Joseph's wells

gRPC over Anything https://github.com/jc-lab/grpc-over/tree/master/java WebSocket Example:  https://github.com/jc-lab/grpc-over/tree/master/java/websocket

 https://jsty.tistory.com/331 https://github.com/jc-lab/go-tls-psk

 https://jsty.tistory.com/330 There was a problem that could not access github.com in the docker container executed through dockerd(dind) on Kubernetes. All other sites worked for the most part. Connection that work: echo "" | openssl s_client -connect dl-cdn.alpinelinux.org:443 CONNECTED(00000003) depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return :1 depth=1 C = US, O = Let 's Encrypt, CN = R3 verify return:1 depth=0 CN = dl-cdn.alpinelinux.org verify return:1 --- Certificate chain 0 s:CN = dl-cdn.alpinelinux.org i:C = US, O = Let' s Encrypt, CN = R3 1 s:C = US, O = Let 's Encrypt, CN = R3 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1 i:O = Digital Signature Trust Co., CN = DST Root CA X3 --- Server certificate -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- subject=CN = dl-cdn.alpinelinux.org issuer=C = US, O = Let&

This article is a mirror of https://jsty.tistory.com/326 There may be updates to the original article. Kubernetes' kubelet communicates with kube-apiserver. So, if there are multiple control plane nodes, need to create a Domain or VIP and implement it so that it can be connected to a live Control Plane node through a Load Balancer. However, I installed RKE2 as Elemental, but I had a problem. This is because there was no way to set up such a Load Balancer. (If you just install RKE2, you can set the server address, but if you provision with elemental and rancher, it will be configured automatically) So if the first provisioned control plane node dies, how do other nodes communicate? I asked RKE2 Slack. > https://rancher-users.slack.com/archives/C3ASABBD1/p1666656986435839 According to the above, even if Rancher dies, the provisioned cluster operates alone, and after Node Join, the address of the control node becomes caching for all nodes, so that the load balances itself. And, if

I used pkcs11-proxy for EJBCA-CE, but the signature didn't work. 2022-10-26 10:18:14,995+0000 ERROR [org.cesecore.certificates.certificate.CertificateCreateSessionBean] (default task-4) Error creating certificate: org.bouncycastle.operator.OperatorCreationException: cannot create signer: no such algorithm: SHA512WITHRSA for provider SunPKCS11-p11proxy-client.so-slot0 at deployment.ejbca.ear//org.bouncycastle.operator.jcajce.JcaContentSignerBuilder.build(Unknown Source) at deployment.ejbca.ear//org.cesecore.certificates.ca.X509CAImpl.generateCertificate(X509CAImpl.java:1698) at deployment.ejbca.ear//org.cesecore.certificates.ca.X509CAImpl.generateCertificate(X509CAImpl.java:1117) at deployment.ejbca.ear.cesecore-ejb.jar//org.cesecore.certificates.certificate.CertificateCreateSessionBean.createCertificate(CertificateCreateSessionBean.java:563) at deployment.ejbca.ear.cesecore-ejb.jar//org.cesecore.certificates.certificate.CertificateCreate

This article is a mirror of https://jsty.tistory.com/324 There may be updates to the original article. ejbca-ee can be integrated with HSM. >  https://github.com/Keyfactor/ejbca-containers/blob/master/hsm-integration/hsm-drivers/hsm-driver-softhsm/Containerfile However, registry.primekey.com is not accessible as it is a paid repository. So, I implement it using the open source pkcs11-proxy. See https://gist.github.com/jclab-joseph/973d06db6856a8e5cb851909fbc7268b And  https://github.com/jc-lab/hsm-driver-opensc hsm-driver-opensc originally tried to implement opensc but failed and replaced it with pkcs11-proxy.