Skip to main content

Posts

Tutorial

Meet my homelab part-2

OIDC the Hard Way: Deploying Keycloak on Bare-Metal Kubernetes OIDC the Hard Way: Deploying Keycloak on Bare-Metal Kubernetes (Part 2) Production-grade identity infrastructure: Vault secrets, clustered Keycloak, Gateway API, and zero credentials in Git. Overview Part 1 established the foundation: HashiCorp Vault as the single source of truth for credentials, External Secrets Operator bridging Vault into Kubernetes-native Secrets, cert-manager automating TLS certificate lifecycle, and ArgoCD deploying everything declaratively from Git. Part 2 builds the identity layer on top of that foundation: Keycloak — an open-source identity and access management solution deployed as a production-grade, 2-replica cluster with PostgreSQL pe...
Post a Comment
Read more
Recent posts

Meet my HomeLab Part-3

PIDC the Hard Way: Integrating Grafana with Keycloak via OIDC (Part 3) Eliminating password databases: OpenID Connect, front-channel vs. back-channel, role mapping, and the end of local authentication. Overview Parts 1 and 2 built the foundation: Vault manages all credentials, External Secrets Operator bridges them into Kubernetes, cert-manager automates TLS, and Keycloak runs as a production-grade identity provider with clustered session state. Part 3 is where that infrastructure proves its value: integrating Grafana with Keycloak via OpenID Connect to eliminate Grafana's native login form entirely. By the end, there is no Grafana password database. No local admin account. Every login redirects to Keycl...
Post a Comment
Read more

Meet my homeLab Part-1

MireCloud Series — Part 1 I Was kubectl apply -ing Everything. Here's How I Stopped. Building MireCloud — the right way, from the ground up. EC Emmanuel Catin Senior Platform Engineer · CKA Vault ESO cert-manager ArgoCD Cilium I have a confession. For months, my homelab was held together with notes, memory, and hope. Keycloak was running. Grafana was up. GitLab was accessible. But if you asked me why something worked, half the time the honest answer was: "because I ran some commands six weeks ago and I haven't touched it since." Passwords lived in a notes file. Certificates were generated once with OpenSSL and forgotten until they expired. Secrets were committed to Git — sometimes as plaintext, sometimes base64-encoded, which is the same thing with extra steps. Every rebuild started ...
Post a Comment
Read more

Join Ubuntu 20.04 to Active Directory with SSSD and SSH Access

Join Ubuntu 20.04 to Active Directory with SSSD and SSH Access  Overview This guide walks you through joining an Ubuntu 20.04 machine to an Active Directory domain using SSSD, configuring PAM for AD user logins over SSH, and enabling automatic creation of home directories upon first login. We’ll also cover troubleshooting steps and verification commands. Environment Used Component Value Ubuntu Client       ubuntu-client.bazboutey.local Active Directory FQDN   bazboutey.local Realm (Kerberos)   BAZBOUTEY.LOCAL AD Admin Account   Administrator Step 1: Prerequisites and Package Installation 1.1 Update system and install required packages bash sudo apt update sudo apt install realmd sssd libnss-sss libpam-sss adcli \ samba-common-bin oddjob oddjob-mkhomedir packagekit \ libpam-modules openssh-server Step 2: Test DNS and Kerberos Configuration Ensure that the client can resolve the AD domain and discover services. 2.1 Test domain name resol...
Post a Comment
Read more