stad.us

I am moving on from my position as a Senior Security Analyst at Bank of America to become a Cloud Security Architect at Workiva. I’ve decided to move back in to the development side of the business but still keep my Security focus. I look forward to the new opportunity and am grateful for being able to make such a move during the pandemic.

Still working at home during the pandemic, the Bank has indicated that there will be no COVID-19 layoffs until the end of the year for which I am grateful. In addition we will be working from home until probably October.

During the pandemic, I wanted to come up to speed on new technologies and have started working with Podman and created a vagrant file to build a Centos 8 based Podman installation. Have a look at it if interested: podman-vagrant.

Life continues in the time of COVID-19.

To continue my work with k3s I’ve created a new Github project to build a development k3s cluster to use on my new iMac box (with 64Gb of memory I might add). Right now the project is in a very early stage and it builds on plenty of work of other contributors on other Github projects.

The Project

Head on over to k3s-vagrant-cluster and have a look. I’ve noticed that k3s is transitioning over to nginx-ingress instead of using Traefik so I’ll work on updating the project when the latest version is available.

I recently purchase a 2019 27" iMac from the Apple refurbished store to use as my main desktop machine at home. Compiles now fly and I love the 5K screen resolution.

The only problem is that I reinstalled Catalina from scratch and realized that Apple has changed the default shell from bash to zsh. The version of bash installed is very old so I decided to upgrade to a newer version of bash (as of this writing, 5.0.16). I have a lot of scripts I use for development and I don’t want to rewrite them.

Traefik is automatically deployed as part of the k3s Kubernetes cluster. To enable the dashboard for Traefik follow these instructions.

Enable the Dashboard

The dashboard is not enabled in the base k3s distribution. Enable the dashboard by editing the traefik.yaml manifest at /var/lib/rancher/k3s/server/manifests:

sudo vi /var/lib/rancher/k3s/server/manifests/traefik.yaml

Add the line dashboard.enabled: "true" in the spec: set: section. Remember this is YAML so match the indent of the previous line.

Save the file and k3s will deploy the dashboard service, you can see the service with the kubectl get service command:

As a follow on to my Kubernetes cluster build from earlier this month, I decided to try out the k3s lightweight Kubernetes install on my same cluster.

Install Fedora Server 31

I used Fedora 31 as my base OS and installed the standard server. The k3s installation requires the legacy cgroups and iptables found in older OS versions, Fedora has decided to upgrade to newer versions of cgroups and iptables in 31.

To use cgroups v1, execute these commands:

I have a number of Intel NUC systems that I purchased off ebay a while back and wanted to use them to create my own personal Kubernetes cluster. I’ll be using the cluster to test out new container-based products as well as securing the installation based on the CIS Benchmark for Kubernetes.

Install Fedora Server 31

I am using Fedora 31 as my base OS instead of something like CoreOS for a number of reasons, most notably that I want to install some other software that is not container-based. I installed the standard Fedora Server version.

In setting up the stad.us blog and website, I had the opportunity to start using the git submodule command for the first time to work with submodules. I don’t pretend that there are other ways to use submodules, but these are the commands I use the most.

Add

Anything can be added as a submodule to an existing git project as long as the submodule is itself a git project. In my case, I forked the Beautiful Hugo theme for this Hugo based website. It needs to be linked from the themes directory in my site repository.

Welcome to the new home of Software Tool & Die. Here you will find my occasional musings on software development, security research, kubernetes, containers, and just about anything else that is on my mind.

Software Tool & Die is my consulting company based in Denver, CO. When I decide to strike out on my own and work 1099, STAD comes to the rescue.

This site is rendered using a static site generator called Hugo with a customized theme. It is then deployed to GitLab Pages.