Category: Systems Admin

  • 5G + Public IP with OpenVPN

    I’ve done a proof of concept with SSH tunneling to add a public IP to my 5G home broadband connection, it works for my garage-hosted blogs but it’s not a complete solution. Since I still have free credit in my personal Google Cloud account, I decided to make an improvement with OpenVPN. The diagram looks…

  • 5G is Fast but There’s No Public IP

    I’m super happy that I can finally have a broadband that does have a broad bandwidth. However like all other cellular services the 5G gateway has a private IP as its external IP, ie. everything I got is behind huge NAT servers of Optus and they will not open any port just for me. The…

  • Using Sealed Secrets in a Raspberry Pi Kubernetes Cluster

    Sealed Secrets is a bitnami Kubernetes operator aimed to one-way encrypt secrets into sealed secrets so that they can be safely checked-in into GitHub or other VCS. It’s rather easy to install and use Sealed Secrets in a Kubernetes cluster on AMD64 architecture, but not so on my Raspberry Pi cluster. First, the container image…

  • Customize the Kustomize for Kubernetes CRDs

    I’ve introduced Kustomize in this earlier post, now I feel even happier because Kustomize can be even more customized for some CRDs(Custom Resource Definition). For instance, Kustomize doesn’t know how to handle Istio’s VirtualService object, but with some simple YAML style configurations it ‘learns’ to handle that easily. So in name-reference.yaml, kustomize will learn the…

  • Use fzf to Supercharge Your kubectl Command

    First let’s have a look at fzf, a super fast command line fuzzy finder. It’s mostly written in golang and there are so many ways to use it. In this note, I’ll just use it to select a value from a list in a terminal and then return it to next command. When working with…

  • Deploying WordPress to Kubernetes with Kustomize

    I’ve just migrated this blog site itself into the kubernetes cluster I built with Raspberry Pi 4s, and this post is about the steps and approach I used to achieve this goal. Yes, what you have been reading is served by 1 of the Raspberry Pi boards. First of all, a bit introduction on kustomize:…

  • Kubernetes at Home on Raspberry Pi 4, Part 3

    Continue from part 2, this is mostly about installing ingress controller. In short, an ingress controller is like a single entry point for all ingress connections into the cluster. The reason I chose Flannel over other CNIs is that it’s lightweight and not bloated with features. I would like to keep the Pi 4s easy…

  • Kubernetes at Home on Raspberry Pi 4, Part 2

    Continue from part 1 It’s recommended to change all Pi’s password also run ssh-copy-id [email protected] to enable SSH public key login. There are lots of steps to prepare before kubeadm is installed, so I made this ansible repository to simplify this repeating process. Please see here. The ansible role will do the following tasks: set…