Posts

Watch ETCD change as Vault’s backend Install Vault & Etcd locally brew install etcd vault ➜ ~ etcd --version etcd Version: 3.4.15 Git SHA: Not provided (use ./build instead of go build) Go Version: go1.

RBAC 1. RBAC RBAC model: WHO DO WHAT Subject Verbs Resources In order to fully grasp the idea of RBAC, we must understand that three elements are involved: Subjects: The set of users and processes that want to access the Kubernetes API.

Prerequisites There are several decisions need to be made before deployment: 1. what should the container orchestration for Vault? Even I am a big fan of K8S, but GCP container on VM still can an option if you just need to deploy on container.

1.How aws EC2 generate instance identity documents? 2.How to leavage the instance identity for SSH? 3.How to limit ssh access via group policy? how ssh-agent works? 4.Except spire identity, what are the solutions for node attestation?

1. How spire do the node attestation for k8s node? 2.How could spire use slector for pod? mutating webhook or spire agent mount? 3.spire cert will be only used as mtls cert?

人性的底层逻辑： 1. 从众心理 加入多数的群体，来获得生存和食物的安全感， 认同群体价值，服从群体价值。 投机， 是利用从众心理来获取超额盈利的关键。 传销： 高封闭的环境，强力的领袖，服从性强的群体，来达到从众心理的效果。 而人类的个体智慧，是要打破本能的惯性，识破其中的荒谬 2.追求暴力 暴力是获取食物，安全，性资源的基础。 现代社会，暴力衍生品是权力，财富，暴力审美。 经济危机期间，大众审美倾向于阳刚之美，经济繁荣时期，则是阴柔之美。 追求虐待和追求被虐待也是极端化的暴力追求。 暴力，是动物性的根源。 暴力的背书，是数字经济的根本， 货币是暴力最广泛使用的衍生品。 资本主义社会， 暴力通过货币衍生品来控制人类生活。 大众的期待是通过不劳而获的方式，来获取暴力。 垄断的发生，是资本家最求暴力的表现。 暴力，最喜欢的是秩序和服从。 而自由，就是选择权，可以选择暴力，也可以远离暴力的权力。 3.趋利避害 本能地趋利避害，大多数人都只希望做有利自己的事情。 只愿意相信自己相信的事情，并合理化所有的行为和做法。 4.好奇心与窥探欲

Please note: this article is written by Chen Xi Deployment Pattern Use Hashicorp Vault for Kubernetes Security PKI cert for Kubernetes API server When setup kubernetes cluster, Kubernetes requires PKI for bunch of certificate for kubelet and API server, scheduler, controller and etcd.

Migrate blog from hexo to hugo, github, netlify Github account: hixichen Domain: highfv Hugo Theme: Academic

Event-Driven Application Design Chen Xi hixichen@github why event driven? Better scalability. Increased versatility Event Stream Processing Amazon Kinesis: makes it easy to collect, process, and analyze real-time, streaming data.

Kubernetes as infra for startup Chen Xi hixichen@github Why k8s? Kubernetes - an open-source container-orchestration system. You just want to have less Ops work for your company and save money!