Curl is commonly known as its capability dealing with HTTP and HTTPS services. But in fact it has a wide range of protocol that are supported. This make it a perfect tool for testing in some of the restricted environment where other tool could not be easily obtained. …

I need to validate if the TLS cipher exposed by the application is secure. I therefore created two versions of the scanner, one is sequential Openssl based, the other one is parallel version implemented with Golang. Sequential Version with Openssl This webpage provides a nice base to use openssl s_client to walk through the…

Though the underlying CoreOS of OpenShift nodes is immutable with the careful consideration of security settings, sometime for a more stringent environment, an extra layer of protection is required. Let’s further tighten the network security with iptable based host firewall in the CoreOS. The Requirement I have the following cluster consists of…

IBM API Connect has a wide range of deployment option, including OVA on VMWare, OpenShift and plain Kubernenets. K3s as a fully compatiable certified light-weight Kubernetest distribution is the perfect candidate for testing and exploration purpose. Let’s install the API Connect on to K3s. Base Host VM Setup We will host the K3s cluster…

One of the biggest benefit of Kubernetes is that you can build some once difficult infra services quickly, and disposable for testing purpose. Let’s create a rsyslog service on OpenShift. Create Rsyslog Container Image Create the following Dockerfile, FROM ubuntu RUN apt-get update && apt-get install -y rsyslog && mkdir -p /logs COPY rsyslog.conf /rsyslog.conf ENTRYPOINT ["rsyslogd"…

Running OpenLDAP on Kubernetes — Often we need to have a LDAP service integrated with the application. Let’s build the LDAP service running on Kubernetes/OpenShift. This paper covers the following topics A. OpenLDAP on Kubernetes B. Build LDAP OU structures C. Assigning proper access control to binding user A. OpenLDAP on Kubernetes There is an OpenLDAP helm chart but…

ChatGPT is super hot. Let me record of my three interactions with ChatGPT also. 1. How to Show Whitespaces in Neovim Search google, most result are just about vim. While when ask ChatGPT, in neovim, how to show whitespaces ChatGPT really impressed me with below.

I am deploying an Operator based product onto the OpenShift cluster, however the reconciling error message of the operator gives me, DNS Error: Server Misbehaving. Please check DNS Settings. Sure enough, the DNS server is having problem. But it worth a study on how the DNS system works in the…

Sometimes routing on a reverse proxy based on SNI (server name indication) may not be enough, a layer 7 routing based on the URL path is required. Let’s explore the URL mapping with Traefik. Testing Application We have the following https server that listens on a different port with a different http…