dev/null <span class="nt">-X</span> POST <span class="nt">-H</span> <span class="s2">"Authorization: Bearer </span><span class="nv">$MASTER_KEY</span><span class="s2">"</span> <span class="nt">-H</span> <span class="s1">'Content-Type: application/json'</span> https://api-base-domain.extenssion/api/nodes/vpn/<span class="nv">$SERVER_ID</span>/createingress <span class="nb">echo</span> <span class="s2">"waiting 5 seconds for server to apply configuration..."</span> <span class="nb">sleep </span>5 <span class="nb">echo</span> <span class="s2">"configuring netmaker server vpn gateway..."</span> <span class="o">[</span> <span class="nt">-z</span> <span class="s2">"</span><span class="nv">$GATEWAY_IFACE</span><span class="s2">"</span> <span class="o">]</span> <span class="o">&amp;&amp;</span> <span class="nv">GATEWAY_IFACE</span><span class="o">=</span><span class="si">$(</span>ip <span class="nt">-4</span> route <span class="nb">ls</span> | <span class="nb">grep </span>default | <span class="nb">grep</span> <span class="nt">-Po</span> <span class="s1">'(?&lt;=dev )(\S+)'</span><span class="si">)</span> <span class="nb">echo</span> <span class="s2">"gateway iface: </span><span class="nv">$GATEWAY_IFACE</span><span class="s2">"</span> <span class="nv">curlresponse</span><span class="o">=</span><span class="si">$(</span>curl <span class="nt">-s</span> <span class="nt">-H</span> <span class="s2">"Authorization: Bearer </span><span class="nv">$MASTER_KEY</span><span class="s2">"</span> <span class="nt">-H</span> <span class="s1">'Content-Type: application/json'</span> https://api-base-domain.extenssion/api/nodes/vpn<span class="si">)</span> <span class="nv">SERVER_ID</span><span class="o">=</span><span class="si">$(</span>jq <span class="nt">-r</span> <span class="s1">'.[0].id'</span> <span class="o">&lt;&lt;&lt;</span> <span class="k">${</span><span class="nv">curlresponse</span><span class="k">}</span><span class="si">)</span> <span class="nv">EGRESS_JSON</span><span class="o">=</span><span class="si">$(</span> jq <span class="nt">-n</span> <span class="se">\</span> <span class="nt">--arg</span> gw <span class="s2">"</span><span class="nv">$GATEWAY_IFACE</span><span class="s2">"</span> <span class="se">\</span> <span class="s1">'{ranges: ["0.0.0.0/0"], interface: $gw}'</span> <span class="si">)</span> <span class="nb">echo</span> <span class="s2">"egress json: </span><span class="nv">$EGRESS_JSON</span><span class="s2">"</span> curl <span class="nt">-s</span> <span class="nt">-o</span> /dev/null <span class="nt">-X</span> POST <span class="nt">-d</span> <span class="s2">"</span><span class="nv">$EGRESS_JSON</span><span class="s2">"</span> <span class="nt">-H</span> <span class="s2">"Authorization: Bearer </span><span class="nv">$MASTER_KEY</span><span class="s2">"</span> <span class="nt">-H</span> <span class="s1">'Content-Type: application/json'</span> https://api-base-domain.extenssion/api/nodes/vpn/<span class="nv">$SERVER_ID</span>/creategateway <span class="nb">sleep </span>3 <span class="nb">echo</span> <span class="s2">"creating client configs..."</span> <span class="k">for</span> <span class="o">((</span><span class="nv">a</span><span class="o">=</span>1<span class="p">;</span> a &lt;<span class="o">=</span> <span class="nv">$NUM_CLIENTS</span><span class="p">;</span> a++<span class="o">))</span> <span class="k">do </span><span class="nv">CLIENT_JSON</span><span class="o">=</span><span class="si">$(</span> jq <span class="nt">-n</span> <span class="se">\</span> <span class="nt">--arg</span> clientid <span class="s2">"vpnclient-</span><span class="nv">$a</span><span class="s2">"</span> <span class="se">\</span> <span class="s1">'{clientid: $clientid}'</span> <span class="si">)</span> curl <span class="nt">-s</span> <span class="nt">-o</span> /dev/null <span class="nt">-d</span> <span class="s2">"</span><span class="nv">$CLIENT_JSON</span><span class="s2">"</span> <span class="nt">-H</span> <span class="s2">"Authorization: Bearer </span><span class="nv">$MASTER_KEY</span><span class="s2">"</span> <span class="nt">-H</span> <span class="s1">'Content-Type: application/json'</span> https://api-base-domain.extenssion/api/extclients/vpn/<span class="nv">$SERVER_ID</span> <span class="nb">sleep </span>2 <span class="k">done </span><span class="nb">echo</span> <span class="s2">"finished configuring vpn server."</span> <span class="nb">echo</span> <span class="s2">""</span> <span class="nb">echo</span> <span class="s2">"To configure clients, perform the following steps:"</span> <span class="nb">echo</span> <span class="s2">" 1. log into dashboard-base-domain.extenssion"</span> <span class="nb">echo</span> <span class="s2">" 2. Navigate to </span><span class="se">\"</span><span class="s2">EXTERNAL CLIENTS</span><span class="se">\"</span><span class="s2"> tab"</span> <span class="nb">echo</span> <span class="s2">" 3. Download or scan a client config (vpnclient-x) to the appropriate device"</span> <span class="nb">echo</span> <span class="s2">" 4. Follow the steps for your system to configure WireGuard on the appropriate device"</span> <span class="nb">echo</span> <span class="s2">" 5. Create and delete clients as necessary. Changes to netmaker server settings require regenerating ext clients."</span> <span class="o">)}</span> <span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="k">${</span><span class="nv">MESH_SETUP</span><span class="k">}</span><span class="s2">"</span> <span class="o">!=</span> <span class="s2">"false"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span>setup_mesh <span class="k">fi if</span> <span class="o">[</span> <span class="s2">"</span><span class="k">${</span><span class="nv">VPN_SETUP</span><span class="k">}</span><span class="s2">"</span> <span class="o">==</span> <span class="s2">"true"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span>setup_vpn <span class="k">fi </span><span class="nb">echo</span> <span class="s2">""</span> <span class="nb">echo</span> <span class="s2">"Netmaker setup is now complete. You are ready to begin using Netmaker."</span> </code></pre> </div> <ul> <li>On successful completion, user will be requested to login to <a href="https://dashboard-base-domain.extenssion/" rel="noopener noreferrer">https://dashboard-base-domain.extenssion/</a> </li> </ul> <h3> Agent Installation </h3> <ul> <li>Agent will have same files expect the <code>Netmaker</code> </li> <li>Netmaker </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="c"># -- Prerequists</span> yum <span class="nb">install</span> <span class="nt">-y</span> wireguard-tools net-tools jq modprobe ip_tables <span class="nb">echo</span> <span class="s1">'ip_tables'</span> <span class="o">&gt;&gt;</span> /etc/modules <span class="c"># -- Install Netmaker Client</span> wget https://github.com/gravitl/netmaker/releases/download/v0.15.2/netclient-arm64 <span class="nt">-O</span> /usr/sbin/netclient <span class="nb">chmod</span> +x /usr/sbin/netclient netclient daemon &amp; <span class="c"># -- Joining Netmaker Master</span> netclient <span class="nb">join</span> <span class="nt">-t</span> &lt;token&gt; </code></pre> </div> <h2> Verification </h2> <ul> <li>On successful installation, User will be able to view new network on <code>ifconfig</code> </li> <li> <code>Ping</code> to different systems will be accessible.</li> <li>Dashboard will show all nodes connected <img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Faa70i7vqa0ol2odi1uke.png" alt="Image description"> </li> </ul> <h2> References </h2> <ul> <li><a href="https://docs.netmaker.org/index.html" rel="noopener noreferrer">Docs</a></li> <li><a href="https://itnext.io/getting-started-with-netmaker-a-wireguard-virtual-networking-platform-3d563fbd87f0" rel="noopener noreferrer">itnext.io</a></li> <li><a href="https://www.youtube.com/channel/UCach3lJY_xBV7rGrbUSvkZQ/videos" rel="noopener noreferrer">Videos</a></li> </ul> netmaker wiregaurd cloud multicloud Rahul Kiran Gaddam Thu, 02 Sep 2021 16:18:33 +0000 https://forem.com/rahgadda/installing-k8-on-arm64-4-cpu-24gb-ram-648 https://forem.com/rahgadda/installing-k8-on-arm64-4-cpu-24gb-ram-648 <h2> Philosophy </h2> <ul> <li>Kubernetes/K8 has solved biggest problem of Infrastructure.</li> <li>Unfortunately to work with it we require lot of infrastructure [Static IP, Hardware, Domain Name].</li> <li>There are lot of alternatives that will help us to explore it like <a href="https://labs.play-with-k8s.com/" rel="noopener noreferrer">Play with Kubernetes</a>, <a href="https://www.katacoda.com/courses/kubernetes/playground" rel="noopener noreferrer">Katacoda</a>. There are always something [Persistence, Availability] that is missing.</li> <li>In this article we will explore how to create a K8 Single Node Cluster and explore K8. This document is based on inspiration from article <a href="https://faun.pub/free-ha-multi-architecture-kubernetes-cluster-from-oracle-c66b8ce7cc37" rel="noopener noreferrer">Medium K8 Installation</a> </li> </ul> <h2> Overview </h2> <ul> <li>As part of this article we will cover below: <ul> <li>Oracle OCI Cloud</li> <li>Installing k8 Single Node Cluster</li> <li>Ingress Controller</li> <li>Running Kubernetes Dashboard</li> </ul> </li> </ul> <h3> OCI </h3> <ul> <li>Oracle is revolutionizing Cloud for Industries. Oracle is <strong>only SaaS company</strong> in the market that provide all offering of cloud <strong>[IaaS, PaaS, SaaS]</strong> </li> <li>Majority of cloud offering are giving minimum free kits to explore. </li> <li>Oracle has crossed this barrier by providing free offering of Compute, Network, Load Balancer, Autonomous Database for all under strategy of <strong>Always Free Resources</strong>. <img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fngudhonak3jwn5x1lbw4.png" alt="image"> </li> </ul> <h3> Installation </h3> <ul> <li>Using OCI free tire we will create <strong>k8 Single node cluster with 24GB &amp; 4 OCPU</strong>. </li> <li> <p>For this installation, I have considered below. I tried to create two nodes, networking between nodes I was not able to solve. </p> <ul> <li> <strong>Instance Name : K8-Master</strong> <img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8ou6u1a0gvtov511eg2a.png" alt="image"> </li> <li> <strong>Image: Oracle Linux Cloud Developer 8</strong> <img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fx2tekcydwp8o9ku0chr8.png" alt="image"> </li> <li> <strong>Processor: Amper Arm64 Bit Processor</strong> <img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3nmheltdr3sv9qo83ize.png" alt="image"> <img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsjl1syz5d475xejm57sc.png" alt="image"> </li> </ul> </li> <li> <p>This will create a VM with <strong>Public IP</strong>. We have to be careful while we selecting container/deliverable to run on this VM. </p> <ul> <li>In general deliverables are listed as <strong>linux-amd64</strong> &amp; <strong>darwin-amd64</strong>, we need to consider deliverables labeled as <strong>linux-arm64</strong>. <img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fah081f0qomk8qggggshl.png" alt="image"> </li> </ul> </li> <li> <p>Once VM is provisioned, its suggested to associate it with a domain as it simplifies access to K8 Cluster. </p> <ul> <li>There are a lot of free domain providers. I have used <a href="https://www.noip.com/login" rel="noopener noreferrer">No-ip</a> <img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxca34afchanhg0cnyu4k.png" alt="image"> </li> </ul> </li> <li><p>Below are steps that we have followed to install K8<br><br> </p></li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="c"># Login to Root</span> <span class="nb">sudo </span>su <span class="c"># Updating Host File - Add entry</span> <span class="c">## Get CIDR Private IP</span> ifconfig vi /etc/hosts <span class="k">**</span>&lt;private.ip&gt;<span class="k">**</span> k8-master <span class="k">**</span>&lt;domain.name&gt;<span class="k">**</span> <span class="c"># Firewall Configuration</span> systemctl disable firewalld yum <span class="nb">install </span>iptables-services <span class="nt">-y</span> systemctl start iptables systemctl <span class="nb">enable </span>iptables iptables <span class="nt">-F</span> iptables <span class="nt">-P</span> INPUT ACCEPT iptables <span class="nt">-P</span> OUTPUT ACCEPT service iptables save systemctl restart iptables iptables <span class="nt">-L</span> <span class="nt">-n</span> <span class="c"># Docker Installation</span> <span class="c">## Podman is by default provided, K8 can run on Podman</span> <span class="c">## I was unable to install using Podman and need to move to docker</span> <span class="c"># -- Remove Podman</span> yum remove podman buildah <span class="nt">-y</span> <span class="c"># -- Install Docker</span> <span class="nb">sudo </span>yum <span class="nb">install</span> <span class="nt">-y</span> yum-utils <span class="nb">sudo </span>yum-config-manager <span class="nt">--add-repo</span> https://download.docker.com/linux/centos/docker-ce.repo yum <span class="nb">install</span> <span class="nt">-y</span> docker-ce <span class="c"># -- Configure Docker</span> systemctl stop docker /usr/sbin/usermod <span class="nt">-a</span> <span class="nt">-G</span> docker opc /usr/sbin/sysctl net.ipv4.conf.all.forwarding<span class="o">=</span>1 systemctl start docker <span class="nb">chmod </span>777 /var/run/docker.sock swapoff <span class="nt">-a</span> <span class="nb">sed</span> <span class="nt">-i</span> <span class="s1">'/ swap / s/^/#/'</span> /etc/fstab vi /etc/docker/daemon.json <span class="o">{</span> <span class="s2">"exec-opts"</span>: <span class="o">[</span><span class="s2">"native.cgroupdriver=systemd"</span><span class="o">]</span> <span class="o">}</span> <span class="c"># Install K8 Software</span> <span class="c"># -- Pre configurations</span> <span class="nb">cat</span> <span class="o">&lt;&lt;</span><span class="no">EOF</span><span class="sh"> | tee /etc/modules-load.d/k8s.conf br_netfilter </span><span class="no"> EOF </span> <span class="nb">cat</span> <span class="o">&lt;&lt;</span><span class="no">EOF</span><span class="sh"> | tee /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 </span><span class="no"> EOF </span> sysctl <span class="nt">--system</span> <span class="nb">cat</span> <span class="o">&lt;&lt;</span><span class="no">EOF</span><span class="sh"> | tee /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-</span><span class="se">\$</span><span class="sh">basearch enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg exclude=kubelet kubeadm kubectl </span><span class="no"> EOF </span> setenforce 0 <span class="nb">sed</span> <span class="nt">-i</span> <span class="s1">'s/^SELINUX=enforcing$/SELINUX=permissive/'</span> /etc/selinux/config <span class="c"># -- Download</span> yum <span class="nb">install</span> <span class="nt">-y</span> kubelet kubeadm kubectl <span class="nt">--disableexcludes</span><span class="o">=</span>kubernetes systemctl <span class="nb">enable</span> <span class="nt">--now</span> kubelet <span class="c"># -- Validate</span> kubectl version <span class="nt">--short</span> kubeadm version <span class="nt">--short</span> <span class="c"># -- Creating OS Services</span> systemctl <span class="nb">enable </span>docker.service systemctl <span class="nb">enable </span>kubelet.service systemctl daemon-reload systemctl restart docker systemctl restart kubelet <span class="c"># -- Installing K8 Single Node Cluster</span> <span class="nv">CERTKEY</span><span class="o">=</span><span class="si">$(</span>kubeadm certs certificate-key<span class="si">)</span> kubeadm init <span class="nt">--apiserver-cert-extra-sans</span><span class="o">=</span>&lt;domain.name&gt;,&lt;public.ip&gt;,&lt;private.ip&gt; <span class="nt">--pod-network-cidr</span><span class="o">=</span>10.32.0.0/12 <span class="nt">--control-plane-endpoint</span><span class="o">=</span>&lt;domain.name&gt; <span class="nt">--upload-certs</span> <span class="nt">--certificate-key</span><span class="o">=</span><span class="nv">$CERTKEY</span> <span class="c"># -- Moving k8 config file </span> <span class="nb">mkdir</span> <span class="nt">-p</span> <span class="nv">$HOME</span>/.kube <span class="nb">cp</span> <span class="nt">-i</span> /etc/kubernetes/admin.conf <span class="nv">$HOME</span>/.kube/config <span class="nb">chown</span> <span class="si">$(</span><span class="nb">id</span> <span class="nt">-u</span><span class="si">)</span>:<span class="si">$(</span><span class="nb">id</span> <span class="nt">-g</span><span class="si">)</span> <span class="nv">$HOME</span>/.kube/config <span class="nb">mkdir</span> <span class="nt">-p</span> /home/opc/.kube <span class="nb">cp</span> <span class="nv">$HOME</span>/.kube/config /home/opc/.kube/config <span class="nb">chmod </span>777 /home/opc/.kube/config <span class="c"># -- Validating Installation</span> netstat <span class="nt">-nplt</span> kubectl get nodes kubectl get pods <span class="nt">-n</span> kube-system <span class="c"># -- Enabling Flannel Networking</span> kubectl apply <span class="nt">-f</span> https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml </code></pre> </div> <h3> Ingress </h3> <ul> <li>With a successful K8 environment installation, we wanted to run pods and access them using DNS name associated.</li> <li>Ingress controller helps to do this. We will associate ingress to two <strong>Pods</strong>. <img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fwww.nginx.com%2Fwp-content%2Fuploads%2F2018%2F12%2FNGINX-Ingress-Controller-4-services_social.png"> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Taint Master</span> <span class="c">## This will allow pods to be scheduled on Master</span> kubectl get nodes <span class="nt">-o</span> json | jq <span class="s1">'.items[].spec.taints'</span> kubectl taint nodes k8-master node-role.kubernetes.io/master:NoSchedule- <span class="c"># Install Helm</span> curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash <span class="nb">mv</span> /usr/local/bin/helm /usr/bin <span class="c"># -- Validating Helm Installation</span> helm version <span class="c"># -- Add Helm Repo</span> helm repo add stable https://charts.helm.sh/stable helm repo list <span class="c"># Install Nginx Ingress Controller</span> <span class="c"># -- Add Helm Chart as default is Depricated</span> helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx helm repo update helm repo list <span class="c"># -- Download default chart</span> helm show values ingress-nginx/ingress-nginx <span class="o">&gt;</span> ngingress-metal-custom.yaml <span class="nb">chmod </span>777 ngingress-metal-custom.yaml <span class="c"># -- Update Settings to run Nginx on OCI</span> hostNetwork: <span class="nb">true</span> <span class="c">## change to false</span> hostPort: enabled: <span class="nb">false</span> <span class="c">## change to true</span> kind: Deployment <span class="c">## change to DaemonSet</span> externalIPS: - public.ip <span class="c">## replace with your instance's Public IP</span> loadBalancerSourceRanges: - public.ip/32 <span class="c">## replace with your instance's Public IP</span> <span class="c"># -- Run Chart</span> kubectl create ns ingress-nginx helm <span class="nb">install </span>helm-ngingress ingress-nginx/ingress-nginx <span class="nt">-n</span> ingress-nginx <span class="nt">--values</span> ngingress-metal-custom.yaml <span class="c"># -- Verification</span> kubectl get all <span class="nt">-n</span> ingress-nginx helm list <span class="nt">-n</span> ingress-nginx </code></pre> </div> <ul> <li>Connecting Service to an Ingress </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># -- This will create Deployment, ClusterIP Service, Ingress</span> kubectl apply <span class="nt">-f</span> https://raw.githubusercontent.com/rahgadda/Kubernetes/master/MyDev/helloworld-ingress.yaml <span class="c"># -- Verify Ingress </span> kubectl get ing </code></pre> </div> <ul> <li>On accessing <code>http://&lt;public.ip&gt;</code>, <code>http://&lt;domain.name&gt;</code> system will display <code>Hello, World!</code> <img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcsol7f1exkkft5kvncb1.png" alt="image"> </li> </ul> <h3> Dashboard </h3> <ul> <li>K8 team has created k8 dashboard to view insights on Kubernetes.</li> <li>Typically it is accessed using <strong>kube proxy or node port</strong>. We will deploy it and access it using Ingress. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># -- Install Dashboard</span> kubectl apply <span class="nt">-f</span> https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml <span class="c"># -- Verify Dashboard </span> kubectl get svc <span class="nt">-n</span> kubernetes-dashboard kubectl get pods <span class="nt">-n</span> kubernetes-dashboard <span class="c"># -- Create Service Account to Access Dashboard</span> kubectl create serviceaccount rahgadda <span class="nt">-n</span> default kubectl create clusterrolebinding dashboard-admin <span class="nt">-n</span> default <span class="nt">--clusterrole</span><span class="o">=</span>cluster-admin <span class="nt">--serviceaccount</span><span class="o">=</span>default:rahgadda kubectl create clusterrolebinding user-cluster-admin-binding <span class="nt">--clusterrole</span><span class="o">=</span>cluster-admin <span class="nt">--user</span><span class="o">=</span>default <span class="c"># -- Create Config file to Login</span> <span class="nv">server</span><span class="o">=</span>https://&lt;domain.name&gt;:6443 <span class="nv">name</span><span class="o">=</span><span class="si">$(</span>kubectl get serviceaccount rahgadda <span class="nt">-n</span> default <span class="nt">-o</span> <span class="nv">jsonpath</span><span class="o">=</span><span class="s2">"{.secrets[0].name}"</span><span class="si">)</span> <span class="nv">ca</span><span class="o">=</span><span class="si">$(</span>kubectl get secret/<span class="nv">$name</span> <span class="nt">-o</span> <span class="nv">jsonpath</span><span class="o">=</span><span class="s1">'{.data.ca\.crt}'</span><span class="si">)</span> <span class="nv">token</span><span class="o">=</span><span class="si">$(</span>kubectl get secret/<span class="nv">$name</span> <span class="nt">-o</span> <span class="nv">jsonpath</span><span class="o">=</span><span class="s1">'{.data.token}'</span> | <span class="nb">base64</span> <span class="nt">--decode</span><span class="si">)</span> <span class="nv">namespace</span><span class="o">=</span><span class="si">$(</span>kubectl get secret/<span class="nv">$name</span> <span class="nt">-o</span> <span class="nv">jsonpath</span><span class="o">=</span><span class="s1">'{.data.namespace}'</span> | <span class="nb">base64</span> <span class="nt">--decode</span><span class="si">)</span> <span class="nb">echo</span> <span class="s2">" apiVersion: v1 kind: Config clusters: - name: default-cluster cluster: certificate-authority-data: </span><span class="k">${</span><span class="nv">ca</span><span class="k">}</span><span class="s2"> server: </span><span class="k">${</span><span class="nv">server</span><span class="k">}</span><span class="s2"> contexts: - name: default-context context: cluster: default-cluster namespace: default user: default-user current-context: default-context users: - name: default-user user: token: </span><span class="k">${</span><span class="nv">token</span><span class="k">}</span><span class="s2"> "</span> <span class="o">&gt;</span> rahgadda-kubeconfig.yaml <span class="c"># -- Use rahgadda-kubeconfig.yaml file to login to Dashboard</span> <span class="c"># -- Create Ingress for Dashboard Service</span> kubectl apply <span class="nt">-f</span> https://raw.githubusercontent.com/rahgadda/Kubernetes/master/MyDev/k8-dashboard-ingress.yaml <span class="c"># -- Dashboard will be available at URL https://&lt;domain.name&gt;/dashboard/</span> </code></pre> </div> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0mg4gr21e3dbx3cq4f83.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0mg4gr21e3dbx3cq4f83.png" alt="image"></a></p> kubernetes arm64 oracle oci