Fabian Lee : Software Engineer

Bash: fixing SSH authentication error “bad ownership or modes for file/directory”

November 5, 2023
Categories: Linux

If ssh private/public keypair authentication is failing, check the logs on the server side for permission errors. On Debian/Ubuntu check for these errors in “/var/log/auth.log”. # error if authorized_keys file has too wide a permission for others Authentication refused: bad ownership or modes for file /home/myuser/.ssh/authorized_keys # error if .ssh directory has too wide a … Bash: fixing SSH authentication error “bad ownership or modes for file/directory”

GCP: Private GKE cluster in Autopilot mode using Terraform

March 7, 2022
Categories: Containers, Hyperscaler

GKE Autopilot reduces the operational costs of managing GKE clusters by freeing you from node level maintenance, instead focusing just on pod workloads. Costs are accrued based on pod resource consumption and not on node resource sizes or node count, which are managed by Google. Since you no longer own the node level, there are … GCP: Private GKE cluster in Autopilot mode using Terraform

GCP: Private GKE Cluster with Anthos Service Mesh exposing services

March 7, 2022
Categories: Containers

As opposed to public GKE clusters which have their IP addresses exposed, private GKE clusters use private internal IP addresses. This provides an enhanced security stance, but also means we need a solution such as Anthos Service Mesh to explicitly expose our services. In our previous article, we built a private GKE cluster using Terraform. … GCP: Private GKE Cluster with Anthos Service Mesh exposing services

GCP: Private GKE Cluster with private endpoint using Terraform

March 7, 2022
Categories: Containers

As opposed to public GKE clusters which have their IP addresses exposed, private GKE clusters use private internal IP addresses that offer a level of security and segmentation that should always be preferred. In this article, I will show you how to create a private GKE cluster with Terraform. The endpoint is private also for … GCP: Private GKE Cluster with private endpoint using Terraform

Kubernetes: microk8s with multiple Istio ingress gateways

July 31, 2021
Categories: Containers

microk8s has convenient out-of-the-box support for MetalLB and an NGINX ingress controller. But microk8s is also perfectly capable of handling Istio operators, gateways, and virtual services if you want the advanced policy, security, and observability offered by Istio. In this article, we will install the Istio Operator, and allow it to create the Istio Ingress … Kubernetes: microk8s with multiple Istio ingress gateways

Kubernetes: microk8s with multiple metalLB endpoints and nginx ingress controllers

July 29, 2021
Categories: Containers

Out-of-the-box, microk8s has add-ons that make it easy to enable MetalLB as a network load balancer as well as an NGINX ingress controller. But a single ingress controller is often not sufficient. For example, the primary ingress may be serving up all public traffic to your customers. But a secondary ingress might be necessary to … Kubernetes: microk8s with multiple metalLB endpoints and nginx ingress controllers

Terraform: provisioning GCP servers in both public and private subnets

May 30, 2021
Categories: Linux

It is relatively straightforward to create a GCP public subnet where the compute instances have access to the public internet via the default internet gateway. But once you start building private subnets behind it, you must start considering firewall, routing, and the NAT gateways required to reach public services. In this article, I will use … Terraform: provisioning GCP servers in both public and private subnets

Terraform: provisioning AWS servers in both public and private subnets

May 30, 2021
Categories: Virtualization

It is relatively straightforward to create an AWS public subnet where the compute instances have access to the public internet via the default internet gateway. But once you start building private subnets behind it, you must start considering security groups, routing, and the NAT gateways required to reach public services. In this article, I will … Terraform: provisioning AWS servers in both public and private subnets

GCP: pulling an image from the Container Registry of another project

April 28, 2021
Categories: Containers

In a previous article I discussed the advantages to keeping container images in the private Google Container Registry of a project. And if you have a GKE cluster in the exact same project, then image pulls happen seamlessly without any additional configuration required. However, if the GKE cluster is in a different project than the … GCP: pulling an image from the Container Registry of another project

GCP: pushing GKE images into gcr.io to avoid pull rate limits

April 27, 2021
Categories: Containers

Docker hub now enforces pull rate limits (since November 2020). And unfortunately, this limit is often reached at critical moments such as upgrades or infrastructure events when bulk pod recreation is happening. One way to avoid this problem is to place your images into an alternate image registry. This could mean a lot of work … GCP: pushing GKE images into gcr.io to avoid pull rate limits

Ubuntu: loading a key into ssh-agent at login with a user-level systemd service

April 5, 2021
Categories: Linux

By default, if an SSH key file is dropped into your personal ‘~/.ssh’ directory that matches a set of standard names, then it will automatically be used as an identity when logging into a remote site (id_rsa, id_dsa, id_ecsda, id_ed25519, or identity). For example, this makes it simple to comply with Github’s requirement to use … Ubuntu: loading a key into ssh-agent at login with a user-level systemd service

Maven: Installing a private Maven repository on Ubuntu using Apache Archiva

February 3, 2018
Categories: DevOps, Java

An essential part of the standard build process for Java applications is having a repository where project artifacts are stored. Artifact curation provides the ability to manage dependencies, quickly rollback releases, support compatibility of downstream projects, do QA promotion from test to production, support a continuous build pipeline, and provides auditability. Archiva from the Apache … Maven: Installing a private Maven repository on Ubuntu using Apache Archiva

Maven: Installing a 3rd party jar to a local or remote repository

February 20, 2017
Categories: DevOps, Java

Especially in enterprise application development, there can be 3rd party dependencies that are not available in public Maven repositories. These may be internal, business specific libraries or licensed libraries that have limitations on usage. When this is the case, you can either publish to a private Maven repository that controls authorization or you can put … Maven: Installing a 3rd party jar to a local or remote repository

Maven: Installing a private Maven repository on Ubuntu using Artifactory

February 20, 2017
Categories: DevOps, Java

An essential part of the standard build process for Java applications is having a set of repositories where project artifacts are stored. Artifact curation provides the ability to manage dependencies, quickly rollback releases, support compatibility of downstream projects, do QA promotion from test to production, support a continuous build pipeline, and provides auditability. JFrog puts … Maven: Installing a private Maven repository on Ubuntu using Artifactory