Joseph's wells

 https://jsty.tistory.com/331 https://github.com/jc-lab/go-tls-psk

 https://jsty.tistory.com/330 There was a problem that could not access github.com in the docker container executed through dockerd(dind) on Kubernetes. All other sites worked for the most part. Connection that work: echo "" | openssl s_client -connect dl-cdn.alpinelinux.org:443 CONNECTED(00000003) depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return :1 depth=1 C = US, O = Let 's Encrypt, CN = R3 verify return:1 depth=0 CN = dl-cdn.alpinelinux.org verify return:1 --- Certificate chain 0 s:CN = dl-cdn.alpinelinux.org i:C = US, O = Let' s Encrypt, CN = R3 1 s:C = US, O = Let 's Encrypt, CN = R3 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1 i:O = Digital Signature Trust Co., CN = DST Root CA X3 --- Server certificate -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- subject=CN = dl-cdn.alpinelinux.org issuer=C = US, O = Let&

This article is a mirror of https://jsty.tistory.com/326 There may be updates to the original article. Kubernetes' kubelet communicates with kube-apiserver. So, if there are multiple control plane nodes, need to create a Domain or VIP and implement it so that it can be connected to a live Control Plane node through a Load Balancer. However, I installed RKE2 as Elemental, but I had a problem. This is because there was no way to set up such a Load Balancer. (If you just install RKE2, you can set the server address, but if you provision with elemental and rancher, it will be configured automatically) So if the first provisioned control plane node dies, how do other nodes communicate? I asked RKE2 Slack. > https://rancher-users.slack.com/archives/C3ASABBD1/p1666656986435839 According to the above, even if Rancher dies, the provisioned cluster operates alone, and after Node Join, the address of the control node becomes caching for all nodes, so that the load balances itself. And, if

I used pkcs11-proxy for EJBCA-CE, but the signature didn't work. 2022-10-26 10:18:14,995+0000 ERROR [org.cesecore.certificates.certificate.CertificateCreateSessionBean] (default task-4) Error creating certificate: org.bouncycastle.operator.OperatorCreationException: cannot create signer: no such algorithm: SHA512WITHRSA for provider SunPKCS11-p11proxy-client.so-slot0 at deployment.ejbca.ear//org.bouncycastle.operator.jcajce.JcaContentSignerBuilder.build(Unknown Source) at deployment.ejbca.ear//org.cesecore.certificates.ca.X509CAImpl.generateCertificate(X509CAImpl.java:1698) at deployment.ejbca.ear//org.cesecore.certificates.ca.X509CAImpl.generateCertificate(X509CAImpl.java:1117) at deployment.ejbca.ear.cesecore-ejb.jar//org.cesecore.certificates.certificate.CertificateCreateSessionBean.createCertificate(CertificateCreateSessionBean.java:563) at deployment.ejbca.ear.cesecore-ejb.jar//org.cesecore.certificates.certificate.CertificateCreate