Thursday, August 20, 2020

traefik: kubernetes service not found: xyz

Check if the removed application left the ingressroute behind.

$ kubectl delete ingressroute -n ${NAMESPACE} ${INGRESSROUTE_APP}

Tuesday, August 18, 2020

helm3: installing kubeapps over TLS

$ kubectl create ns kubeapps

$ helm install  kubeapps --namespace kubeapps bitnami/kubeapps \

  --set ingress.enabled=true \

  --set ingress.certManager=true \

  --set ingress.hosts[0].name=kubeapps.medogz.com \

  --set ingress.hosts[0].tls=true \

  --set ingress.hosts[0].tlsSecret=kubeapps-tls


2. Create the secret
$ kubectl -n default create secret tls kubeapps-tls -n kubeapps --key=/path/STAR_medogz_com.key --cert=/path/STAR_medogz_com.crt 

3. Get the token to access the kubeapps.medogz.com

$  kubectl get secret $(kubectl get serviceaccount kubeapps-operator -o jsonpath='{.secrets[].name}') -o jsonpath='{.data.token}' -o go-template='{{.data.token | base64decode}}' && echo


4. Access https:/kubeapps.medogz.com

NOTE: After the login, some images will load from external network and the site won't be accessed fully by TLS.

Saturday, August 15, 2020

Lenovo thinkpad x1: How to enable the Keyboard Backlight ?

On the keyboard, the keys that are used to enable or disable the backlight is the Fn + Space bar.

Wednesday, August 5, 2020

kubectl: decode a secret

$ kubectl get secrets  registry-medogz-tls-cert -o yaml | grep " tls.crt: " | cut -d ':' -f 2 | awk '{$1=$1};1' | base64 -d

----BEGIN CERTIFICATE-----
MIIDZjCCAk4CCQDjsgIRiJ4soTANBgkqhkiG9w0BAQsFADB6MQswCQYDVQQGEwJV
UzEWMBQGA1UEBwwNTmV3IEhhbXBzaGlyZTEPMA0GA1UECgwGbWVkb2d6MSEwHwYD
VQQDDBhJTlRFUk1FRElBVEUgbWVkb2d6LmhvbWUxHzAdBgkqhkiG9w0BCQEWEG1l
aXNAbWVkb2d6LmhvbWUwHhcNMjAwODAzMDEzNDMxWhcNMjUwODAzMDEzNDMxWjBw
MQswCQYDVQQGEwJVUzELMAkGA1UECAwCTkgxDzANBgNVBAcMBk5hc2h1YTEUMBIG
Nx5qyZfObKcsTNZpzH+3Ihiu0ax/ScPHSZvAp4FH3AEUK+XWSBg9qU9HP/e15XrI
75GGfw2M7bim+EOnDVii9wEnwKRRSKFJhHmPrWJF2mCyezYx80EsRE5l2djkkpuC
yYbYmyHBGYN3jewpOc1UZAvDJUMJsmVdS9+skRzcMsoppxyI7BMk/2jmlMgm0+7K
X/UsyJ4k3Yd02g==
-----END CERTIFICATE-----

Sunday, August 2, 2020

Certificate Terminology

  • CA - Certificate Authority. CA is an entity that issues digital certificates for use by other parties. It is an example of a trusted third party. CAs are characteristic of many public key infrastructure (PKI) schemes.

  • CSR - Certificate Signing Request. CSR is a message sent from an applicant to a certificate authority in order to apply for a digital identity certificate.

  • PEM - Privacy-enhanced Electronic Mail. The .pem file name extension is used for a Base64-encoded X.509 certificate.

  • CRT  - The CRT extension is used for certificates.

    DER -  The DER extension is used for binary DER encoded.

    req_extensions - declares request extensions to be included in PKCS #10 certificate signing request (CSR) objects. 

self signed certificate: wildcard certificate

Generate private key
$ openssl genrsa -des3 -out medogzca.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
.............................................................+++++
......+++++
e is 65537 (0x010001)
Enter pass phrase for medogzca.key:
Verifying - Enter pass phrase for medogzca.key:


Create CA-signed certificate
$ openssl req -x509 -new -nodes -key medogzca.key -sha256 -days 3650 -out medogzca.pem
Enter pass phrase for medogzca.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:MYSTATE
Locality Name (eg, city) [Default City]:MYCITY
Organization Name (eg, company) [Default Company Ltd]:medogz
Organizational Unit Name (eg, section) []:code devel
Common Name (eg, your name or your server's hostname) []:*.medogz.home
Email Address []:meis@medogz.home