Build. Run. Repeat.

HashiCorp Consul Service Mesh on Kubernetes Series - Part 1 - Introduction and Setup

2025-01-01 8 min read Cloud Native Consul HashiCorp Kubernetes Service Mesh

Modern cloud-native architectures rely heavily on microservices, and Kubernetes has become the go-to platform for deploying, managing, and scaling these distributed applications. As the number of microservices grows, ensuring secure, reliable, and observable service-to-service communication becomes increasingly complex. This is where service mesh solutions, such as HashiCorp Consul, step in to provide a seamless approach to managing these challenges. In this blog post, we will delve into the integration of HashiCorp Consul Service Mesh with Kubernetes, exploring its architecture, features, and step-by-step deployment guide.

Continue reading
Authentication Authorization Automation Aws Configuration Consul Deployment Elasticsearch Grafana Hashicorp Helm Ingress Installation Istio Kubernetes Logging Monitoring Networking Prometheus Security Servicemesh Storage Tanzu Terraform Tls Troubleshooting Tutorial Upgrade

HashiCorp Vault Enterprise - Performance Replication on Kubernetes

2025-01-01 21 min read Cloud Native HashiCorp Kubernetes Vault

This blog post dives into the technical implementation of Vault Enterprise replication within a Kubernetes environment. We’ll explore how to set up performance and disaster recovery replication, overcome common challenges, and ensure smooth synchronization between clusters. Whether you’re aiming for redundancy or better data locality, this guide will equip you with the insights and tools needed to leverage Vault’s enterprise-grade features in Kubernetes effectively.

Architecture

Screenshot

Prerequisites

  • 2 Kubernetes clusters. *Note: for simulation purposes, you can also use a single Kubernetes cluster with multiple namespaces to host both Vault clusters.
  • Helm installed
  • kubectl installed
  • Vault CLI installed
  • jq installed
  • Vault Enterprise license

Note: for this implementation LoadBalancer services are used on Kubernetes to expose the Vault services (the API/UI and the cluster address for replication). It is highly recommended to use a LoadBalancer rather than ingress to expose the cluster address for replication. Vault itself performs the TLS termination as the TLS certificates are mounted to the Vault pods from Kubernetes. Additionally, note that when enabling the replication, the primary cluster points to the secondary cluster address (port 8201) and not the API/UI address (port 8200). When the secondary cluster applies the replication token, however, it points to the API/UI address (port 8200) to unwrap it and compelete the setup of the replication. We will see this in more detail in the implementation section.

Continue reading
Api Authentication Backup Certmanager Configuration Deployment Docker Enterprisereplication Ha Hashicorp Helm Ingress Installation Kubernetes Logging Performancereplication Raft Replication Security Storage Terraform Tls Troubleshooting Tutorial Upgrade Vault Vaultenterprise

Harbor Registry - Automating LDAP/S Configuration - Part 1

2024-11-01 4 min read Cloud Native Harbor Kubernetes Tanzu

The Harbor Registry is involved in many of my Kubernetes implementations in the field, and in almost every implementation I am asked about the options to configure LDAP/S authentication for the registry. Unfortuntely, neither the community Helm chart nor the Tanzu Harbor package provides native inputs for this setup. Fortunately, the Harbor REST API enables LDAP configuration programmatically. Automating this process ensures consistency across environments, faster deployments, and reduced chances of human error.

Continue reading
Ansible Api Authentication Automation Carvel Certmanager Cicd Configuration Containerimageregistry Deployment Docker Harbor Harborregistry Helm Installation Kubernetes Ldap Ldaps Tanzu Terraform Tkg Tls Troubleshooting Upgrade Vmware

HashiCorp Vault Intermediate CA Setup with Cert-Manager and Microsoft Root CA

2024-01-01 19 min read Cloud Native HashiCorp Kubernetes Tanzu Vault

In this post, we’ll explore how to set up HashiCorp Vault as an Intermediate Certificate Authority (CA) on a Kubernetes cluster, using a Microsoft CA as the Root CA. We’ll then integrate this setup with cert-manager, a powerful Kubernetes add-on for automating the management and issuance of TLS certificates.

The following is an architecture diagram for the use case I’ve built.

Screenshot

  • A Microsoft Windows server is used as the Root CA of the environment.
  • A Kubernetes cluster hosting shared/common services, including HashiCorp Vault. This is a cluster that can serve many other purposes/solutions, consumed by other clusters. The Vault server is deployed on this cluster and serves as an intermediate CA server, under the Microsoft Root CA server.
  • A second Kubernetes cluster hosting the application(s). Cert-Manager is deployed on this cluster, integrated with Vault, and handles the management and issuance of TLS certificates against Vault using the ClusterIssuer resource. A web application, exposed via ingress, is running on this cluster. The ingress resource consumes its TLS certificate from Vault.

Prerequisites

  • Atleast one running Kubernetes cluster. To follow along, you will need two Kubernetes clusters, one serving as the shared services cluster and the other as the workload/application cluster.
  • Access to a Microsoft Root Certificate Authority (CA).
  • The Helm CLI installed.
  • Clone my GitHub repository. This repository contains all involved manifests, files and configurations needed.

Setting Up HashiCorp Vault as Intermediate CA

Deploy Initialize and Configure Vault

Install the Vault CLI. In the following example, Linux Ubuntu is used. If you are using a different operating system, refer to these instructions.

Continue reading
Api Authentication Automation Ca Certificateauthority Certificates Certmanager Configuration Deployment Docker Harbor Hashicorp Helm Ingress Installation Intermediateca Issuer Kubernetes Logging Minio Networking Pki Security Storage Tanzu Terraform Tls Troubleshooting Upgrade Vault Vmware Windows

Tanzu Kubernetes Grid GPU Integration

2023-03-01 16 min read Cloud Native Kubernetes Tanzu TKG

I recently had to demonstrate Tanzu Kubernetes Grid and its GPU integration capabilities. Developing a good use case and assembling the demo required some preliminary research.

During my research, I reached out to Jay Vyas, staff engineer at VMware, SIG Windows lead for Kubernetes, a Kubernetes legend, and an awesome guy in general. :) For those who don’t know Jay, he is also one of the authors of the fantastic book Core Kubernetes (look it up!).

Continue reading
Api Authentication Certmanager Cicd Configuration Deployment Docker Gpu Grafana Harbor Helm Ingress Installation Kubernetes Logging Monitoring Networking Prometheus Security Storage Tanzu Terraform Tls Troubleshooting Tutorial Upgrade Vmware Vsphere Windows

Getting Started with Carvel ytt - Real-World Examples

2023-01-01 11 min read Carvel Cloud Native Kubernetes Tanzu TAP TKG

Over the years of working with Tanzu Kubernetes Grid (TKG), one tool has stood out as a game-changer for resource customization: Carvel’s ytt. Whether tailoring cluster manifests, customizing TKG packages, or addressing unique deployment requirements, ytt has consistently been a fundamental part of the workflow. Its flexibility, power, and declarative approach make it an essential tool for anyone working deeply with Kubernetes in a TKG ecosystem.

But what exactly is ytt? Short for YAML Templating Tool, ytt is part of the Carvel suite of tools designed for Kubernetes resource management. It provides a powerful, programmable approach to templating YAML configurations by combining straightforward data values, overlays, and scripting capabilities. Unlike many traditional templating tools, ytt prioritizes structure and intent, making it easier to maintain, validate, and debug configurations—particularly in complex, large-scale Kubernetes environments.

Continue reading
Api Carvel Certmanager Configuration Customization Deployment Developerexperience Docker Gettingstarted Helm Installation Kubernetes Networking Overlay Overlays Tanzu Templating Terraform Troubleshooting Tutorial Upgrade Vmware Workshop Yaml Ytt

Harbor Registry – Automating LDAP/S Configuration – Part 2

2023-01-01 7 min read Cloud Native Harbor Kubernetes Tanzu Terraform

This post continues our two-part series on automating LDAP configuration for Harbor Registry. In the previous post, we demonstrated how to achieve this using Ansible, running externally. However, external automation has its challenges, such as firewall restrictions or limited API access in some cases/environments.

Note: make sure you review the previous post as it provides a lot of additional background and clarifications on this process, LDAPS configuration, and more.

Here, we explore an alternative approach using Terraform, running the automation directly inside the Kubernetes cluster hosting Harbor. This method leverages native Kubernetes scheduling capabilities for running the configuration job in a fully declarative approach and does not require any network access to Harbor from the machine running the job.

Continue reading
Ansible Api Authentication Authorization Automation Configuration Containerimageregistry Deployment Docker Flux Gitops Harbor Harborregistry Hashicorp Helm Iac Installation Kubernetes Ldap Ldaps Logging Networking Security Terraform Tkg Tls Upgrade
Older posts
© 2025 Build. Run. Repeat. by Itay Talmi - rss - Credits
Bilberry Hugo Theme