Thursday, August 20, 2020

traefik: kubernetes service not found: xyz

Check if the removed application left the ingressroute behind.

$ kubectl delete ingressroute -n ${NAMESPACE} ${INGRESSROUTE_APP}

Tuesday, August 18, 2020

helm3: installing kubeapps over TLS

$ kubectl create ns kubeapps

$ helm install  kubeapps --namespace kubeapps bitnami/kubeapps \

  --set ingress.enabled=true \

  --set ingress.certManager=true \

  --set ingress.hosts[0] \

  --set ingress.hosts[0].tls=true \

  --set ingress.hosts[0].tlsSecret=kubeapps-tls

2. Create the secret
$ kubectl -n default create secret tls kubeapps-tls -n kubeapps --key=/path/STAR_medogz_com.key --cert=/path/STAR_medogz_com.crt 

3. Get the token to access the

$  kubectl get secret $(kubectl get serviceaccount kubeapps-operator -o jsonpath='{.secrets[].name}') -o jsonpath='{.data.token}' -o go-template='{{.data.token | base64decode}}' && echo

4. Access https:/

NOTE: After the login, some images will load from external network and the site won't be accessed fully by TLS.

Saturday, August 15, 2020

Lenovo thinkpad x1: How to enable the Keyboard Backlight ?

On the keyboard, the keys that are used to enable or disable the backlight is the Fn + Space bar.

Wednesday, August 5, 2020

kubectl: decode a secret

$ kubectl get secrets  registry-medogz-tls-cert -o yaml | grep " tls.crt: " | cut -d ':' -f 2 | awk '{$1=$1};1' | base64 -d


Sunday, August 2, 2020

Certificate Terminology

  • CA - Certificate Authority. CA is an entity that issues digital certificates for use by other parties. It is an example of a trusted third party. CAs are characteristic of many public key infrastructure (PKI) schemes.

  • CSR - Certificate Signing Request. CSR is a message sent from an applicant to a certificate authority in order to apply for a digital identity certificate.

  • PEM - Privacy-enhanced Electronic Mail. The .pem file name extension is used for a Base64-encoded X.509 certificate.

  • CRT  - The CRT extension is used for certificates.

    DER -  The DER extension is used for binary DER encoded.

    req_extensions - declares request extensions to be included in PKCS #10 certificate signing request (CSR) objects. 

self signed certificate: wildcard certificate

Generate private key
$ openssl genrsa -des3 -out medogzca.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
e is 65537 (0x010001)
Enter pass phrase for medogzca.key:
Verifying - Enter pass phrase for medogzca.key:

Create CA-signed certificate
$ openssl req -x509 -new -nodes -key medogzca.key -sha256 -days 3650 -out medogzca.pem
Enter pass phrase for medogzca.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:MYSTATE
Locality Name (eg, city) [Default City]:MYCITY
Organization Name (eg, company) [Default Company Ltd]:medogz
Organizational Unit Name (eg, section) []:code devel
Common Name (eg, your name or your server's hostname) []:*.medogz.home
Email Address []:meis@medogz.home