Latest posts

A quick glance at Blazor WebAssembly
· โ˜• 12 min read

In 2018, ๐Ÿ‘ฟ Microsoft released its new framework, Blazor, which tease MVVM capabilities through component-oriented AJAX or WebAssembly application builds. 4 years later (and with many improvements & versions), what is the current state of Blazor?

In this article, I’ll share with you my experiences with Blazor WebAssembly, the pros, the cons, the whatnot.

TL;DR; If you’re not already a fluent ASP.NET developer, I’m not sure that you want to use it. If you are, then maybe Blazor might be an interesting choice.


CentOS8 Firewalld Tips
· โ˜• 1 min read
Tracking down requests denied by firewalld is an important plus to be both strict and precise about what to allow. This small copy-pasta might help you.

Scaling up
· โ˜• 3 min read
Your setup is running, everything runs smoothly, and suddenly, โ€ผ๏ธ nothing is responding: your cluster is overloaded. Well, I hope you’ll expand your cluster capacity before it happens. It’s always really bad and stressful to do maintenance because of downtime. Hopefully, here comes the real huge advantage of kubernetes: it is meant to scale, up, and down. So, assuming you have followed the full guide so far, let’s review together how to add some juice to our cluster โšก.

Quality Of Life improvements to kubernetes
· โ˜• 5 min read
Kubernetes is…. Quite a thing, to say the least ! ๐Ÿ˜… Even if their conceptors did a great job at making the kubectl cli as usable as possible, it can sometimes be a pain to be productive with it, read outputs, or do repetitive tasks. That’s why I wrote this small Quality of life improvements post: to regroup some install steps you might have missed, give you some useful 3rd party tools or maybe even give you tips a step ahead.

Protect monitoring with authentication
· โ˜• 2 min read
Now that we have our authentication service up and running, we can protect our dashboards installed in the step  06 - Monitoring: See what is going on using our Keycloak OpenID Connect provider. Here is a diagram on how authorization will be managed: Traefik dashboard TODO Kibana TODO Kube dashboard References   Protect Kubernetes Dashboard with OpenID Connect | by Hidetake Iwata | ITNEXT Again, we are going to set up a new instance of  louketo-proxy.

Administrate the cluster with authentication
· โ˜• 7 min read
Create the realm and the client References   engineering-notes/kubernetes-keycloak-integration.md at master ยท zufardhiyaulhaq/engineering-notes ยท GitHub 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 REALM_URL="https://keycloak.{{cluster.baseHostName}}/auth/realms/{{apiServer.realmName}}" # Log in TOKEN_RESPONSE="$(curl \ -d "grant_type=password" \ -d "client_id={{apiServer.clientId}}" \ -d "client_secret={{apiServer.clientSecret}}" \ -d "username=admin-user" \ -d "password=admin-user" \ $REALM_URL/protocol/openid-connect/token)" # Extract the access token ACCESS_TOKEN="$(echo "$TOKEN_RESPONSE" | jq '.

Setup cluster's authentication
· โ˜• 9 min read
Here is a graph of the RBAC setup we are going to implement: 1. Setup keycloak We’ll use keycloak to proxy our authentication for all monitors, using a single realm. You may use several realms in real-life situations. This is probably the tough part, and you may tweak heavily the following guide. Moreover, I may forgot to write some instructions, or somes are heavily linked to your very own setup.

Monitoring: See what is going on
· โ˜• 12 min read
Well, things are getting real and are on the point to become quite complex. So we’ll setup (super unsafe) dashboards to see what is going on easily. After all, we have nothing critical for now, but we might get troubles soon. And, don’t worry, we’ll make it safe just after that. 1. Traefik dashboard: monitoring routes The traefik dashboard will help us in the diagnostics of our ingress routes and traefik-related stuff.

Make things persistent
· โ˜• 5 min read
References   Persistent Volumes | Kubernetes   Dynamic Volume Provisioning | Kubernetes   Storage Classes | Kubernetes   Kubernetes Volumes explained | Persistent Volume, Persistent Volume Claim & Storage Class - YouTube As you may know, docker (and thus, kubernetes) does not persist anything by default. That means that everytime you restart a pod (container), it is in the exact same state as it was at its first execution, except for the mount points.

Make services reachable from the world
· โ˜• 4 min read
Now that you have a router installed, you have to pass requests on your server to it. This setup use a single entry point directly binding some ports on the host server. 1. Make a static and previsible configuration As you may have noticed in the step  Kickstart the cluster, the metallb configuration use only dynamic adresses. But for the reverse proxy to work, we’ll need to be sure that our traefik router has a constant IP in your VPN.

Setup the cluster's internal router
· โ˜• 8 min read
References   Add OpenAPI v3 schemas to CRDs by jrostand ยท Pull Request #157 ยท traefik/traefik-helm-chart ยท GitHub Start by creating traefik required resources. You can directly use resources from the  kubernetes/traefik templates: it does not contain variables. Those are taken from  traefik docs mixed up with  this PR for kubernetes 1.19 support and schemas. Please look forward for  this issue in traefik about official v1.

Kickstart the cluster
· โ˜• 7 min read
Create the cluster config file References   kubernetes - kubeadm init --apiserver-advertise-address flag equivalent in config file - Stack Overflow We are now going to configure the cluster. For the sake of traceability, this configuration won’t be done via CLI flags, but via  a configuration file. The path of the cluster config file will later be referenced as the {{cluster.configFile}}, and should be inside /etc/kubernetes.

Setup the cluster's Audit Log
· โ˜• 6 min read
References   https://docs.kublr.com/logging/logging-api-audit/   Logging in Kubernetes with Elasticsearch, Kibana, and Fluentd   Auditing | Kubernetes Note : Even if this part is not required, you should not ignore it on dev environment and should really really REALLY not skip it for production. In fact, it can contain useful debug informations and security traces to see what is going on in your kubernetes cluster, and even on your whole server(s).