https://www.donaldsebleung.com/donaldsebleung2026-03-08T03:22:26.431927+00:00Donald Sebastian Leungdonaldsebleung@gmail.compython-feedgenhttps://www.donaldsebleung.com/assets/images/avatar.pngdonaldsebleung's personal website and DevOps bloghttps://donaldsebleung.com/blog/20260302-exploring-the-ascend-ecosystem-with-orangepi-aipro-20tExploring the Ascend ecosystem with OrangePi AIpro (20T)2026-03-02T00:00:00+08:00Donald Sebastian Leungdonaldsebleung@gmail.comOrangePi AIpro (20T) is a development board under the Orange Pi brand owned by Xunlong Software and released in 2024. It features 4 CPU cores plus a neural processing unit (NPU) based on Huawei's Ascend technology capable of running modern AI/ML workloads. The embedded NPU is capable of performing 20 TOPS or trillion operations per second.
Follow me as I unpack and set up my OrangePi AIpro (20T) development board for exploring AI/ML applications and use cases.Exploring the Ascend ecosystem with OrangePi AIpro (20T)2026-03-02T00:00:00+08:00https://donaldsebleung.com/blog/20260217-deploying-deepseek-r1-for-distributed-inferencing-with-rayDeploying DeepSeek-R1 for distributed inferencing with Ray2026-02-17T00:00:00+08:00Donald Sebastian Leungdonaldsebleung@gmail.comFollow me as I deploy a distilled variant of DeepSeek-R1 across 2 GPU-enabled cloud servers on Huawei Cloud with vLLM and Ray.Deploying DeepSeek-R1 for distributed inferencing with Ray2026-02-17T00:00:00+08:00https://donaldsebleung.com/blog/20260214-running-deepseek-r1-on-a-commodity-laptop-with-vllmRunning DeepSeek-R1 on a commodity laptop with vLLM2026-02-14T00:00:00+08:00Donald Sebastian Leungdonaldsebleung@gmail.comFollow me as I deploy my first locally hosted distilled variant of the DeepSeek-R1 model on a commodity Redmi Book 14 2024 laptop with vLLM in this exploratory lab.Running DeepSeek-R1 on a commodity laptop with vLLM2026-02-14T00:00:00+08:00https://donaldsebleung.com/blog/20260118-exploring-the-developer-ecosystem-on-huawei-matebook-proExploring the developer ecosystem on Huawei MateBook Pro2026-01-18T00:00:00+08:00Donald Sebastian Leungdonaldsebleung@gmail.comFollow me as I explore the developer tooling and ecosystem available on the Huawei MateBook Pro since HarmonyOS 6.x, plus some of the improvements that I would like to see on HarmonyOS 6.x in the near future.Exploring the developer ecosystem on Huawei MateBook Pro2026-01-18T00:00:00+08:00https://donaldsebleung.com/blog/20260117-implementing-gitops-practices-with-argo-cdImplementing GitOps practices with Argo CD2026-01-17T00:00:00+08:00Donald Sebastian Leungdonaldsebleung@gmail.comLearn how to deploy a sample podinfo application via GitOps with Argo CD using the Argo CD OperatorImplementing GitOps practices with Argo CD2026-01-17T00:00:00+08:00https://donaldsebleung.com/blog/20250923-configuring-rook-with-external-ceph-storageConfiguring Rook with external Ceph storage2025-09-23T00:00:00+08:00Donald Sebastian Leungdonaldsebleung@gmail.comLearn how to configure Rook to connect to an external Ceph cluster provisioned with cephadmConfiguring Rook with external Ceph storage2025-09-23T00:00:00+08:00https://donaldsebleung.com/blog/20250921-provisioning-ceph-storage-with-cephadmProvisioning Ceph storage with cephadm2025-09-21T00:00:00+08:00Donald Sebastian Leungdonaldsebleung@gmail.comLearn how to provision a Ceph cluster with cephadm and provision block storage for applicationsProvisioning Ceph storage with cephadm2025-09-21T00:00:00+08:00https://donaldsebleung.com/blog/20250420-implementing-pod-to-pod-encryption-with-istio-ambient-meshImplementing Pod-to-Pod encryption with Istio Ambient Mesh2025-04-20T00:00:00+08:00Donald Sebastian Leungdonaldsebleung@gmail.comLearn how to implement Pod-to-Pod encryption with Istio Ambient MeshImplementing Pod-to-Pod encryption with Istio Ambient Mesh2025-04-20T00:00:00+08:00https://donaldsebleung.com/blog/20250413-uncovering-a-reverse-shell-attack-in-real-timeUncovering a reverse shell attack in real time2025-04-13T00:00:00+08:00Donald Sebastian Leungdonaldsebleung@gmail.comUncovering a reverse shell attack in real time with Tracee and lessons learned from this incidentUncovering a reverse shell attack in real time2025-04-13T00:00:00+08:00https://donaldsebleung.com/blog/20250304-understanding-the-security-benefits-of-ebpf-based-vs-traditional-service-meshesUnderstanding the security benefits of eBPF-based vs. traditional service meshes2025-03-04T00:00:00+08:00Donald Sebastian Leungdonaldsebleung@gmail.comUnderstand the security pitfalls of traditional user-space service meshes and how eBPF-based service meshes elegantly address these issuesUnderstanding the security benefits of eBPF-based vs. traditional service meshes2025-03-04T00:00:00+08:00https://www.donaldsebleung.com/blog/20250119-operating-kafka-at-scale-with-strimziOperating Kafka at scale with Strimzi2025-01-19T00:00:00+08:00Donald Sebastian Leungdonaldsebleung@gmail.comDeploy, manage and scale Kafka clusters on Kubernetes with ease using the Strimzi operatorOperating Kafka at scale with Strimzi2025-01-19T00:00:00+08:00https://www.donaldsebleung.com/blog/20241228-enforcing-recommended-practices-on-kubernetes-with-validatingadmissionpolicyEnforcing recommended practices on Kubernetes with ValidatingAdmissionPolicy2024-12-28T00:00:00+08:00Donald Sebastian Leungdonaldsebleung@gmail.comEnforce compliance controls and mitigate platform vulnerabilities with Kubernetes ValidatingAdmissionPolicy.Enforcing recommended practices on Kubernetes with ValidatingAdmissionPolicy2024-12-28T00:00:00+08:00https://www.donaldsebleung.com/blog/20240609-protecting-stateful-workloads-on-kubernetes-with-kanisterProtecting stateful workloads on Kubernetes with Kanister2024-06-09T00:00:00+08:00Donald Sebastian Leungdonaldsebleung@gmail.comDefine application-specific backup and recovery operations for your stateful workloads on Kubernetes with Kanister, a CNCF sandbox project and an integral component of the enterprise-ready Veeam Kasten Kubernetes data protection platform.Protecting stateful workloads on Kubernetes with Kanister2024-06-09T00:00:00+08:00https://fedoramagazine.org/keycloak-on-fedora-workstation-with-podman/Keycloak on Fedora Workstation with Podman - Fedora Magazine2024-03-06T00:00:00+08:00Donald Sebastian Leungdonaldsebleung@gmail.comI would like to thank the Fedora Project for selecting my article on Keycloak for publication. Deploy an enterprise-ready identity and access management (IAM) solution with Podman on Fedora Linux with SSL/TLS encryption enabled, learn how to configure a realm with mandatory MFA enforcement for all users, create a user and observe single-sign on (SSO) in action with this hands-on lab.Keycloak on Fedora Workstation with Podman - Fedora Magazine2024-03-06T00:00:00+08:00https://www.donaldsebleung.com/blog/20240225-deploying-keycloak-on-fedora-workstation-with-podmanDeploying Keycloak on Fedora Workstation with Podman2024-02-25T00:00:00+08:00Donald Sebastian Leungdonaldsebleung@gmail.comDeploy an enterprise-ready identity and access management (IAM) solution with Podman on Fedora Linux with SSL/TLS encryption enabled, learn how to configure a realm with mandatory MFA enforcement for all users, create a user and observe single-sign on (SSO) in action with this hands-on lab.Deploying Keycloak on Fedora Workstation with Podman2024-02-25T00:00:00+08:00https://www.donaldsebleung.com/blog/20240213-running-workloads-at-the-edge-with-microk8sRunning workloads at the edge with MicroK8s2024-02-13T00:00:00+08:00Donald Sebastian Leungdonaldsebleung@gmail.comGet started with Kubernetes in no time with MicroK8s, deploy a website with just a few simple commands and obtain a verified HTTPs certificate automatically with cert-manager and Let's Encrypt.Running workloads at the edge with MicroK8s2024-02-13T00:00:00+08:00https://fedoramagazine.org/okd-on-fedora-workstation-with-crc/OKD on Fedora Workstation with CRC - Fedora Magazine2024-01-22T00:00:00+08:00Donald Sebastian Leungdonaldsebleung@gmail.comI would like to thank the Fedora Project for selecting my article on OKD for publication. Basic Kubernetes concepts are explained from the ground up - no prior Kubernetes experience required.OKD on Fedora Workstation with CRC - Fedora Magazine2024-01-22T00:00:00+08:00https://www.donaldsebleung.com/blog/20240114-exploring-openshift-with-crcExploring OpenShift with CRC2024-01-14T00:00:00+08:00Donald Sebastian Leungdonaldsebleung@gmail.comLearn all about OpenShift through this hands-on exploration session, the developer and operations friendly Kubernetes distro by Red Hat.Exploring OpenShift with CRC2024-01-14T00:00:00+08:00https://www.donaldsebleung.com/blog/20231226-running-stateful-workloads-on-kubernetes-with-rook-cephRunning stateful workloads on Kubernetes with Rook Ceph2023-12-26T00:00:00+08:00Donald Sebastian Leungdonaldsebleung@gmail.comLearn about the CNCF Graduated Rook Ceph distributed storage solution for providing redundant enterprise-grade storage for your on-premises Kubernetes clusters through this hands-on lab exercise.Running stateful workloads on Kubernetes with Rook Ceph2023-12-26T00:00:00+08:00https://www.donaldsebleung.com/blog/20231114-investigating-a-failed-volumesnapshot-with-nfs-on-kubernetesInvestigating a failed VolumeSnapshot with NFS on Kubernetes2023-11-14T00:00:00+08:00Donald Sebastian Leungdonaldsebleung@gmail.comUnderstand the security implications and drawbacks of adopting NFS as your storage backend for on-premises Kubernetes clusters so as to make an informed decision on selecting a secure, reliable, enterprise-ready storage backend for your on-premises Kubernetes clusters.Investigating a failed VolumeSnapshot with NFS on Kubernetes2023-11-14T00:00:00+08:00https://www.donaldsebleung.com/blog/20230916-configuring-an-ipsec-vpn-connection-with-openikedConfiguring an IPsec VPN connection with OpenIKED2023-09-16T00:00:00+08:00Donald Sebastian Leungdonaldsebleung@gmail.comTake a deep dive into applied computer networking by constructing two disconnected networks with OpenBSD as the gateway device in each subnet, then connect them together by establishing an IPsec VPN connection with OpenIKED.Configuring an IPsec VPN connection with OpenIKED2023-09-16T00:00:00+08:00https://www.donaldsebleung.com/blog/20230912-configuring-a-simple-router-with-openbsdConfiguring a simple router with OpenBSD2023-09-12T00:00:00+08:00Donald Sebastian Leungdonaldsebleung@gmail.comSolidify your knowledge on computer networking by installing OpenBSD on a physical or virtual appliance and configuring it as a gateway device.Configuring a simple router with OpenBSD2023-09-12T00:00:00+08:00https://www.donaldsebleung.com/blog/20230825-evaluating-and-securing-your-kubernetes-infrastructure-with-kube-benchEvaluating and securing your Kubernetes infrastructure with kube-bench2023-08-25T00:00:00+08:00Donald Sebastian Leungdonaldsebleung@gmail.comEvaluate your cluster against the CIS Kubernetes benchmark with kube-bench and apply remediations to ensure your cluster is compliant and secure.Evaluating and securing your Kubernetes infrastructure with kube-bench2023-08-25T00:00:00+08:00https://www.donaldsebleung.com/blog/20230819-scanning-and-remediating-vulnerabilities-with-grypeScanning and remediating vulnerabilities with Grype2023-08-19T00:00:00+08:00Donald Sebastian Leungdonaldsebleung@gmail.comUncover existing vulnerabilities with a container image scanning tool such as Grype and learn how to minimize the attack surface of your container images.Scanning and remediating vulnerabilities with Grype2023-08-19T00:00:00+08:00https://www.donaldsebleung.com/blog/20230802-implementing-continuous-delivery-pipelines-with-github-actionsImplementing continuous delivery pipelines with GitHub Actions2023-08-02T00:00:00+08:00Donald Sebastian Leungdonaldsebleung@gmail.comBuild an end-to-end (E2E) CI/CD pipeline from scratch for a Python microservice which automatically executes unit and integration tests, builds a container image from a Dockerfile, pushes the image to Docker Hub and deploys the microservice to a local kind Kubernetes cluster.Implementing continuous delivery pipelines with GitHub Actions2023-08-02T00:00:00+08:00https://www.donaldsebleung.com/blog/20230729-enabling-local-project-collaboration-with-giteaEnabling local project collaboration with Gitea2023-07-29T00:00:00+08:00Donald Sebastian Leungdonaldsebleung@gmail.comExplore how to deploy a lightweight private Git server with minimal effort to Kubernetes with Gitea and Helm.Enabling local project collaboration with Gitea2023-07-29T00:00:00+08:00https://www.donaldsebleung.com/blog/20230720-securing-your-kubernetes-workloads-with-sigstoreSecuring your Kubernetes workloads with Sigstore2023-07-20T00:00:00+08:00Donald Sebastian Leungdonaldsebleung@gmail.comLearn how to secure your CI/CD pipelines from software supply chain attacks by leveraging the Cosign and policy-controller projects from Sigstore.Securing your Kubernetes workloads with Sigstore2023-07-20T00:00:00+08:00https://www.donaldsebleung.com/blog/20230715-patching-a-directory-traversal-attack-vulnerabilityPatching a directory traversal attack vulnerability2023-07-15T00:00:00+08:00Donald Sebastian Leungdonaldsebleung@gmail.comLearn how seemingly innocuous bugs in Python code can manifest themselves as security loopholes that can be exploited by malicious actors and how to prevent these bugs from appearing in the first place.Patching a directory traversal attack vulnerability2023-07-15T00:00:00+08:00https://www.donaldsebleung.com/blog/20230715-migrating-my-personal-website-to-an-event-driven-serverless-architectureMigrating my personal website to an event-driven serverless architecture2023-07-15T00:00:00+08:00Donald Sebastian Leungdonaldsebleung@gmail.comExplore the motivation behind migrating my personal website from a traditional LAMP architecture to a cloud native serverless architecture and the advantages of doing so.Migrating my personal website to an event-driven serverless architecture2023-07-15T00:00:00+08:00