Open in app

Sign In

Write

Sign In

Yuwei Sung
Yuwei Sung

31 Followers

Home

Lists

About

Pinned

Installing Harbor in my bare metal K8S homelab

In an “enterprise” context, it is common to block users from pulling images from public container registries. Harbor is a private registry for k8s providing many security features, such as content signing and vulnerability scanning. For more info on why harbor in your k8s env, visit the harbor website. …

K8s

4 min read

Installing Harbor in my bare metal K8S homelab
Installing Harbor in my bare metal K8S homelab
K8s

4 min read


May 29

Apache Pulsar KOP with Istio SNI routing

In this tutorial, I demo how to setup Apache Pulsar KOP in K8S with Istio SNI routing using sn-platform helm chart. The followings are executed in my home lab k8s setup by kubeadm. I use calico cni, rook-ceph csi, and metallb as layer2 load balancer. …

Pulsar

2 min read

Apache Pulsar KOP with Istio SNI routing
Apache Pulsar KOP with Istio SNI routing
Pulsar

2 min read


May 27

Harbor Registry with Keycloak OIDC

In this tutorial, I demo how to install and setup key cloak, then use Harbor Registry with OIDC authentication. Keycloak is a single sign on solution that supports OAuth2, OpenID Connect (OIDC), and SAML. It is one of key components in cloud native platform. Before installing Keycloak in k8s, you…

Oidc

5 min read

Harbor Registry with Keycloak OIDC
Harbor Registry with Keycloak OIDC
Oidc

5 min read


May 23, 2022

StreamNative Pulsar Operator Tutorial Part 3

In this part, I demo how to use ArgoCD to control Pulsar Custom Resource (CR) by monitoring the GitHub branch/tag. In part 1, I created 4 pulsar CRs with pulsar version 2.9. I create a GitHub repository, pulsar-ops, to keep track of the CRs. …

Streamnative

4 min read

StreamNative Pulsar Operator Tutorial Part 3
StreamNative Pulsar Operator Tutorial Part 3
Streamnative

4 min read


May 16, 2022

StreamNative Pulsar Operator Tutorial Part 2

In this part, I show a step-by-step how to create a python producer container using vs-code. I use venv to control the python version in a project. The following code snippet shows how I create python env and python libs before I open the folder using “code .” mkdir cloudnative-pulsar cd…

Apache Pulsar

7 min read

StreamNative Pulsar Operator Tutorial Part 2
StreamNative Pulsar Operator Tutorial Part 2
Apache Pulsar

7 min read


May 8, 2022

StreamNative Pulsar Operator Tutorial Part 1

In the article, I demo how to use StreamNative Pulsar operators to deploy a pulsar cluster in my k8s home lab. Why use k8s operators? StreamNative provides a good overview of the operator concept here. StreamNative “open-sources” four operators, zookeeper, bookkeeper, broker, and function mesh, which are wrapped as a…

Streamnative

9 min read

StreamNative Pulsar Operator Tutorial Part 1
StreamNative Pulsar Operator Tutorial Part 1
Streamnative

9 min read


Dec 25, 2021

Using ldap2pg K8S CronJob to sync Directory Users/Groups and Postgresql roles/privileges

Demonstrate with Postgresql and OpenLDAP Helm Charts — K8S rbac is pretty clear! We define “roles” to specify in which resources they can access. We define users or service accounts for end users or applications with “tokens”. We use rolebinding to associate users/serviceaccounts with the roles. Like K8S rbac (role based access control), postgresql has its own rbac…

K8s

6 min read

Using ldap2pg K8S CronJob to sync Directory Users/Groups and Postgresql roles/privileges
Using ldap2pg K8S CronJob to sync Directory Users/Groups and Postgresql roles/privileges
K8s

6 min read


Dec 22, 2021

Creating a cluster-issuer in cert-manager with Vault

Using Vault Kubernetes Authentication and PKI Secret — The vault and cert-manager official documents are pretty clear how cert-manager works with vault kubernetes auth and pki secret engine. In this article, we show how to create a ClusterIssurer in cert-manager. Following my latest blog of vault ha in k8s, we first turn on kubernetes authentication (in line 6)…

Vault

2 min read

Creating a cluster-issuer in cert-manager with Vault
Creating a cluster-issuer in cert-manager with Vault
Vault

2 min read


Dec 21, 2021

Vault HA with TLS on K8S

Manual Unseal and Auto Unseal with GCP-CKMS — There are many tutorials and issue solutions about this topic but I still faced some errors like “bad certificate”, “signed by unknown CA” spilled out the container logs. Here is how I setup vault (helm chart) with HA and TLS enabled on K8S. To turn on TLS vault enpoint (127.0.0.1:8200)…

Vault

3 min read

Vault HA with TLS on K8S
Vault HA with TLS on K8S
Vault

3 min read


Nov 7, 2021

YugabyteDB Security

In this blog, I attempt to set up TLS for yugabytedb in a hard way. I hope this can clarify and help troubleshoot TLS issues. To simplify and focus on TLS, I first set up a minimum pre-requisites. Then I step through the client or/and server configurations to reach levels…

Yugabytedb

7 min read

YugabyteDB Security
YugabyteDB Security
Yugabytedb

7 min read

Yuwei Sung

Yuwei Sung

31 Followers

A data nerd started from data center field engineer to cloud database reliability engineer.

Following
  • Skylar Johnson

    Skylar Johnson

  • Sami Salih İbrahimbaş

    Sami Salih İbrahimbaş

  • Robert McKeon Aloe

    Robert McKeon Aloe

  • Apache Doris

    Apache Doris

  • Tim Spann

    Tim Spann

See all (55)

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech

Teams