ryan@taco.moe:~$

  • Restore OpenShift with... VM Snapshots?

    I run OpenShift on virtual machines (VMs) in my lab and I frequently snapshot my clusters prior to testing cluster configuration changes. I know what you’re thinking: “That’s not how backing up OpenShift works!” “You’re going to run into all kinds of problems with Etcd when you restore!” “Why not...

  • Deny Application Access in Keycloak

    Keycloak makes Single Sign-On authentication easy thanks to OpenID Connect (OIDC). Authorization though is a mixed bag. Authorization for Keycloak clients is usually deferred to the client application. Keycloak says “Hey - this user is authenticated, they’re good to go!” and passes your information back to the client. This is...

  • Homelab Breakdown

    I run a small lab on my home network to test configurations and integration of different software projects for my job. This post breaks down details about my lab. My lab is ever changing. I’ll probably update this post some day. Compute I have 3 physical compute machines. They’re all...

  • Deploy Applications with OpenShift GitOps (Argo CD)

    OpenShift GitOps is a Red Hat supported Operator that deploys Argo CD on an OpenShift Container Platform (OCP) cluster. This post breaks down how to set up OpenShift GitOps to continously deploy manifests from a Git repo to an OpenShift namespace. Installing OpenShift GitOps OpenShift GitOps is a one click...

  • Writing Helm Charts Isn't Hard

    Writing Helm charts shouldn’t be hard. Most Helm tutorials have you start from a template created with helm create chart-name. The starter template is complicated and contains a bunch of YAML you probably don’t need. This post shows my approach to creating Helm charts from scratch. Helm 101 Helm is...

  • AWS CLI Account Management

    I recently needed to manage multiple AWS accounts from the same machine. AWS CLI supports this using Profiles. AWS account profiles are configured in ~/.aws/credentials. For example: [default] aws_access_key_id=AKIAIOSFODNN7EXAMPLE aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY region=us-east-1 output=json [account_1] aws_access_key_id=AKIAI44QH8DHBEXAMPLE aws_secret_access_key=je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY region=us-east-2 output=json AWS CLI defaults to using the default account for commands run without specifying...

  • Kubernetes-Managed TLS Certificates with cert-manager

    I use sub-domains of taco.moe for everything in my homelab. One reason I do this is because I want valid TLS certificates (don’t want to deal with self-signed certs or manage a CA). Let’s Encrypt provides free TLS certificates to anyone who can prove they own the domain they’re requesting...

  • Easy Local DNS Nameserver With Dnsmasq

    While some web-based applications can work with only an IP address, others require a vaild domain name. For local testing you might be able to get away with using your operating systems hosts file (/etc/hosts). If multiple machines need to access the application, it becomes an unnecessary challenge to keep...