Practice Aid
Reply
Author Archives: Adam Young
Network Policy to Explicitly Allow access from all Namespaces
The Default network policy in OpenShift allows all access from all pods in all namespaces via the cluster IP. However, once you start enforcing policy on a project, all policy decision need to be made explicit. If you want to still allow access from all projects, you can use the following policy file.
kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: name: allow-all-namespaces spec: ingress: - from: - namespaceSelector: {} |
Testing OpenShift Network Policy
The first principle is that you must not fool yourself and you are the easiest person to fool.
Richard P. Feynman
Test before you deploy. Treat configuration as code. These are precepts of DevOps that we want to make real. When dealing with network policy, we want to test it out in a development context before deploying it in production.
Continue readingDeploying a Minimalistic Flask Application to OpenShift
Some colleagues and I were discussing the network access policy of OpenShift. I realized it would be very helpful to have a trivial app that I could deploy to OpenShift that would then try to make a call to another service. So I wrote it using Python3 and Flask. Now that I have it working, I want to deploy it in OpenShift, again, in a trivial manner.
I would not deploy a Flask App into production without a Web server to front it. But that is what I am going to do for this test app.
Continue reading18 Triadic Permutations
I use the term permutations loosely here. But for any given chord inversion, there are 6 variations of the tones in the pitch you can play in order to play each tone once. What makes this an impure use of the term permutations is that the second and third notes of the sequence can go both above the starting note in one variation, and below it in another.
Continue readingDecisions when playing Chromatic Triadic patterns
George Garzone is the Sax players sax player. He is a teacher that has taught the best of the crop that is out there right now. I had the privilege of studying with George back in high school. I can honestly say that no subject I studied before or since taught me how to think better than Jazz improvisation.
Continue readingI know JACK!
Well enough to be dangerous. I was able to get the JACK Daemon running on my Lenovo Laptop running Fedora 32, and us it to record MIDI-based music.
Continue readingSimplifying the network
I seem to have a bad Ethernet port on the NUC. Since I have an external Ethernet adapter as well, this is not a show stopper, but it does change the approach I am going to make to my home network. As always: Simplification is preferred. Here’s the current approach:
Continue readingHome Network setup for OpenShift
Here is how I currently have my machines connected. Posted here for documentation, and to get it straight in my own head.
Continue readingAn Ansible Approach to Registering RHEL Systems
I am constantly creating and deleting virtual machines. These virtual machines often are RHEL systems, and need to be registered with Red Hat’s CDN. While In the past I had a Role that was wrapped into other provisioning playbooks to perform this task, I find that there are enough one-offs to make it useful to do this as a stand alone playbook. Here is how I set it up, including my rational.
Continue reading