Category: Opensource

  • Kubernetes Jobs and Istio

    Note: the Job in the title refers to the Job resource in a Kubernetes cluster. At the time the Istio sidecar doesn’t play well with a Job or a Cronjob, because the istio-proxy might not be ready when the Job starts (which causes connection issues for the job) and won’t exit after the job finishes…

  • Use Variables with Kustomize, Part 2

    I was looking at the Kustomize variable trick I did a year ago and I think I’ve learned some new tricks worth noting down. Variables are very handy most of the times, here’s a pattern to define a variable to be used in Kustomize templates and set its value via annotations. There you have it:…

  • Automate SSL/TLS Certificates for Kubernetes and Istio with Cert Manager

    It’s been a lot easier nowadays to turn on full site SSL/TLS encryption with an ACME issuer such as the popular non-profit Let’s Encrypt which I’ve started using it a few months ago. However the free certificates from Let’s Encrypt are only valid for 90 days and I have been notified to renew them already.…

  • TLS Full Site Encryption with Istio and Let’s Encrypt

    These are steps to easily install TLS certs to a Kubernetes cluster with Istio service mesh as ingress controller, provided by Let’s Encrypt‘s awesome certbot. Installation of the certbot (on Ubuntu Linux 20.04LTS) The certbot can be install via snap on Ubuntu Linux By default certbot needs to write to system directories which I thought…

  • A Kubernetes ClusterSecret

    No, at this moment ClusterSecret, unlike ClusterRole, doesn’t officially exist in any version of Kubernetes yet. I’ve seen some discussion like this, so looks like it will be a while to have a ClusterSecret. But why do I need a ClusterSecret in the first place? The reason is very simple: To be DRY. Imagine I…

  • Renew Certificates Used in Kubeadm Kubernetes Cluster

    It’s been more than a year since I built my Kubernetes cluster with some Raspberry PIs. There was a few times that I need to power down everything to let electricians do their work and the cluster came back online and seemed to be Ok afterwards, given that I didn’t shutdown the PIs properly at…

  • Use Variables in Kustomize

    Variables in Kustomize are handy helpers from time to time, with these variables I can link some settings together which should share the same value all the time. Without variable I probably need to use some template engine like Jinja2 to do the same trick. Some examples here. In my case, there’s a bug in…

  • 5G + Public IP with OpenVPN

    I’ve done a proof of concept with SSH tunneling to add a public IP to my 5G home broadband connection, it works for my garage-hosted blogs but it’s not a complete solution. Since I still have free credit in my personal Google Cloud account, I decided to make an improvement with OpenVPN. The diagram looks…