Though the underlying CoreOS of OpenShift nodes is immutable with the careful consideration of security settings, sometime for a more stringent environment, an extra layer of protection is required. Let’s further tighten the network security with iptable based host firewall in the CoreOS. The Requirement I have the following cluster consists of…

IBM API Connect has a wide range of deployment option, including OVA on VMWare, OpenShift and plain Kubernenets. K3s as a fully compatiable certified light-weight Kubernetest distribution is the perfect candidate for testing and exploration purpose. Let’s install the API Connect on to K3s. Base Host VM Setup We will host the K3s cluster…

One of the biggest benefit of Kubernetes is that you can build some once difficult infra services quickly, and disposable for testing purpose. Let’s create a rsyslog service on OpenShift. Create Rsyslog Container Image Create the following Dockerfile, FROM ubuntu RUN apt-get update && apt-get install -y rsyslog && mkdir -p /logs COPY rsyslog.conf /rsyslog.conf ENTRYPOINT ["rsyslogd"…

Running OpenLDAP on Kubernetes — Often we need to have a LDAP service integrated with the application. Let’s build the LDAP service running on Kubernetes/OpenShift. This paper covers the following topics A. OpenLDAP on Kubernetes B. Build LDAP OU structures C. Assigning proper access control to binding user A. OpenLDAP on Kubernetes There is an OpenLDAP helm chart but…

ChatGPT is super hot. Let me record of my three interactions with ChatGPT also. 1. How to Show Whitespaces in Neovim Search google, most result are just about vim. While when ask ChatGPT, in neovim, how to show whitespaces ChatGPT really impressed me with below.

I am deploying an Operator based product onto the OpenShift cluster, however the reconciling error message of the operator gives me, DNS Error: Server Misbehaving. Please check DNS Settings. Sure enough, the DNS server is having problem. But it worth a study on how the DNS system works in the…

Sometimes routing on a reverse proxy based on SNI (server name indication) may not be enough, a layer 7 routing based on the URL path is required. Let’s explore the URL mapping with Traefik. Testing Application We have the following https server that listens on a different port with a different http…

You build your application container image on a Linux server, push it over to the Github registry. On your new Apple silicon M1 laptop, you run the image, but received the following warning error message. podman run -it -d ghcr.io/zhiminwen/niceapp:v1.0 WARNING: image platform ({amd64 linux [] }) does not match…

Log is an important part for debugging. Troubleshooting and debugging of a concurrent program is difficult. In Golang, this getting even worse as officially the Goroutine’s id is not exposed for access. But its kind of well known and spread out that the goroutine id can be obtained using some…