![]() ![]()
#Bitnami owncloud enable https on local network passwordNextCloud and Keycloak use Vault Operator to inject a randomly generated database password so that each service could connect to its backend database. Vault Operator enables the creation of a multi-tenant vault service as well as injection of secrets into Kubernetes Pods using annotations and a service web hook. Vault is easier to adapt to Kubernetes when using the Banzaicloud Vault Operator. Hashicorp produced an awesome service called Vault which allows you to managed and protect application secrets. One of the most common ways sensitive application secrets can be exposed is through use of environment variables, or through data templates. ![]() Since I wanted to use the Keycloak helm chart the Keycloak service runs using a Postgres backend. Keycloak is an open-sourced enterprise service which manages identity, authentication, authorization, and account federation which is part of the JBoss project and backed by RedHat. Having experienced the issue of identity management in past projects (I've literally published 5 web apps which became some iteration of user-profile applications), I found Keycloak to be of particular use when it comes to managing users and federating accounts. Oauth2-proxy also allows custom configuration for identity management services such as Keycloak. Oauth2-proxy leverages the OAUTH2 protocol to delegate authentication. Oauth2-proxy is a project which provides an authentication and authorization intercept to services where you want to protect pages. I chose Nginx due to its widespread support, ease of configuration through annotations, its ability to provide proxy for TCP and UDP services, and being able to set up an authentication proxy using Kubernetes annotations on ingress objects. ![]() Having used Traefik before, I found setting up a traffic intercept using a project like Oauth-proxy not that straightforward with Traefik. Deleted PVCs are designated archived-.īy default K3S utilizes traefik as an ingress controller for the Kubernetes cluster. nfs-client-provisioner creates a sub-folder in the NFS root with the name of the PVC. The idea here is that I wanted the Docker containers running in the Kubernetes Pods to write directly to a USB Drive which is mounted onto the Kubernetes master node. The PVC will be designated as an NFS client if the nfs storage class is used. nfs-client-provisioner takes things a step further by auto-provisioning NFS volumes whenever a Kubernetes Persistent Volume Claim (PVC) is declared. NFS allows for folders to be mounted via TCP protocols as network file shares. #Bitnami owncloud enable https on local network portableNfs-client-provisioner implements portable networks storage across the Kubernetes cluster using the Network File System (NFS) Protocol. Proxying services externally with ServiceLB.Other factors which lead into the selection of K3S is the distribution provided the following features out-of-the-box: A kubernetes distribution which utilized resources efficient would be paramount. Due to the decision to leverage low-cost embedded devices, there was an inherit limitation on resources which would be available. The architecture utilizes K3S as a lightweight alternative to Kubernetes. I ultimately came up with the following design: I ran out of resources and eventually created a 3-node cluster using embedded devices. #Bitnami owncloud enable https on local network windowsI spent about 2 months pouring over Helm charts and experimenting with Kubernetes for Docker Desktop using my Windows laptop to get as close to an ideal configuration as I could. As a developer who sometimes works on personal projects, I also wanted a local network playground for any personal services I build. I knew similarly that I wanted to have a centralized system for identity management and a place to store files. I was originally inspired by a blog post I had read about setting up a raspberry pi home lab which set up DNS, OpenLDAP, and NextCloud. I started out the process by thinking about what I wanted to use the home lab for. It took me about 6 months to reach a point where I was comfortable with what I had built. I set out to build a home-lab using Kubernetes ( k3s). Having only dabbled in Kubernetes I wanted to know more. At the time there was a goal at work to transition our infrastructure from using AWS Elastic Container Service (ECS) to an internal managed Kubernetes-based platform. I had decided that it was time to pick up a new skill. I was fortunate enough to come across a video and some mentorship which motivated me to try and come out of lockdown better than I was before. ![]() For a lot of people, 2020 was a rough year would be an understatement. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |