https://buildrunrepeat.com/tags/authorization/Recent content in Authorization on Build. Run. Repeat.HugoenWed, 01 Jan 2025 09:00:00 -0400https://buildrunrepeat.com/posts/hashicorp-consul-k8s-service-mesh-series-01-intro-and-setup/Wed, 01 Jan 2025 09:00:00 -0400https://buildrunrepeat.com/posts/hashicorp-consul-k8s-service-mesh-series-01-intro-and-setup/<p>Modern cloud-native architectures rely heavily on microservices, and Kubernetes has become the go-to platform for deploying, managing, and scaling these distributed applications. As the number of microservices grows, ensuring secure, reliable, and observable service-to-service communication becomes increasingly complex. This is where service mesh solutions, such as HashiCorp Consul, step in to provide a seamless approach to managing these challenges. In this blog post, we will delve into the integration of HashiCorp Consul Service Mesh with Kubernetes, exploring its architecture, features, and step-by-step deployment guide.</p>https://buildrunrepeat.com/posts/harbor-registry-automating-ldap-configuration-part-2/Sun, 01 Jan 2023 09:00:00 -0400https://buildrunrepeat.com/posts/harbor-registry-automating-ldap-configuration-part-2/<p>This post continues our two-part series on automating LDAP configuration for Harbor Registry. In the <a href="https://buildrunrepeat.com/posts/harbor-registry-automating-ldap-configuration-part-1/">previous post</a>, we demonstrated how to achieve this using Ansible, running externally. However, external automation has its challenges, such as firewall restrictions or limited API access in some cases/environments.</p> <p>Note: make sure you review the previous post as it provides a lot of additional background and clarifications on this process, LDAPS configuration, and more.</p> <p>Here, we explore an alternative approach using Terraform, running the automation directly inside the Kubernetes cluster hosting Harbor. This method leverages native Kubernetes scheduling capabilities for running the configuration job in a fully declarative approach and does not require any network access to Harbor from the machine running the job.</p>https://buildrunrepeat.com/posts/kubernetes-data-protection-getting-started-with-kasten/Mon, 01 Aug 2022 09:00:00 -0400https://buildrunrepeat.com/posts/kubernetes-data-protection-getting-started-with-kasten/<p>In a recent Kubernetes project I was involved in, our team had to conduct an in-depth proof of concept for several Kubernetes data protection solutions. The main highlights of the PoC covered data protection for stateful applications and databases, disaster recovery, and application mobility, including relocating applications across Kubernetes clusters and even different types of Kubernetes clusters (for example, from TKG on-premise to AWS EKS, etc.).</p> <p>One of the solutions we evaluated was Kasten (K10), a data management platform for Kubernetes, which is now a part of Veeam. The implementation of Kasten was one of the smoothest we have ever experienced in terms of ease of use, stability, and general clarity around getting things done, as everything is very well documented, which certainly cannot be taken for granted these days. :)</p>https://buildrunrepeat.com/posts/production-grade-multi-cluster-tap-installation-guide/Mon, 01 Aug 2022 09:00:00 -0400https://buildrunrepeat.com/posts/production-grade-multi-cluster-tap-installation-guide/<ul> <li><a href="#introduction">Introduction</a></li> <li><a href="#prerequisites">Prerequisites</a></li> <li><a href="#prepare-your-workstation">Prepare your Workstation</a></li> <li><a href="#relocate-tap-images-to-your-private-registry">Relocate TAP Images to your Private Registry</a></li> <li><a href="#install-tap">Install TAP</a> <ul> <li><a href="#view-cluster">View Cluster</a> <ul> <li><a href="#set-up-the-installation-namespace">Set up the Installation Namespace</a></li> <li><a href="#issue-a-tls-certificate-for-tap-gui">Issue a TLS Certificate for TAP GUI</a></li> <li><a href="#set-up-a-database-for-tap-gui">Set up a Database for TAP GUI</a></li> <li><a href="#set-up-the-tap-gui-catalog-git-repository">Set up the TAP GUI Catalog Git Repository</a></li> <li><a href="#set-up-rbac-for-the-metadata-store">Set up RBAC for the Metadata Store</a></li> <li><a href="#set-up-an-authentication-provider-for-tap-gui">Set up an Authentication Provider for TAP GUI</a></li> <li><a href="#set-up-rbac-for-the-build-run-and-iterate-clusters">Set up RBAC for the Build, Run and Iterate Clusters</a></li> <li><a href="#set-an-ingress-domain-tap-gui-hostname-and-ca-certificate">Set an Ingress Domain, TAP GUI Hostname and CA Certificate</a></li> <li><a href="#deploy-the-tap-package">Deploy the TAP Package</a></li> </ul> </li> <li><a href="#build-cluster">Build Cluster</a> <ul> <li><a href="#set-up-the-installation-namespace-1">Set up the Installation Namespace</a></li> <li><a href="#set-up-metadata-store-authentication-and-ca-certificate">Set up Metadata Store Authentication and CA Certificate</a></li> <li><a href="#prepare-a-sample-source-code-git-repository">Prepare a Sample Source Code Git Repository</a></li> <li><a href="#update-the-tap-values-file">Update the TAP Values File</a></li> <li><a href="#deploy-the-tap-package-1">Deploy the TAP Package</a></li> <li><a href="#deploy-the-tbs-full-dependencies-package">Deploy the TBS Full Dependencies Package</a></li> <li><a href="#set-up-the-developer-namespace-and-deploy-a-workload">Set up the Developer Namespace and Deploy a Workload</a></li> </ul> </li> <li><a href="#run-cluster">Run Cluster</a> <ul> <li><a href="#set-up-the-installation-namespace-2">Set up the Installation Namespace</a></li> <li><a href="#update-the-tap-values-file-1">Update the TAP Values File</a></li> <li><a href="#deploy-the-tap-package-2">Deploy the TAP Package</a></li> <li><a href="#set-up-the-developer-namespace-and-deploy-a-workload-1">Set up the Developer Namespace and Deploy a Workload</a></li> </ul> </li> <li><a href="#iterate-cluster">Iterate Cluster</a> <ul> <li><a href="#set-up-the-installation-namespace-3">Set up the Installation Namespace</a></li> <li><a href="#update-the-tap-values-file-2">Update the TAP Values File</a></li> <li><a href="#deploy-the-tap-package-3">Deploy the TAP Package</a></li> <li><a href="#deploy-the-tbs-full-dependencies-package-1">Deploy the TBS Full Dependencies Package</a></li> <li><a href="#set-up-the-developer-namespace-and-deploy-a-workload-2">Set up the Developer Namespace and Deploy a Workload</a></li> <li><a href="#iterate-on-your-application">Iterate on your Application</a></li> </ul> </li> </ul> </li> <li><a href="#wrap-up">Wrap Up</a></li> </ul> <h2 id="introduction">Introduction</h2> <p>Since my previous posts on <a href="https://buildrunrepeat.com/posts/vmware-tanzu-application-platform-overview/">TAP Overview</a> and <a href="https://buildrunrepeat.com/posts/backstage-introduction-kubecon-cloudnativecon-europe-2022/">Backstage</a>, I have been diving deeper into TAP, trying to establish the practices around it.</p>