-
Summing it up! Setting up a web site in 10 minutes.
During the previous months, I have created a lot of infrastructure in Kubernetes. This is stuff that just makes things work if I just configure things correctly. So, I thought I should just go and deploy a simple service, Supermario, that lives on https://github.com/GuopingJia/k8s-games/tree/main/super-mario I like to run a all my things in a namespace,…
-
Kubernetes for beginners: Storage
After my blog post about Kubernetes for geeks: Creating your own Kubernetes Operator, it is time for a lighter and more basic topic: storage. My beginner series wouldn’t be complete without it, so here goes! Kubernetes is made for a lot of various environments: cloud, self-hosted, distributed and not-too-distributed. You need to be able to…
-
Kubernetes for geeks: Creating your own Kubernetes Operator
,As I promised in Kubernetes tip of the day – external-dns, here is the writeup of my automations of firewall openings. As the methods of configuration, and features of, firewalls are more varied than DNS, I quickly realized that this needed to be something built explicitly for Unifi. I had a brief look at The…
-
BGP part three – eBGP between a VPS and on-prem
In my last blog post, I described setting up a VPN tunnel between my home network and the VPS. This is thus the prerequisites for this post, I have a working VPN connection with point-to-point-connections You also need to make sure that firewall rules doesn’t block the traffic, in particular we need port 179 for…
-
BGP part two – A VPN connection to the cloud.
As promised in my last blog post, here is part two of my BGP series. I’ve decided to split it into two, one covering the VPN, and another one covering the BGP end of it. So this one isn’t actually about BGP, it is about IPSEC. I am running services at home – but that…
-
My Unifi Gateway just learned to do BGP!
…and I was like a kid on christmas eve! Just couldn’t want to get my hands on it to play. BGP is a much used routing protocol on internet. A routing protocol is basically when network components starts talking to each others, announcing «hey, I know how to reach 192.168.250.16! And the other router will…
-
Kubernetes at Home: Internal and external services
Disclaimer: Separating at a hardware level will always be better. But my home lab consists of exactly one server, so I focus on what I can do in software in Kubernetes. So far, I have configured all my services to be exposed to the internet, no matter if they are for external or internal consumption.…
-
Kubernetes@Home – what do you do if your ISP changes your IP addresses?
In my last blog post I described external-DNS, which is a way to have Kubernetes create and update DNS entries for its services. But as I mentioned, it got me thinking a bit on ways to extend this concept to handle other external aspects of my Kubernetes environment. My ISP is in total control over…
-
Kubernetes tip of the day – external-dns
Having set up a number of services, and making sure everyone of them gets their own IPv6 address, there’s a whole lot of DNS records pointing to services running in Kubernetes. Today, I found a gem: external-dns. This service basically monitors my infrastructure for annotations that tells it to create a DNS record for it.…
-
Kubernetes Security 101
While getting stuff to just work is fun, I decided I couldn’t set up a cluster without at least giving some thought to security. Here’s my small attempt at a nominally useful security strategy. By default, anything is allowed in Kubernetes. No, noone is stopping you. If you are on the node or in the…