INT 21h

Hi, I am Vladimir Smagin, SysAdmin and Kaptain. Telegram Email / GIT / RSS / GPG

Vaultwarden fast start in Kubernetes

№ 11409. В разделе " Sysadmin " от November 2nd, 2021

В подшивках: ,

HashiCorp Vault fast start in Kubernetes

№ 11404. В разделе " Sysadmin " от November 2nd, 2021

В подшивках: , ,

Secure container registry in microk8s

№ 11332 В разделе "Sysadmin" от August 27th, 2021,
В подшивках: ,

Microk8s includes docker registry feature but absolutely not secure, just for local developers use.

So remove old service “registry” (NodePort) and create new one:

apiVersion: v1
kind: Service
  name: registry-external
  namespace: container-registry
    app: registry
  - port: 5000
    name: registry
    protocol: TCP
    targetPort: registry
    app: registry
  type: ClusterIP

New service points to the same place but not opens port 32000.

Now create secret, do not change filename, its important:

htpasswd -bc auth kubernetes PruedAtshyohuciabIdcav
kubectl create secret generic basic-auth --from-file=auth --dry-run -o yaml

Good! Add new secret to your kube.

apiVersion: v1
  auth: a3ViZXJuZXRlczokYXByMSRHQXNKamVGbiRzWFNDSVNxOGwuYVlwTkhTajlpQ2EuCg==
kind: Secret
  creationTimestamp: null
  name: basic-auth

And now create ingress resource with basic auth pointed to new secret

apiVersion: extensions/v1beta1
kind: Ingress
  annotations: letsencrypt-http01 nginx "0" "600" "600" basic basic-auth 'Authentication Required'
  name: registry
  namespace: container-registry
  - host:
      - backend:
          serviceName: registry-external
          servicePort: registry
        path: /
  - hosts:
    secretName: tls-registry-k8s-huy-net

You did it!

Нет комментариев »

Add additional cluster domain for microk8s

№ 11327 В разделе "Sysadmin" от August 19th, 2021,
В подшивках:

Open /var/snap/microk8s/current/certs/csr.conf.template and add:

[ alt_names ]
DNS.1 = kubernetes
DNS.2 = kubernetes.default
DNS.3 = kubernetes.default.svc
DNS.4 = kubernetes.default.svc.cluster
DNS.5 = kubernetes.default.svc.cluster.local
DNS.6 =
DNS.7 =
IP.1 =
IP.2 =
IP.3 =
IP.4 =

Now refresh certificates with command microk8s.refresh-certs

Нет комментариев »

Kubernetes: kubectl 1.22 and helm 3.5 for windows 32 bit

№ 11273 В разделе "Sysadmin" от April 26th, 2021,
В подшивках: ,

My small notebook cant run 64 bit software so I builded 32 versions of kubectl and helm.

Download kube-windows-32b-apps.rar

Нет комментариев »


Fortune cookie: It is a sad commentary on today's society that this fortune has to be classified as "offensive" simply because it contains the word "fuck".