- Remember, Proxmox VE 7.0 runs on Debian 11 bullseye
- Editing the apt repository sources
- Update your system
- Installing useful extra tools
- Relevant system paths
- References
- Connecting your UPS with your pve node using NUT
- Executing instant commands on the UPS unit
- Other possibilities with NUT
- Relevant system paths
- References
- Initial filesystem configuration (web console)
- Initial filesystem configuration (shell as root)
- Configuring the unused storage drives
- LVM rearrangement in the main storage drive
- References
- Reverting the changes
- Change executed in just one command line
- Final note
- Relevant system paths
- References
- Enabling TFA for SSH access
- Enforcing TFA TOTP for accessing the Proxmox VE web console
- Enforcing TFA TOTP as a default requirement for
pam
realm - Incompatibility of PVE web console login with TFA enforced local shell access
- Relevant system paths
- References
- Understanding the Proxmox VE user management and the realms
- Creating a new system administrator user for a Proxmox VE node
- Relevant system paths
- References
- Installing Fail2ban
- Configuring Fail2ban
- Considerations regarding Fail2ban
- Relevant system paths
- References
- Checking currently running services
- Configuring the
pveproxy
service - Disabling RPC services
- Disabling
zfs
andceph
- Disabling the SPICE proxy
- Disabling cluster and high availability related services
- Considerations
- Relevant system paths
- References
- Checking out your CPU's vulnerabilities
- Applying the correct microcode package
- Relevant system paths
- References
- Proxmox VE firewall uses
iptables
- Zones in the Proxmox VE firewall
- Situation at this point
- Enabling the firewall at the
Datacenter
tier - Firewalling with
ebtables
- Firewall fine tuning
- Firewall logging
- Connection tracking tool
- Relevant system paths
- References
- Network optimizations
- Memory optimizations
- Kernel optimizations
- Reboot the system
- Final considerations
- Relevant system paths
- References
- Status of transparent hugepages in your host
- Disabling the transparent hugepages
- Relevant system paths
- References
- Current virtual network setup
- Target network scenario
- Creating an isolated Linux bridge
- Bridges management
- Relevant system paths
- References
- Requirements for the K3s cluster and the services to deploy in it
- Arrangement of VMs and services
- References
- Storage organization model
- Creating the logical volumes (LVs)
- Enabling the LVs for Proxmox VE
- Configuration file
- Relevant system paths
- References
- Preparing the Debian ISO image
- Building a Debian virtual machine
- Note about the VM's
Boot Order
option - Relevant system paths
- References
- Suggestion about IP configuration in your network
- Adding the
apt
sources for non-free packages - Installing extra packages
- The QEMU guest agent comes enabled in Debian 11
- Hardening the VM's access
- Hardening the
sshd
service - Configuring Fail2Ban for SSH connections
- Disabling the
root
user login - Configuring the VM with
sysctl
- Reboot the VM
- Disabling transparent hugepages on the VM
- Regarding the microcode
apt
packages for CPU vulnerabilities - Relevant system paths
- References
- Reconfiguring the NUT
master
server on your Proxmox VE host - Configuring the NUT
slave
client on your Debian VM - Checking the connection between the VM NUT
slave
client and the PVE node NUTmaster
server - Testing a Forced ShutDown sequence (
FSD
) with NUT - Relevant system paths
- References
- Turning the Debian VM into a VM template
- VM template's backup
- Other considerations regarding VM templates
- References
- Reasons for a new VM template
- Creating a new VM based on the Debian VM template
- Set an static IP for the main network device (
net0
) - Setting a proper hostname string
- Disabling the swap volume
- Changing the VG's name
- Setting up the second network card
- Setting up sysctl kernel parameters for K3s nodes
- Turning the VM into a VM template
- Protecting VMs and VM templates in Proxmox VE
- Relevant system paths
- References
- Criteria for the VMs' IPs and hostnames
- Creation of VMs based on the K3s node VM template
- Preparing the VMs for K3s
- Firewall setup for the K3s cluster
- Considerations before installing the K3s cluster nodes
- K3s Server node setup
- K3s Agent nodes setup
- Enabling bash autocompletion for
kubectl
- Enabling the
k3s.log
file's rotation - Enabling the
containerd.log
file's rotation - K3s relevant paths
- Starting up and shutting down the K3s cluster nodes
- Relevant system paths
- References
- Scenario
- Getting the right version of
kubectl
- Installing
kubectl
on your client system - Getting the configuration for accessing the K3s cluster
- Opening the
6443
port in the K3s server node - Enabling bash autocompletion for
kubectl
- Kubeval, tool for validating Kubernetes configuration files
- Relevant system paths
- References
- Considerations before deploying MetalLB
- Choosing the IP ranges for MetalLB
- Deploying MetalLB on your K3s cluster
- MetalLB's Kustomize project attached to this guide series
- Relevant system paths
- References
- Checking the metrics-server's manifest
- Deployment of metrics-server
- Checking the metrics-server service
- Metrics-server's Kustomize project attached to this guide series
- Relevant system paths
- References
- Warning about cert-manager performance
- Deploying cert-manager
- Reflector, a solution for syncing secrets and configmaps
- Setting up a wildcard certificate for a domain
- Checking your certificate with the
kubectl
cert-manager plugin - Cert-manager and Reflector's Kustomize projects attached to this guide series
- Relevant system paths
- References
- Deploying Kubernetes Dashboard
- Testing Kubernetes Dashboard
- Kubernetes Dashboard's Kustomize project attached to this guide series
- Relevant system paths
- References
- Creating an IngressRoute for Traefik dashboard
- Getting into the dashboard
- Traefik dashboard has bad performance
- Traefik dashboard's Kustomize project attached to this guide series
- Relevant system paths
- References
G033 - Deploying services 02 ~ Nextcloud - Part 1 - Outlining setup, arranging storage and choosing service IPs
- Outlining Nextcloud's setup
- Setting up new storage drives in the K3s agent
- Choosing static cluster IPs for Nextcloud related services
- Relevant system paths
- Kustomize project folders for Nextcloud and Redis
- Redis configuration file
- Redis password
- Redis Deployment resource
- Redis Service resource
- Redis Kustomize project
- Don't deploy this Redis project on its own
- Relevant system paths
- References
- MariaDB Kustomize project's folders
- MariaDB configuration files
- MariaDB passwords
- MariaDB storage
- MariaDB StatefulSet resource
- MariaDB Service resource
- MariaDB Kustomize project
- Don't deploy this MariaDB project on its own
- Relevant system paths
- References
- Considerations about the Nextcloud server
- Nextcloud server Kustomize project's folders
- Nextcloud server configuration files
- Nextcloud server password
- Nextcloud server storage
- Nextcloud server Stateful resource
- Nextcloud server Service resource
- Nextcloud server Kustomize project
- Don't deploy this Nextcloud server project on its own
- Background jobs on Nextcloud
- Relevant system paths
- References
- Preparing pending Nextcloud platform elements
- Kustomize project for Nextcloud platform
- Logging and checking the background jobs configuration on your Nextcloud platform
- Security considerations in Nextcloud
- Nextcloud platform's Kustomize project attached to this guide series
- Relevant system paths
- References
- Outlining Gitea's setup
- Setting up new storage drives in the K3s agent
- FQDNs for Gitea related services
- Relevant system paths
- References
- Kustomize project folders for Gitea and Redis
- Redis configuration file
- Redis password
- Redis Deployment resource
- Redis Service resource
- Redis Kustomize project
- Don't deploy this Redis project on its own
- Relevant system paths
- References
- PostgreSQL Kustomize project's folders
- PostgreSQL configuration files
- PostgreSQL passwords
- PostgreSQL storage
- PostgreSQL StatefulSet resource
- PostgreSQL Service resource
- PostgreSQL Kustomize project
- Don't deploy this PostgreSQL project on its own
- Relevant system paths
- References
- Considerations about the Gitea server
- Gitea server Kustomize project's folders
- Gitea server configuration file
- Gitea server storage
- Gitea server Stateful resource
- Gitea server Service resource
- Gitea server's Kustomize project
- Don't deploy this Gitea server project on its own
- Relevant system paths
- References
- Declaring the pending Gitea platform elements
- Kustomize project for Gitea platform
- Finishing Gitea platform's setup
- Security considerations in Gitea
- Gitea platform's Kustomize project attached to this guide series
- Relevant system paths
- References
- Outlining your monitoring stack setup
- Setting up new storage drives in the K3s agents
- Relevant system paths
- References
- Kustomize project folders for your monitoring stack and Kube State Metrics
- Kube State Metrics ServiceAccount resource
- Kube State Metrics ClusterRole resource
- Kube State Metrics ClusterRoleBinding resource
- Kube State Metrics Deployment resource
- Kube State Metrics Service resource
- Kube State Metrics Kustomize project
- Don't deploy this Kube State Metrics project on its own
- Relevant system paths
- References
- Kustomize project folders for Prometheus Node Exporter
- Prometheus Node Exporter DaemonSet resource
- Prometheus Node Exporter Service resource
- Prometheus Node Exporter Kustomize project
- Don't deploy this Prometheus Node Exporter project on its own
- Relevant system paths
- References
- Kustomize project folders for Prometheus server
- Prometheus configuration files
- Prometheus server storage
- Prometheus server StatefulSet resource
- Prometheus server Service resource
- Prometheus server Traefik IngressRoute resource
- Prometheus server's Kustomize project
- Don't deploy this Prometheus server project on its own
- Relevant system paths
- References
- Kustomize project folders for Grafana
- Grafana data storage
- Grafana Stateful resource
- Grafana Service resource
- Grafana Traefik IngressRoute resource
- Grafana Kustomize project
- Don't deploy this Grafana project on its own
- Relevant system paths
- References
- Declaring the remaining monitoring stack components
- Kustomize project for the monitoring setup
- Checking Prometheus
- Finishing Grafana's setup
- Security concerns on Prometheus and Grafana
- Monitoring stack's Kustomize project attached to this guide series
- Relevant system paths
- References
- What to backup. Identifying your data concerns
- How to backup. Backup tools
- Where to store the backups. Backup storage
- When to do the backups. Backup scheduling
- References
- What gets inside this backup
- Why doing this backup
- How it affects the host platform
- When to do the backup
- How to backup with Clonezilla
- How to restore with Clonezilla
- Final considerations
- References
- What gets covered with the backup job
- Why scheduling a backup job
- How it affects the K3s Kubernetes cluster
- When to do the backup job
- Scheduling the backup job in Proxmox VE
- Restoring a backup in Proxmox VE
- Location of the backup files in the Proxmox VE system
- Relevant system paths
- References
- Setting up a new VM for the UrBackup server
- Deploying UrBackup
- Firewall configuration on Proxmox VE
- Adjusting the UrBackup server configuration
- UrBackup server log file
- About backing up the UrBackup server VM
- Relevant system paths
- References
- Deploying the UrBackup client program
- UrBackup client log file
- UrBackup client uninstaller
- Configuring file backup paths on a client
- Backups on the UrBackup server
- Restoration from file backups
- Relevant system paths
- References
- What to update. Identifying your system's software layers
- How to update. Update procedures
- When to apply the updates
- Checking your storage status
- Cleaning procedures
- Reminder about the
apt
updates - Relevant system paths
- References
- Preparing the Clonezilla Live USB
- Cloning a storage drive with Clonezilla
- Restoring a Clonezilla image
- Considerations about Clonezilla
- Alternative to Clonezilla: Rescuezilla
- References
- Installing the
libguestfs-tools
package - Locating and checking a VM or VM template's hard disk volume
- Relevant system paths
- References
- Resizing the storage drive on Proxmox VE
- Extending the root LVM filesystem on a live VM
- Final note
- References
- Add a new VM to act as the second server node
- Adapt the Proxmox VE firewall setup
- Setup of the FIRST K3s server node
- Setup of the SECOND K3s server node
- Regarding the K3s agent nodes