Published on

March 2025 Update

WiCyS Security Training Scholarship Update

Passed my GFACT within roughly a month. Had three months to take the exam, but was pretty confident that I didn't need that long. Turns out I was right:

GFACT Score

Looking forward to starting GSEC and GCIH! Until I get my GSEC materials I'll be working on my DevOps skills.

Cloud Native PostgreSQL

I've been developing a web scraping project to enable sharing of RSS subscription bundles. I usually use docker to spin up my dev database, but I wanted to use something more like the eventual production environment. Since I always insist on doing everything the difficult way, I chose a Kubernetes cluster. Some of the scraping services will likely run in k8s anyway, so this helps me get practice for that. Currently this is just running on my desktop, but I have separate clusters on both my HDD NAS and beefier SSD based server.

Install latest operator manifest:

kubectl apply -f https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/release-1.17/releases/cnpg-1.17.5.yaml

Verify with:

kubectl get deploy -n cnpg-system cnpg-controller-manager

Create YAML:

apiVersion: v1
kind: Namespace
metadata:
  name: cnpg
  labels:
    name: cnpg
---
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
  name: cnpg
  namespace: cnpg
spec:
  instances: 3
  storage:
    size: 1Gi
  superuserSecret:
    name: postgres-superuser-secret
  bootstrap:
    initdb:
      database: appdb
      owner: app
      secret:
        name: app-secret
      postInitSQL:
        - "ALTER ROLE app WITH CREATEDB;"
---
apiVersion: v1
kind: Service
metadata:
  name: cnpg-rw
  namespace: cnpg
  labels:
    cnpg.io/cluster: cnpg
    role: primary
spec:
  type: LoadBalancer
  ports:
    - port: 5432
      targetPort: 5432
      protocol: TCP
  selector:
    cnpg.io/cluster: cnpg
    role: primary

Create Secrets:

kubectl create secret generic postgres-superuser-secret -n cnpg --from-literal=username=postgres --from-literal=password=postgres

secret/postgres-superuser-secret created

kubectl create secret generic app-secret -n cnpg --from-literal=username=app --from-literal=password=password

secret/app-secret created

3. Apply YAML:

kubectl get pods -n cnpg

NAME     READY   STATUS    RESTARTS       AGE
cnpg-1   1/1     Running   1 (143m ago)   13h
cnpg-2   1/1     Running   1 (143m ago)   13h
cnpg-3   1/1     Running   1 (143m ago)   13h

Verify LoadBalancer service attached to cnpg-rw:

kubectl get svc cnpg-rw -n cnpg

NAME      TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE
cnpg-rw   LoadBalancer   10.106.149.156   localhost     5432:32502/TCP   13h