-
Renew Certificates Used in Kubeadm Kubernetes Cluster
It’s been more than a year since I built my Kubernetes cluster with some Raspberry PIs. There was a few times that I need to power down everything to let electricians do their work and the cluster came back online and seemed to be Ok afterwards, given that I didn’t shutdown the PIs properly at…
-
Use Fluentd and Elasticsearch to Analyse Squid Proxy Traffic
TL;DR This is a quick guide to set up Fluentd + Elasticsearch integration to analyse Squid Proxy traffic. In the example below Fluentd td-agent is installed in the same host as Squid Proxy and Elasticsearch is installed in the other host. The OS is Ubuntu 20.04. Useful links:– Fluentd installation: https://docs.fluentd.org/installation/install-by-deb– Elasticsearch installation: https://www.elastic.co/guide/en/elasticsearch/reference/current/deb.html The…
-
Use Variables in Kustomize
Variables in Kustomize are handy helpers from time to time, with these variables I can link some settings together which should share the same value all the time. Without variable I probably need to use some template engine like Jinja2 to do the same trick. Some examples here. In my case, there’s a bug in…
-
5G + Public IP with OpenVPN
I’ve done a proof of concept with SSH tunneling to add a public IP to my 5G home broadband connection, it works for my garage-hosted blogs but it’s not a complete solution. Since I still have free credit in my personal Google Cloud account, I decided to make an improvement with OpenVPN. The diagram looks…
-
5G is Fast but There’s No Public IP
I’m super happy that I can finally have a broadband that does have a broad bandwidth. However like all other cellular services the 5G gateway has a private IP as its external IP, ie. everything I got is behind huge NAT servers of Optus and they will not open any port just for me. The…
-
5G Is Fast! Bye Bye NBN
A few months ago I knew Optus was rolling out the shiny 5G services but to my surprise it’s available in my suburb already. It took NBN years. It’s a tough time at the moment as everyone is ordered to stay home, but it’s a perfect time to upgrade my home broadband and without paying…
-
Using Sealed Secrets in a Raspberry Pi Kubernetes Cluster
Sealed Secrets is a bitnami Kubernetes operator aimed to one-way encrypt secrets into sealed secrets so that they can be safely checked-in into GitHub or other VCS. It’s rather easy to install and use Sealed Secrets in a Kubernetes cluster on AMD64 architecture, but not so on my Raspberry Pi cluster. First, the container image…
-
Customize the Kustomize for Kubernetes CRDs
I’ve introduced Kustomize in this earlier post, now I feel even happier because Kustomize can be even more customized for some CRDs(Custom Resource Definition). For instance, Kustomize doesn’t know how to handle Istio’s VirtualService object, but with some simple YAML style configurations it ‘learns’ to handle that easily. So in name-reference.yaml, kustomize will learn the…