Fabian

Ubuntu: fix apt warning for Dropbox with key in legacy keyring

If you have Dropbox installed on your Linux desktop and have recently started seeing this warning message from apt: http://linux.dropbox.com/ubuntu/dists/disco/Release.gpg: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details This can be resolved by adding the Dropbox PGP key to the ‘signed-by’ of the apt repo definition (as Ubuntu: fix apt warning for Dropbox with key in legacy keyring

Github: automated build and publish of containerized GoLang app with Github Actions

Github Actions provide the ability to define a build workflow based on Github repository events.  The workflow steps are defined as yaml and can be triggered by various events, including a code push, branch, or tagging in the repository. In this article I will detail the steps of creating a statically-linked GoLang binary that when Github: automated build and publish of containerized GoLang app with Github Actions

Github: automated Github release of GoLang binary using Github Actions

Github Actions provide the ability to define a build workflow directly in Github.  The workflow steps are defined as yaml and can be triggered by various events, including a code push, branch, or tagging in the repository. In this article I will detail the steps of creating a statically-linked GoLang binary that is automatically built Github: automated Github release of GoLang binary using Github Actions

Gradle: running more than one command in an Exec task

A Gradle Exec task will only run the last ‘commandLine’ defined inside its block.  Putting multiple entries inside its block will not run multiple commands. As an example, if you run the following Gradle task. task willOnlyRunLast(type: Exec) { commandLine “echo”, “first” commandLine “echo”, “second” commandLine “echo”, “last” } The task above will only echo Gradle: running more than one command in an Exec task

Github: automated Github release for Spring Boot jar using Github Actions

Github Actions provide the ability to define a build workflow directly in Github.  The workflow steps are defined as yaml and can be triggered by various events, including a code push, branch, or tagging in the repository. In this article I will detail the steps of creating a simple Spring Boot web application that when Github: automated Github release for Spring Boot jar using Github Actions

Github: automated build and publish of containerized Spring Boot app using GitHub Actions

Github Actions provide the ability to define a build workflow directly in Github.  The workflow steps are defined as yaml and can be triggered by various events, including a code push, branch, or tagging in the repository. In this article I will detail the steps of creating a simple Spring Boot web application that when Github: automated build and publish of containerized Spring Boot app using GitHub Actions

Github: locally invoked release process for a Gradle built Java Spring Boot project

The GitHub “Release” page for a repository can provide your consumers a convenient way to download a binary version of your software as well as track the latest changes and enhancements. In this article, I will show how to invoke a local release process for a Java Spring Boot jar built with Gradle.  A new Github: locally invoked release process for a Gradle built Java Spring Boot project

GoLang: Running a Go binary as a systemd service on Ubuntu 22.04

The Go language with its simplicity, concurrency support,  rich package ecosystem, and ability to compile down to a single binary is an attractive solution for writing services on Ubuntu. However, the Go language does not natively provide a reliable way to daemonize itself.  In this article I will describe how to take a couple of simple Go language programs GoLang: Running a Go binary as a systemd service on Ubuntu 22.04

GoLang: Installing the Go Programming language on Ubuntu 22.04

Update Sept 2024: changed the page parsed for latest version, validated installation of go1.23.1 on Ubuntu22.04 The Go programming language consistently ranks as one of the most popular languages in developer surveys.  In fact, Kubernetes as well as most of the CNF projects are written in Go.  And it compiles down to machine code, which GoLang: Installing the Go Programming language on Ubuntu 22.04

Linux: openssl to validate whether private key and TLS certificate match

In environments where certificates are manually deployed, reloading TLS certs is often only done annually when the certificate is near expiration.  This long lapse in time often means that someone else has inherited the task of renewal, and the original key in use may even be in question. Luckily, openssl provides a way to validate Linux: openssl to validate whether private key and TLS certificate match

Linux: ssh-keygen to check whether ssh private key and public cert are keypair

When using a private key on the client to ssh into a remote server with the matching public certificate in ~/.ssh/authorized_keys, a common failure message from the client is: Permission denied (publickey) The most common reasons for this is private key permissions issues (chmod 600), a misconfiguration of authorized_keys, or trying to send the wrong Linux: ssh-keygen to check whether ssh private key and public cert are keypair

GCP: fix kubectl auth plugin deprecation warning by installing new auth plugin

Starting with Kubernetes client 1.22, you may start seeing warning messages about your authentication mechanism when running commands.  Here is an example when using gcloud for GKE cluster credentials. WARNING: the gcp auth plugin is deprecated in v1.22+, unavailable in v1.26+; use gcloud instead. This is because the authentication provider-specific login code will be removed GCP: fix kubectl auth plugin deprecation warning by installing new auth plugin

GCP: LDAP authentication for Anthos VMware clusters using Anthos Identity Service

Anthos Identity Service allows an organization to tie into their existing Identity Provider to authenticate and authorize users into their Anthos clusters. In this article, I will show how the authentication for an Anthos on VMware cluster can be integrated into an existing Active Directory deployment, and further how a user’s AD group membership can GCP: LDAP authentication for Anthos VMware clusters using Anthos Identity Service

GCP: listing IAM roles for user, group, and service account in project and organization

When GCP operations fail due to permissions issues, checking the IAM roles assigned to a user, group, or service account becomes a necessity. When hierarchical projects and organizations are involved it becomes even more complex.  This article will show you how to use gcloud at the project and organization level to pull IAM policies for GCP: listing IAM roles for user, group, and service account in project and organization

Bash: extend timeout for idle ssh sessions using TMOUT

The ClientAliveInterval and ClientAliveMaxCount settings in “/etc/sshd/sshd_config” work together to control the timeout value of an ssh session on the server side.  But under BASH, to keep idle client sessions from timing out, you also need to set the ‘TMOUT’ variable or you will see messages like below when disconnected. timed out waiting for input: Bash: extend timeout for idle ssh sessions using TMOUT

Kubernetes: KSA must now create secret/token manually as of Kubernetes 1.24

Before Kubernetes 1.24, the creation of a KSA (Kubernetes Service Account) would also create a non-expiring secret, where the token controller would generate a token that could be used to authenticate into the API server. As a quick example of the legacy behavior on Kubernetes < 1.24, notice how the creation of a service account Kubernetes: KSA must now create secret/token manually as of Kubernetes 1.24

Terraform: creating an Ubuntu 22 template and then guest VM in vCenter

In this article I will demonstrate how to create an Ubuntu 22 template in vCenter.  Then use Terraform to create a vSphere VM based on this template. The VM template creation is done by manually stepping through the Ubuntu server ISO installation wizard, followed by a set of preparation steps. Then Terraform is used to Terraform: creating an Ubuntu 22 template and then guest VM in vCenter

Kubernetes: Anthos GKE on-prem 1.13 on nested VMware environment

Anthos GKE on-prem is a managed platform that brings GKE clusters to on-premise datacenters. This product offering brings best practice security measures, tested paths for upgrades, basic monitoring, platform logging, and full enterprise support. Setting up a platform this extensive requires many steps as officially documented here. However, if you want to practice in a Kubernetes: Anthos GKE on-prem 1.13 on nested VMware environment

Python: migrating pip modules to newer Python version on Ubuntu

Migrating from one Python 3.x version to a newer 3.x minor version seems like it would just be a simple ‘apt install’ of the latest Python package.  But you most likely have pip modules installed at a version specific ‘dist-packages’ or ‘site-packages’ directory, and those modules have to be freshly installed into the newer version Python: migrating pip modules to newer Python version on Ubuntu

Kubernetes: copying files into and out of containers without ‘kubectl cp’

The ‘kubectl cp‘ command is a convenient way to get files into and out of remote containers, however it requires that the ‘tar’ utility be installed inside the container. There are many images that have removed this utility because of the identified security vulnerability, while others have removed it due to the adoption of the Kubernetes: copying files into and out of containers without ‘kubectl cp’

Kubernetes: Keycloak IAM deployed into Kubernetes cluster for OAuth2/OIDC

Keycloak is an open-source Identity and Access Management (IAM) solution that can be used to provide authentication and authorization to your enterprise applications.  One of the many protocols it supports is OAuth2/OIDC. One of the easiest ways to deploy Keycloak is directly into your Kubernetes cluster, exposed securely with an NGINX Ingress. In this article, Kubernetes: Keycloak IAM deployed into Kubernetes cluster for OAuth2/OIDC

Python: Flask-OIDC protecting Client App and Resource Server using Windows 2019 ADFS

Flask OIDC is an extension to the popular Flask web framework that enables OAuth2/OIDC for your application.  The base project does not support ADFS, but I have create a personal fork of this module that supports Windows 2019 ADFS as the OAuth2 Authentication Server. In this article, we will exercise the OAuth2 Authorization Code flow.  Python: Flask-OIDC protecting Client App and Resource Server using Windows 2019 ADFS