Articles by Toni Schmidbauer
A second look into the Kubernetes Gateway API on OpenShift
Toni Schmidbauer
This is our second look into the Kubernetes Gateway API an it’s integration into OpenShift. This post covers TLS configuration.
The Kubernetes Gateway API is new implementation of the ingress, load balancing and service mesh API’s. See upstream for more information.
Also the OpenShift documentation provides an overview of the Gateway API and it’s integration.
We demonstrate how to add TLS to our Nginx deployment, how to implement a shared Gateway and finally how to implement HTTP to HTTPS redirection with the Gateway API. Furthermore we cover how HTTPRoute objects attach to Gateways and dive into ordering of HTTPRoute objects.
A first look into the Kubernetes Gateway API on OpenShift
This blog post summarizes our first look into the Kubernetes Gateway API and how it is integrated in OpenShift.
Running Falco on OpenShift 4.12
As mentioned in our previous post about Falco, Falco is a security tool to monitor kernel events like system calls or Kubernetes audit logs to provide real-time alerts.
In this post I'll show to customize Falco for a specific use case. We would like to monitor the following events:
- An interactive shell is opened in a container
- Log all commands executed in an interactive shell in a container
- Log read and writes to files within an interactive shell inside a container
- Log commands execute via `kubectl/oc exec` which leverage the
pod/execK8s endpoint
Setting up Falco on OpenShift 4.12
Falco is a security tool to monitor kernel events like system calls to provide real-time alerts. In this post I'll document the steps taken to get Open Source Falco running on an OpenShift 4.12 cluster.
UPDATE: Use the falco-driver-loader-legacy image for OpenShift 4.12 deployments.
How to force a MachineConfig rollout
While playing around with Falco (worth another post) I had to force a MachineConfig update even so the actual configuration of the machine did not change.
This posts documents the steps taken.
Overview of Red Hat's Multi Cloud Gateway (Noobaa)
This is my personal summary of experimenting with Red Hat's Multi Cloud Gateway (MCG) based on the upstream Noobaa project. MCG is part of Red Hat's OpenShift Data Foundation (ODF). ODF bundles the upstream projects Ceph and Noobaa.
Overview
Noobaa, or the Multicloud Gateway (MCG), is a S3 based data federation tool. It allows you to use S3 backends from various sources and
- sync
- replicate
- or simply use existing
S3 buckets. Currently the following sources, or backing stores are supported:
Adventures in Java Land: JPA disconnected entities
An old man tries to refresh his Java skills and does DO378. He fails spectacularly at the first real example but learns a lot on the way.
The exception
There is this basic example where you build a minimal REST API for
storing speaker data in a database. Quarkus makes this quite easy. You
just have to define your database connection properties in
resources/application.properties and off you go developing your Java
Quarkus REST service:
Stumbling into Azure Part II: Setting up a private ARO cluster
In Part I of our blog post we covered setting up required resources in Azure. Now we are finally going to set up a private cluster. Private
As review from Part I here is our planned setup, this time including the ARO cluster.
Azure Setup
The diagram below depicts our planned setup:
On the right hand side can see the resources required for our lab:
- a virtual network (vnet 192.168.128.0/19). This vnet will be split into 3 separate subnets
- a master subnet (192.168.129.0/24) holding the ARO control plane nodes
- a node subnet (192.168.130.0/24) holding ARO worker nodes
- and finally a subnet call
GatewaySubnetwhere we are going to deploy our Azure VPN gateway (called avnet-gateway)The subnet where the Azure VPN gateway is located needs to have the name
GatewaySubnet. Otherwise creating the Azure VPN gateway will fail.Read More ...Copyright © 2020 - 2025 Toni Schmidbauer & Thomas Jungbauer