Search Results for: vSphere with Kubernetes

Lab Deployment Scripts

Physical Lab Deployment Scripts:

Minimal VMware Cloud Foundation (VCF) 5.x in a Box

Nested Lab Deployment Scripts:

vCenter Server Identity Federation with Keycloak Identity Provider without SCIM

01.21.2025 by William Lam // 3 Comments

After publishing my recent article about using Authentik as an Identity Provider (IdP) for vCenter Server, which I have recieved a lot of positive feedback both internally (including a small typo note from my VP 😅 ) and externally, I had several folks ask whether the same could also be accomplished with another popular open source IdP called Keycloak.

While I have not personally worked with Keycloak before, I know it is a popular identity provider solution for modern applications, especially within a Kubernetes environment. After getting Keycloak up and running, I found out that it does NOT have support for a System for Cross-domain Identity Management (SCIM) server, which is used to automatically synchronize your users and groups from your IdP to your clients, which would be vCenter Server in this case.

While there are a couple of 3rd party SCIM providers for Keycloak such as this one, they were either out of date or just did not work for me and after a few hours of troubleshooting, I eventually gave up. It certainly would have been nice to have SCIM server out of the box with a nice UX like Authentik.

I figured I was completely out of luck with using Keylock as an IdP for vCenter Server, because it needs to know about the users before you can assign vSphere Permissions. As a last resort, I pinged a few folks from our IdP team to see if there were any tricks I that I could leverage given the lack of SCIM server support. It turns out since vCenter Server uses the Identity Broker (vIDB) for Identity Federation, there is an option for manually publishing users into vIDB by leveraging its APIs! 🤩

Disclaimer: Keycloak is currently not an officially supported vCenter Server IdP, please use at your own risk.

[Read more...]

How to setup Harbor registry on Synology

10.18.2023 by William Lam // 6 Comments

With my recent exploration of GenAI and using a private ChatGPT solution with my own blog posts, I quickly realized in the space of AI/ML, the required software dependencies can take up a significant amount of storage, especially for a kubernetes/container-based deployment.

To give you an example, to deploy the private ChatGPT (h2ogpt) application using kubernetes, just the container image itself is a whopping 40GB+! 😲

Unfourntately, this is not a one off scenario but a common theme when working in the AI/ML space that the size of the packages and drivers are extremely large even when using containers. I figure I should probably setup my own container registry instead of pulling directly from the Internet given the size of these images.

I already have a local Harbor instance running in a VM but with my Synology, I have been using it centralize a number of functions and that would be the ideal place to actually run Harbor. While you can run individual containers on the Synology as I have demonstrated HERE with GitLab, the Harbor installation processes relies on Docker Compose, which Synology does not natively support using the Synology DiskStation Manager (DSM) interface.

With a little bit of tinkering and trial/error, I was able to finally get Harbor running on my Synology and centralize all my storage needs including having my own container registry.

[Read more...]