PinnedInstalling Harbor in my bare metal K8S homelabIn an “enterprise” context, it is common to block users from pulling images from public container registries. Harbor is a private registry for k8s providing many security features, such as content signing and vulnerability scanning. For more info on why harbor in your k8s env, visit the harbor website. …K8s4 min readK8s4 min read
May 29Apache Pulsar KOP with Istio SNI routingIn this tutorial, I demo how to setup Apache Pulsar KOP in K8S with Istio SNI routing using sn-platform helm chart. The followings are executed in my home lab k8s setup by kubeadm. I use calico cni, rook-ceph csi, and metallb as layer2 load balancer. …Pulsar2 min readPulsar2 min read
May 27Harbor Registry with Keycloak OIDCIn this tutorial, I demo how to install and setup key cloak, then use Harbor Registry with OIDC authentication. Keycloak is a single sign on solution that supports OAuth2, OpenID Connect (OIDC), and SAML. It is one of key components in cloud native platform. Before installing Keycloak in k8s, you…Oidc5 min readOidc5 min read
May 23, 2022StreamNative Pulsar Operator Tutorial Part 3In this part, I demo how to use ArgoCD to control Pulsar Custom Resource (CR) by monitoring the GitHub branch/tag. In part 1, I created 4 pulsar CRs with pulsar version 2.9. I create a GitHub repository, pulsar-ops, to keep track of the CRs. …Streamnative4 min readStreamnative4 min read
May 16, 2022StreamNative Pulsar Operator Tutorial Part 2In this part, I show a step-by-step how to create a python producer container using vs-code. I use venv to control the python version in a project. The following code snippet shows how I create python env and python libs before I open the folder using “code .” mkdir cloudnative-pulsar cd…Apache Pulsar7 min readApache Pulsar7 min read
May 8, 2022StreamNative Pulsar Operator Tutorial Part 1In the article, I demo how to use StreamNative Pulsar operators to deploy a pulsar cluster in my k8s home lab. Why use k8s operators? StreamNative provides a good overview of the operator concept here. StreamNative “open-sources” four operators, zookeeper, bookkeeper, broker, and function mesh, which are wrapped as a…Streamnative9 min readStreamnative9 min read
Dec 25, 2021Using ldap2pg K8S CronJob to sync Directory Users/Groups and Postgresql roles/privilegesDemonstrate with Postgresql and OpenLDAP Helm Charts — K8S rbac is pretty clear! We define “roles” to specify in which resources they can access. We define users or service accounts for end users or applications with “tokens”. We use rolebinding to associate users/serviceaccounts with the roles. Like K8S rbac (role based access control), postgresql has its own rbac…K8s6 min readK8s6 min read
Dec 22, 2021Creating a cluster-issuer in cert-manager with VaultUsing Vault Kubernetes Authentication and PKI Secret — The vault and cert-manager official documents are pretty clear how cert-manager works with vault kubernetes auth and pki secret engine. In this article, we show how to create a ClusterIssurer in cert-manager. Following my latest blog of vault ha in k8s, we first turn on kubernetes authentication (in line 6)…Vault2 min readVault2 min read
Dec 21, 2021Vault HA with TLS on K8SManual Unseal and Auto Unseal with GCP-CKMS — There are many tutorials and issue solutions about this topic but I still faced some errors like “bad certificate”, “signed by unknown CA” spilled out the container logs. Here is how I setup vault (helm chart) with HA and TLS enabled on K8S. To turn on TLS vault enpoint (127.0.0.1:8200)…Vault3 min readVault3 min read
Nov 7, 2021YugabyteDB SecurityIn this blog, I attempt to set up TLS for yugabytedb in a hard way. I hope this can clarify and help troubleshoot TLS issues. To simplify and focus on TLS, I first set up a minimum pre-requisites. Then I step through the client or/and server configurations to reach levels…Yugabytedb7 min readYugabytedb7 min read
