In the previous post ArgoCD: an overview, SSL configuration, and an application deploy we did a quick overview on how to work with the ArgoCD in general, and now let’s try to deploy a Helm chart. The most interesting part of this is how to enable the Helm Secrets. Had some pain with this, but… Read More »
For the authentification and authorization, Kubernetes has such notions as User Accounts and Service Accounts. User Accounts – common user profiles used to access a cluster from the outside, while Service Accounts are used to grant access from inside of the cluster. ServiceAccounts are intended to provide an identity for a Kubernetes Pod to… Read More »
We have a Docker image with Git client installed. The task is to automatically clone a repository when running a container from this image. git clone – fatal: unable to fork When running the git clone command in a container from this Docker image it fails with the “unable to fork” error: [simterm] / #… Read More »
So, as a follow-up to the Helm: Kubernetes package manager – an overview, getting started post – let’s discuss about sensitive data in our Helm charts. What I want is to store a chart files in a repository, but even if such a repo will be a private Github repo – I still don’t want… Read More »
The next task is to add a new user who will have access to check pods state and watch logs – any other operations must be prohibited. AWS EKS uses AWS IAM for authentification in a Kubernetes cluster (check the Kubernetes: part 4 – AWS EKS authentification, aws-iam-authenticator and AWS IAM post for details), bot… Read More »
Currently, I’m using KeePass as passwords, RSA-keys, and as the Freedesktop SecretService, see the KeePass: an MFA TOTP codes, a browser’s passwords, SSH keys passwords storage configuration and Secret Service integration post. The first issue I faced with during such a setup is the fact that KeePass’ database is synced between my computers (it’s database… Read More »
When using an MFA for an email account you can face an issue when the same mail account may be used by multiple team members and each of them needs to have the MFA configured. for example, we have a mailbox [email protected] and I’d like to set up an MFA protection on it with Google… Read More »
As a follow-up to the SSH: RSA keys, and ssh-agent for SSH keys and their passwords management post. The idea now is to make simpler to work with password-protected SSH keys, to avoid the necessity to enter a password each time when you want to load a key to the ssh-agent. One of the possible… Read More »
So, this seems to be the last one post in the whole series about passwords and SSH management in Linux. The previous parts were about: Linux: the Nextcloud client, qtkeychain and the “The name org.freedesktop.secrets was not provided by any .service files” error – I found that a keyring service is able to store SSH… Read More »
One of the motives to go deeper into the keyrings (see the What is: Linux keyring, gnome-keyring, Secret Service, and D-Bus post) was the fact that Chromium, surprise-surprise, keep passwords unencrypted if a Linux system has no keyring and/or Secret Service enabled. So, let’s try to find how and where Chromium store passwords, and the… Read More »