FreeBSD adopting a port: maomao

The Fediverse is a wonderful place, and the #FreeBSD community over there is rather active :-).

Justine Smithies is one those people with whom we have had multiple constructive interactions, and she has made lovely contributions to FreeBSD’s community, starting with her enthusiasm!

Recently, she’s been toying around with maomao, a Wayland compositor.

And I promised to create a port if she committed to keeping it up to date (neat trick to get new contributors!)

Let’s document both that process, and how she can keep those patches coming in to the ports tree!

Trying out Kubernetes: etcd

As part of trying out Kubernetes, we are going to set up etcd!

etcd is a “distributed reliable key-value store for the most critical data of a distributed system “

This is where Kubernetes state lives, given how important that is and how it seems to make sense to run it separated from the Kubernetes cluster for High Availability, we will be doing just that, using WMF’s etcd guide as inspiration for decisions that are important.

Trying out Kubernetes: Network and VMs

As part of trying out Kubernetes: planning, we are going to set up the network and VMs!

Quick reminder that this will be virtualised Linux on a FreeBSD physical host. This part is FreeBSD-specific.

Trying out Kubernetes: planning

Kubernetes turned 9 years old a couple months ago, so it’s about time I took a more serious look at it.

Kubernetes is an open-source container orchestration system for automating software deployment, scaling, and management.

I have followed its development somewhat closely and kept up with the concepts and architecture, even if I haven’t jumped to actually using it.

First it was due to waiting for things to get stable, then I decided to let the hype wear off.

Now, hype hasn’t worn off, but it is at least a topic treated with some level of nuance: Kubernetes is great, but it comes with some complexity; complexity that is not necessary in many cases. And so we have to make sure that the benefits actually outweigh the overhead for our particular use-case.

As that point nears and I have some days off, I jump in at learning the best way I know how to: by actually doing things and, this time around, by writing them down for future reference / to better ask for clarification.

Let’s create a “High Availability Kubernetes cluster”! (I guess we’ll [re]define what HA means here a couple times while doing the deed)

Note I do this from a FreeBSD laptop, against a FreeBSD physical host, but the actual Control Plane and Nodes will be running on bhyve Virtual Machines running Linux in that remote FreeBSD physical host. Should not be too relevant, it just makes networking easier =D (debatable, yes).

This will likely take several posts :-).

YubiKey: PGP and SSH authentication

I own a few YubiKeys and use them, a lot.

If not familiar with YubiKeys, they are hardware tokens that help improve security in multiple ways:

• They can do WebAuthn (modern web-based two factor authentication)
• They can hold secret keys in a way that cannot be extracted, supporting these operations:
  • Signature
  • Encryption
  • Authentication

The most common use, and what is already very useful, is using these hardware tokens for two-factor authentication. For that there are plenty of online resources (though, people certainly can use help understanding and setting that up).

What I really care about is the latter bit: securing secret keys, particularly when it comes to securing SSH access to servers, and how that fits with PGP.

Incidentally, this is where I see most online documentation falling short.

There are similar hardware tokens, YubiKeys are what I’m familiar with, and what I’ll assume here.