PinnedInstalling Harbor in my bare metal K8S homelabIn an “enterprise” context, it is common to block users from pulling images from public container registries. Harbor is a private registry for k8s providing many security features, such as content signing and vulnerability scanning. For more info on why harbor in your k8s env, visit the harbor website. …K 8 S4 min read
May 23StreamNative Pulsar Operator Tutorial Part 3In this part, I demo how to use ArgoCD to control Pulsar Custom Resource (CR) by monitoring the GitHub branch/tag. In part 1, I created 4 pulsar CRs with pulsar version 2.9. I create a GitHub repository, pulsar-ops, to keep track of the CRs. …Streamnative4 min read
May 16StreamNative Pulsar Operator Tutorial Part 2In this part, I show a step-by-step how to create a python producer container using vs-code. I use venv to control the python version in a project. The following code snippet shows how I create python env and python libs before I open the folder using “code .” mkdir cloudnative-pulsar cd…Apache Pulsar7 min read
May 8StreamNative Pulsar Operator Tutorial Part 1In the article, I demo how to use StreamNative Pulsar operators to deploy a pulsar cluster in my k8s home lab. Why use k8s operators? StreamNative provides a good overview of the operator concept here. StreamNative “open-sources” four operators, zookeeper, bookkeeper, broker, and function mesh, which are wrapped as a…Streamnative9 min read
Dec 25, 2021Using ldap2pg K8S CronJob to sync Directory Users/Groups and Postgresql roles/privilegesDemonstrate with Postgresql and OpenLDAP Helm Charts — K8S rbac is pretty clear! We define “roles” to specify in which resources they can access. We define users or service accounts for end users or applications with “tokens”. We use rolebinding to associate users/serviceaccounts with the roles. Like K8S rbac (role based access control), postgresql has its own rbac…K 8 S6 min read
Dec 22, 2021Creating a cluster-issuer in cert-manager with VaultUsing Vault Kubernetes Authentication and PKI Secret — The vault and cert-manager official documents are pretty clear how cert-manager works with vault kubernetes auth and pki secret engine. In this article, we show how to create a ClusterIssurer in cert-manager. Following my latest blog of vault ha in k8s, we first turn on kubernetes authentication (in line 6)…Vault2 min read
Dec 21, 2021Vault HA with TLS on K8SManual Unseal and Auto Unseal with GCP-CKMS — There are many tutorials and issue solutions about this topic but I still faced some errors like “bad certificate”, “signed by unknown CA” spilled out the container logs. Here is how I setup vault (helm chart) with HA and TLS enabled on K8S. To turn on TLS vault enpoint (127.0.0.1:8200)…Vault3 min read
Nov 7, 2021YugabyteDB SecurityIn this blog, I attempt to set up TLS for yugabytedb in a hard way. I hope this can clarify and help troubleshoot TLS issues. To simplify and focus on TLS, I first set up a minimum pre-requisites. Then I step through the client or/and server configurations to reach levels…Yugabytedb7 min read
Apr 25, 2021Migrating Mysql database to Postgresql with pgloaderIn this demo, we show how to migrate a sample MySQL database to PostgreSQL in k8s using a pgloader job. The overall processes are: ‘helm install’ a MySQL db and a PostgreSQL db in a k8s cluster (GKE). Load a simple employee data set to MySQL db. Create a pgloader…3 min read
Mar 21, 2021My First App DeployedAfter the Habor/docker troubleshooting, I finally figured out how to make a python web app push to my k8s ingress. The first part, I created a hello world flask app, built a docker image, tagged the image, then pushed the image to harbor registry. Once the image is in…Ingress2 min read
