navigation

Welcome to YAUB - Yet Another Useless Blog

The articles in this blog shall help to easily tests and understand specific issues so they can be reproduced and tested on local environments.

You can find the most recent posts on this site or walk through the different categories via the left navigation.

Recent Posts

Advanced Cluster Security - Authentication

Author: Thomas Jungbauer Published: 2021-12-11 ( Lastmod: 2021-12-13 )

Red Hat Advanced Cluster Security (RHACS) Central is installed with one administrator user by default. Typically, customers request an integration with existing Identity Provider(s) (IDP). RHACS offers different options for such integration. In this article 2 IDPs will be configured as an example. First OpenShift Auth and second Red Hat Single Sign On (RHSSO) based on Keycloak

Read More

Ansible Style Guide

Author: Thomas Jungbauer Published: 2021-11-30 ( Lastmod: 2021-12-03 )

You should always follow the Best Practices and Ansible Lint rules defined by the Ansible documentation when developing playbooks.

Although very basic, the Best Practices document gives a few guidelines to be able to carry out well-structured playbooks and roles, it contains recommendations that evolve with the project, so it is recommended to review it regularly. It is advisable to review the organization of content in Ansible.

The Ansible Lint documentation shows us through this tool the syntax rules that will be checked in the testing of roles and playbooks, the rules that will be checked are indicated in this document in their respective section.

Read More

Stumbling into Azure Part II: Setting up a private ARO cluster

Author: Toni Schmidbauer Published: 2021-10-29 ( Lastmod: 2021-11-16 )
In Part I of our blog post we covered setting up required resources in Azure. Now we are finally going to set up a private cluster. Private As review from Part I here is our planned setup, this time including the ARO cluster. Azure Setup The diagram below depicts our planned setup: On the right hand side can see the resources required for our lab: a virtual network (vnet 192.
Read More

Automation Controller and LDAP Authentication

Author: Thomas Jungbauer Published: 2021-10-25 ( Lastmod: 2022-03-22 )

The following article shall quickly, without huge background information, deploy an Identity Management Server (based on FreeIPA) and connect this IDM to an existing Automation Controller so authentication can be tested and verified based on LDAP.

Read More

Stumbling into Azure Part I: Building a site-to-site VPN tunnel for testing

Author: Toni Schmidbauer Published: 2021-10-16 ( Lastmod: 2021-12-08 )
So we want to play with ARO (Azure Red Hat OpenShift) private clusters. A private cluster is not reachable from the internet (surprise) and is only reachable via a VPN tunnel from other networks. This blog post describes how we created a site-to-site VPN between a Hetzner dedicated server running multiple VM's via libvirt and Azure. An upcoming blog post is going to cover the setup of the private ARO cluster.
Read More

Stumbling into Quay: Upgrading from 3.3 to 3.4 with the quay-operator

Author: Toni Schmidbauer Published: 2021-10-16 ( Lastmod: 2021-10-16 )
We had the task of answering various questions related to upgrading Red Hat Quay 3.3 to 3.4 and to 3.5 with the help of the quay-operator. Thankfully (sic!) everything changed in regards to the Quay operator between Quay 3.3 and Quay 3.4. So this is a brain dump of the things to consider. Operator changes With Quay 3.4 the operator was completely reworked and it basically changed from opinionated to very opinionated.
Read More

Secure your secrets with Sealed Secrets

Author: Thomas Jungbauer Published: 2021-09-25 ( Lastmod: 2021-09-25 )

Working with a GitOps approach is a good way to keep all configurations and settings versioned and in sync on Git. Sensitive data, such as passwords to a database connection, will quickly come around. Obviously, it is not a idea to store clear text strings in a, maybe even public, Git repository. Therefore, all sensitive information should be stored in a secret object. The problem with secrets in Kubernetes is that they are actually not encrypted. Instead, strings are base64 encoded which can be decoded as well. Thats not good …​ it should not be possible to decrypt secured data. Sealed Secret will help here…​

Read More

Introduction

Author: Thomas Jungbauer Published: 2021-08-26 ( Lastmod: 2021-09-03 )

Pod scheduling is an internal process that determines placement of new pods onto nodes within the cluster. It is probably one of the most important tasks for a Day-2 scenario and should be considered at a very early stage for a new cluster. OpenShift/Kubernetes is already shipped with a default scheduler which schedules pods as they get created accross the cluster, without any manual steps.

However, there are scenarios where a more advanced approach is required, like for example using a specifc group of nodes for dedicated workload or make sure that certain applications do not run on the same nodes. Kubernetes provides different options:

  • Controlling placement with node selectors

  • Controlling placement with pod/node affinity/anti-affinity rules

  • Controlling placement with taints and tolerations

  • Controlling placement with topology spread constraints

This series will try to go into the detail of the different options and explains in simple examples how to work with pod placement rules. It is not a replacement for any official documentation, so always check out Kubernetes and or OpenShift documentations.

Read More

Copyright © 2020 - 2023 Toni Schmidbauer & Thomas Jungbauer

Built with Hugo Learn Theme and Hugo