Tag Cloud
Currently Reading
Latest Book Reviews
- Rancher Deep Dive Posted on March 31, 2023
- Leveraging Kustomize for Kubernetes Manifests Posted on March 24, 2023
- Automating Workflows with GitHub Actions Posted on October 13, 2022
- Deep-Dive Terraform on Azure Posted on August 30, 2022
- Effective DevOps Posted on January 5, 2022 All Book Reviews
Latest Posts
- Kubestronaut Journey Part 2: Certified Kubernetes Application Developer (CKAD) Posted on January 5, 2025
- Kubestronaut Journey Part 1: Kubernetes and Cloud Native Associate (KCNA) Posted on December 28, 2024
- Simple Bash KVM Virtual Machine Startup and Shutdown Script Posted on December 14, 2024
- Deploying Keycloak Identity Provider (IdP) for secure Rancher User Authentication Part 1 Posted on December 12, 2024
- Let's Encrypt Posted on December 10, 2024
January 5, 2025
Kubestronaut Journey Part 2: Certified Kubernetes Application Developer (CKAD)
by Alpha01
In my continuation of becoming a Kubestronaut, I took the Certified Kubernetes Application Developer (CKAD) exam. Unlike the Kubernetes and Cloud Native Associate (KCNA) which is a question and answer exam, this exam is a hands on lab performance test (which personally I prefer). However this time around, their was one massive self-inflected gotcha that made this exam more difficult that it should’ve been. I opted to use my 13-inch 2021 M1 MacBook Pro for the exam. This made it extremely difficult to use the exam application due to the limited space of the remote workstation we have work in to do the respective exam assignments. Right from the very start I became very agitated on the screen real estate that I had access too. I wasn’t able to easily switch between the Kubernetes documentation and the remote shell sessions. So I ended just using the built-in kubectl explain
command line documentation for guidance. This worked well, except that I took way longer looking up information up to the point where I almost ran out of time and had to rush through the last 5 questions fearing that I wasn’t able going to finish the exam in time and fail due to not being able to answer the question! That’s about 1/3 of the entire exam!
Difficult Level
The questions ranged from really easy, to more mid-level and advanced (albeit simple) questions. The questions were straight forward. I practically used the same study material that I used when I first originally took the test on January 2022. Which was the Udemy Kubernetes Certified Application Developer (CKAD) with Tests course as well as the newly release O’Reilly Certified Kubernetes Application Developer (CKAD) Prep Course and it’s companion book Certified Kubernetes Application Developer (CKAD) Study Guide, 2nd Edition for good measure.
Although I’m disappointed at myself on the final score, I was able to pass the exam with a score of 71/100. Not the score that I wanted, but given that I didn’t relied on using Kubernetes Documentation, I’m content. Next on my list will be completing (recertifying) the Certified Kubernetes Administrator.
Needless to say, for my next exam I’ll be connection my laptop to an external 27 display!
Study Resources
- Udemy Kubernetes Certified Application Developer (CKAD) with Tests
- O’Reilly Certified Kubernetes Application Developer (CKAD) Prep Course
- Certified Kubernetes Application Developer (CKAD) Study Guide, 2nd Edition
kubernetes
kubestronaut
]
December 28, 2024
Kubestronaut Journey Part 1: Kubernetes and Cloud Native Associate (KCNA)
by Alpha01
It’s been almost three years since I’ve obtained the Certified Kubernetes Application Developer (CKAD) and Certified Kubernetes Administrator (CKA) certifications. I was originally planning on recertifying these two Kubernetes certifications, however while at KubeCon last month, I was exited to learn about the Kubestronaut Program, which is a recognition to Kubernetes professionals that pass all five Kubernetes certifications. So I decided to accept the challenge and not only recertify my existing two certifications, but also take and pass the remaining three other certifications Kubernetes and Cloud Native Associate (KCNA), Cloud Native Security Associate (KCSA), and Certified Kubernetes Security Specialist (CKS) so I can become a “Kubestronaut”.
For my first exam on this journey, I’ve decided to start with the Kubernetes and Cloud Native Associate, which is the easiest of them all. To prepare for the exam, I used the Udemy Kubernetes Certified (KCNA) + Hands On Labs + Practice Exams course (8 hours) and the O’Reilly Kubernetes and Cloud Native Associate (KCNA) course (5 hours).
Difficult Level
Low, this was a very easy exam. I think anyone with moderate Kubernetes knowledge, can just use the Udemy Kubernetes Certified (KCNA) + Hands On Labs + Practice Exams course as their only study material can pass this exam. Thus said, this is also assuming that the candidate has also basic high-level knowledge of cloud and cloud native technologies. I’m pretty confident that I could’ve taken this exam without going through any of the mention study courses and I still would’ve easily passed it. However since this is meant to prepare myself for the more challenging exams, I’m still glad I study for this exam. I even learned new stuff along the way which is the main point of this entire journey!
I was able to successfully pass this exam with a score of 95/100. Next on my list will be completing (recertifying) the Certified Kubernetes Application Developer.
Study Resources
- Udemy Kubernetes Certified (KCNA) + Hands On Labs + Practice Exams
- O’Reilly Kubernetes and Cloud Native Associate (KCNA)
kubernetes
kubestronaut
]
December 14, 2024
Simple Bash KVM Virtual Machine Startup and Shutdown Script
by Alpha01
Given that I don’t want my Intel NUC homelab mini pc to sound like a jet engine all day. I wrote a simple bash script that would automatically startup and shutdown my kubernetes VMs easily each day. The script is cron friendly and it works like a charm.
# Start VMs
./rancher.sh start
# Stop (non-gracefully, use virsh shutdown instead)
./rancher.sh destroy
#!/bin/bash
# set -x
VMS="rancher rke2"
action=$1
if [ -z $action ]; then
echo "No action passed"
exit 1
elif [[ "$action" != "destroy" && "$action" != "start" ]]; then
echo "Unsupported action: $action"
exit 1
else
echo "Doing $action"
fi
function vm () {
vm=$1
current_vm_state=""
tmp=$(virsh list --all | grep " $vm " | awk '{ print $3}')
if ([ "x$tmp" == "x" ] || [ "x$tmp" != "xrunning" ])
then
echo "$vm does not exist or is shutdown!"
current_vm_state="destroy"
else
echo "$vm is running!"
current_vm_state="start"
fi
if [ "$action" != "$current_vm_state" ]; then
virsh $action $vm
fi
}
for vm in $VMS; do
vm "$vm"
done
bash
rancher
kubernetes
]
December 12, 2024
Deploying Keycloak Identity Provider (IdP) for secure Rancher User Authentication Part 1
by Alpha01
No words can explain the constant headaches I’ve gotten throughout my career when working with LDAP in the Unix/Linux world. While I’ve had plenty of experience working with it in the past (https://www.rubysecurity.org/tag/ldap), it’s certainly not the easiest or pleasant thing to work with. So I’m glad to see new (to me at least) Identity Provider (IdP) tools like Keycloak that can help us manage user identities, authentication, and access control across applications and systems in a much easier fashion. But more importantly supporting integrations with authentication mechanisms like OpenID Connect (OIDC), OAuth2, SAML to name a few.
Environment Setup
To get up and running quickly, I opted to deploy Keycloak on a Ubuntu 24.04 VM instead of the container/kubernetes approach.
1). Install required packages.
apt install openjdk-21-jre unzip
2). Download and extract keycloak.
cd /opt
wget https://github.com/keycloak/keycloak/releases/download/26.0.5/keycloak-26.0.5.zip
unzip keycloak-26.0.5.zip
ln -s keycloak-26.0.5 keycloak
3). Setup SSL certificates. At this stage, I had manually issued an Let’s Encrypt SSL certificate for sso.rubyninja.org
for Keycloak. and copied it over to /opt/keycloak/conf/certs
4). Update the following settings on /opt/keycloak/conf/keycloak.conf
.
# Hostname for the Keycloak server.
hostname=sso.rubyninja.org
# The file path to a private key in PEM format.
https-certificate-key-file=/opt/keycloak/conf/certs/MYKEY.key
# The file path to a server certificate or certificate chain in PEM format.
https-certificate-file=/opt/keycloak/conf/certs/MYCERT.crt
5). Create initial bootstrap admin username/password
/opt/keycloak/bin/kc.sh bootstrap-admin user
Enter username [temp-admin]:temp-admin
Enter password:
Enter password again:
5). Start up the application
screen -dm /opt/keycloak/bin/kc.sh start --verbose
After login in with the temp-admin account, I had to manually create a separate admin user.
By no means this is a production ready setup, but for a homelab environment for testing, this setup is more than sufficient for me.
Resources
Tags: [kubernetes
rancher
keycloak
security
]
December 10, 2024
Let's Encrypt
by Alpha01
I’ve been using Let’s Encrypt for years, and it came to me that I’ve hardly ever really mentioned this awesome service at all! Let’s Encrypt is awesome, plain and simple. I use to throughout my homelab to setup and configure secure access.
Using this awesome is really straight forward. I use the acme.sh script for all ssh requests. The acme.sh script is simple and works beautifully.
Setup
I use the git repository setup method.
git clone https://github.com/acmesh-official/acme.sh.git
cd ./acme.sh
./acme.sh --install -m [email protected]
The setup process will create a ~/.acme.sh
configuration environment that the script will use to save your Let’s Encrypt issued certificates in.
I use the Automatic DNS API integration approach to verify and issue certificates. For this to work with Cloudflare, I simply just needed to create an API key and export the following two variables.
export CF_Key="EXAMPLEKEY"
export CF_Email="[email protected]"
Afterwards, it’s just a matter of using the acme.sh script.
For example:
./acme.sh --issue --dns dns_cf -d rubyninja.org -d *.antoniobaltazar.com -d *.rubyninja.org -d *.k8s.rubyninja.org -d *.rubysecurity.org
The really cool thing is that the script is smart enough to save the environments under ~/.acme.sh/account.conf
for future use (certs are valid for 90 days). In addition it supports wildcards certificates, as well as it being cron friendly!
Resources
- https://github.com/acmesh-official/acme.sh
- https://github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_cf
- https://developers.cloudflare.com/fundamentals/api/get-started/create-token/
letsencrypt
security
]