https://www.donaldsebleung.com/feed/rss donaldsebleung's personal website and DevOps blog http://www.rssboard.org/rss-specification python-feedgen https://www.donaldsebleung.com/assets/images/avatar.png https://www.donaldsebleung.com/feed/rss en Sun, 08 Mar 2026 02:54:20 +0000 https://donaldsebleung.com/blog/20260302-exploring-the-ascend-ecosystem-with-orangepi-aipro-20t Exploring the Ascend ecosystem with OrangePi AIpro (20T) OrangePi AIpro (20T) is a development board under the Orange Pi brand owned by Xunlong Software and released in 2024. It features 4 CPU cores plus a neural processing unit (NPU) based on Huawei's Ascend technology capable of running modern AI/ML workloads. The embedded NPU is capable of performing 20 TOPS or trillion operations per second. Follow me as I unpack and set up my OrangePi AIpro (20T) development board for exploring AI/ML applications and use cases. donaldsebleung@gmail.com (Donald Sebastian Leung) https://donaldsebleung.com/blog/20260302-exploring-the-ascend-ecosystem-with-orangepi-aipro-20t Mon, 02 Mar 2026 00:00:00 +0800 https://donaldsebleung.com/blog/20260217-deploying-deepseek-r1-for-distributed-inferencing-with-ray Deploying DeepSeek-R1 for distributed inferencing with Ray Follow me as I deploy a distilled variant of DeepSeek-R1 across 2 GPU-enabled cloud servers on Huawei Cloud with vLLM and Ray. donaldsebleung@gmail.com (Donald Sebastian Leung) https://donaldsebleung.com/blog/20260217-deploying-deepseek-r1-for-distributed-inferencing-with-ray Tue, 17 Feb 2026 00:00:00 +0800 https://donaldsebleung.com/blog/20260214-running-deepseek-r1-on-a-commodity-laptop-with-vllm Running DeepSeek-R1 on a commodity laptop with vLLM Follow me as I deploy my first locally hosted distilled variant of the DeepSeek-R1 model on a commodity Redmi Book 14 2024 laptop with vLLM in this exploratory lab. donaldsebleung@gmail.com (Donald Sebastian Leung) https://donaldsebleung.com/blog/20260214-running-deepseek-r1-on-a-commodity-laptop-with-vllm Sat, 14 Feb 2026 00:00:00 +0800 https://donaldsebleung.com/blog/20260118-exploring-the-developer-ecosystem-on-huawei-matebook-pro Exploring the developer ecosystem on Huawei MateBook Pro Follow me as I explore the developer tooling and ecosystem available on the Huawei MateBook Pro since HarmonyOS 6.x, plus some of the improvements that I would like to see on HarmonyOS 6.x in the near future. donaldsebleung@gmail.com (Donald Sebastian Leung) https://donaldsebleung.com/blog/20260118-exploring-the-developer-ecosystem-on-huawei-matebook-pro Sun, 18 Jan 2026 00:00:00 +0800 https://donaldsebleung.com/blog/20260117-implementing-gitops-practices-with-argo-cd Implementing GitOps practices with Argo CD Learn how to deploy a sample podinfo application via GitOps with Argo CD using the Argo CD Operator donaldsebleung@gmail.com (Donald Sebastian Leung) https://donaldsebleung.com/blog/20260117-implementing-gitops-practices-with-argo-cd Sat, 17 Jan 2026 00:00:00 +0800 https://donaldsebleung.com/blog/20250923-configuring-rook-with-external-ceph-storage Configuring Rook with external Ceph storage Learn how to configure Rook to connect to an external Ceph cluster provisioned with cephadm donaldsebleung@gmail.com (Donald Sebastian Leung) https://donaldsebleung.com/blog/20250923-configuring-rook-with-external-ceph-storage Tue, 23 Sep 2025 00:00:00 +0800 https://donaldsebleung.com/blog/20250921-provisioning-ceph-storage-with-cephadm Provisioning Ceph storage with cephadm Learn how to provision a Ceph cluster with cephadm and provision block storage for applications donaldsebleung@gmail.com (Donald Sebastian Leung) https://donaldsebleung.com/blog/20250921-provisioning-ceph-storage-with-cephadm Sun, 21 Sep 2025 00:00:00 +0800 https://donaldsebleung.com/blog/20250420-implementing-pod-to-pod-encryption-with-istio-ambient-mesh Implementing Pod-to-Pod encryption with Istio Ambient Mesh Learn how to implement Pod-to-Pod encryption with Istio Ambient Mesh donaldsebleung@gmail.com (Donald Sebastian Leung) https://donaldsebleung.com/blog/20250420-implementing-pod-to-pod-encryption-with-istio-ambient-mesh Sun, 20 Apr 2025 00:00:00 +0800 https://donaldsebleung.com/blog/20250413-uncovering-a-reverse-shell-attack-in-real-time Uncovering a reverse shell attack in real time Uncovering a reverse shell attack in real time with Tracee and lessons learned from this incident donaldsebleung@gmail.com (Donald Sebastian Leung) https://donaldsebleung.com/blog/20250413-uncovering-a-reverse-shell-attack-in-real-time Sun, 13 Apr 2025 00:00:00 +0800 https://donaldsebleung.com/blog/20250304-understanding-the-security-benefits-of-ebpf-based-vs-traditional-service-meshes Understanding the security benefits of eBPF-based vs. traditional service meshes Understand the security pitfalls of traditional user-space service meshes and how eBPF-based service meshes elegantly address these issues donaldsebleung@gmail.com (Donald Sebastian Leung) https://donaldsebleung.com/blog/20250304-understanding-the-security-benefits-of-ebpf-based-vs-traditional-service-meshes Tue, 04 Mar 2025 00:00:00 +0800 https://www.donaldsebleung.com/blog/20250119-operating-kafka-at-scale-with-strimzi Operating Kafka at scale with Strimzi Deploy, manage and scale Kafka clusters on Kubernetes with ease using the Strimzi operator donaldsebleung@gmail.com (Donald Sebastian Leung) https://www.donaldsebleung.com/blog/20250119-operating-kafka-at-scale-with-strimzi Sun, 19 Jan 2025 00:00:00 +0800 https://www.donaldsebleung.com/blog/20241228-enforcing-recommended-practices-on-kubernetes-with-validatingadmissionpolicy Enforcing recommended practices on Kubernetes with ValidatingAdmissionPolicy Enforce compliance controls and mitigate platform vulnerabilities with Kubernetes ValidatingAdmissionPolicy. donaldsebleung@gmail.com (Donald Sebastian Leung) https://www.donaldsebleung.com/blog/20241228-enforcing-recommended-practices-on-kubernetes-with-validatingadmissionpolicy Sat, 28 Dec 2024 00:00:00 +0800 https://www.donaldsebleung.com/blog/20240609-protecting-stateful-workloads-on-kubernetes-with-kanister Protecting stateful workloads on Kubernetes with Kanister Define application-specific backup and recovery operations for your stateful workloads on Kubernetes with Kanister, a CNCF sandbox project and an integral component of the enterprise-ready Veeam Kasten Kubernetes data protection platform. donaldsebleung@gmail.com (Donald Sebastian Leung) https://www.donaldsebleung.com/blog/20240609-protecting-stateful-workloads-on-kubernetes-with-kanister Sun, 09 Jun 2024 00:00:00 +0800 https://fedoramagazine.org/keycloak-on-fedora-workstation-with-podman/ Keycloak on Fedora Workstation with Podman - Fedora Magazine I would like to thank the Fedora Project for selecting my article on Keycloak for publication. Deploy an enterprise-ready identity and access management (IAM) solution with Podman on Fedora Linux with SSL/TLS encryption enabled, learn how to configure a realm with mandatory MFA enforcement for all users, create a user and observe single-sign on (SSO) in action with this hands-on lab. donaldsebleung@gmail.com (Donald Sebastian Leung) https://fedoramagazine.org/keycloak-on-fedora-workstation-with-podman/ Wed, 06 Mar 2024 00:00:00 +0800 https://www.donaldsebleung.com/blog/20240225-deploying-keycloak-on-fedora-workstation-with-podman Deploying Keycloak on Fedora Workstation with Podman Deploy an enterprise-ready identity and access management (IAM) solution with Podman on Fedora Linux with SSL/TLS encryption enabled, learn how to configure a realm with mandatory MFA enforcement for all users, create a user and observe single-sign on (SSO) in action with this hands-on lab. donaldsebleung@gmail.com (Donald Sebastian Leung) https://www.donaldsebleung.com/blog/20240225-deploying-keycloak-on-fedora-workstation-with-podman Sun, 25 Feb 2024 00:00:00 +0800 https://www.donaldsebleung.com/blog/20240213-running-workloads-at-the-edge-with-microk8s Running workloads at the edge with MicroK8s Get started with Kubernetes in no time with MicroK8s, deploy a website with just a few simple commands and obtain a verified HTTPs certificate automatically with cert-manager and Let's Encrypt. donaldsebleung@gmail.com (Donald Sebastian Leung) https://www.donaldsebleung.com/blog/20240213-running-workloads-at-the-edge-with-microk8s Tue, 13 Feb 2024 00:00:00 +0800 https://fedoramagazine.org/okd-on-fedora-workstation-with-crc/ OKD on Fedora Workstation with CRC - Fedora Magazine I would like to thank the Fedora Project for selecting my article on OKD for publication. Basic Kubernetes concepts are explained from the ground up - no prior Kubernetes experience required. donaldsebleung@gmail.com (Donald Sebastian Leung) https://fedoramagazine.org/okd-on-fedora-workstation-with-crc/ Mon, 22 Jan 2024 00:00:00 +0800 https://www.donaldsebleung.com/blog/20240114-exploring-openshift-with-crc Exploring OpenShift with CRC Learn all about OpenShift through this hands-on exploration session, the developer and operations friendly Kubernetes distro by Red Hat. donaldsebleung@gmail.com (Donald Sebastian Leung) https://www.donaldsebleung.com/blog/20240114-exploring-openshift-with-crc Sun, 14 Jan 2024 00:00:00 +0800 https://www.donaldsebleung.com/blog/20231226-running-stateful-workloads-on-kubernetes-with-rook-ceph Running stateful workloads on Kubernetes with Rook Ceph Learn about the CNCF Graduated Rook Ceph distributed storage solution for providing redundant enterprise-grade storage for your on-premises Kubernetes clusters through this hands-on lab exercise. donaldsebleung@gmail.com (Donald Sebastian Leung) https://www.donaldsebleung.com/blog/20231226-running-stateful-workloads-on-kubernetes-with-rook-ceph Tue, 26 Dec 2023 00:00:00 +0800 https://www.donaldsebleung.com/blog/20231114-investigating-a-failed-volumesnapshot-with-nfs-on-kubernetes Investigating a failed VolumeSnapshot with NFS on Kubernetes Understand the security implications and drawbacks of adopting NFS as your storage backend for on-premises Kubernetes clusters so as to make an informed decision on selecting a secure, reliable, enterprise-ready storage backend for your on-premises Kubernetes clusters. donaldsebleung@gmail.com (Donald Sebastian Leung) https://www.donaldsebleung.com/blog/20231114-investigating-a-failed-volumesnapshot-with-nfs-on-kubernetes Tue, 14 Nov 2023 00:00:00 +0800 https://www.donaldsebleung.com/blog/20230916-configuring-an-ipsec-vpn-connection-with-openiked Configuring an IPsec VPN connection with OpenIKED Take a deep dive into applied computer networking by constructing two disconnected networks with OpenBSD as the gateway device in each subnet, then connect them together by establishing an IPsec VPN connection with OpenIKED. donaldsebleung@gmail.com (Donald Sebastian Leung) https://www.donaldsebleung.com/blog/20230916-configuring-an-ipsec-vpn-connection-with-openiked Sat, 16 Sep 2023 00:00:00 +0800 https://www.donaldsebleung.com/blog/20230912-configuring-a-simple-router-with-openbsd Configuring a simple router with OpenBSD Solidify your knowledge on computer networking by installing OpenBSD on a physical or virtual appliance and configuring it as a gateway device. donaldsebleung@gmail.com (Donald Sebastian Leung) https://www.donaldsebleung.com/blog/20230912-configuring-a-simple-router-with-openbsd Tue, 12 Sep 2023 00:00:00 +0800 https://www.donaldsebleung.com/blog/20230825-evaluating-and-securing-your-kubernetes-infrastructure-with-kube-bench Evaluating and securing your Kubernetes infrastructure with kube-bench Evaluate your cluster against the CIS Kubernetes benchmark with kube-bench and apply remediations to ensure your cluster is compliant and secure. donaldsebleung@gmail.com (Donald Sebastian Leung) https://www.donaldsebleung.com/blog/20230825-evaluating-and-securing-your-kubernetes-infrastructure-with-kube-bench Fri, 25 Aug 2023 00:00:00 +0800 https://www.donaldsebleung.com/blog/20230819-scanning-and-remediating-vulnerabilities-with-grype Scanning and remediating vulnerabilities with Grype Uncover existing vulnerabilities with a container image scanning tool such as Grype and learn how to minimize the attack surface of your container images. donaldsebleung@gmail.com (Donald Sebastian Leung) https://www.donaldsebleung.com/blog/20230819-scanning-and-remediating-vulnerabilities-with-grype Sat, 19 Aug 2023 00:00:00 +0800 https://www.donaldsebleung.com/blog/20230802-implementing-continuous-delivery-pipelines-with-github-actions Implementing continuous delivery pipelines with GitHub Actions Build an end-to-end (E2E) CI/CD pipeline from scratch for a Python microservice which automatically executes unit and integration tests, builds a container image from a Dockerfile, pushes the image to Docker Hub and deploys the microservice to a local kind Kubernetes cluster. donaldsebleung@gmail.com (Donald Sebastian Leung) https://www.donaldsebleung.com/blog/20230802-implementing-continuous-delivery-pipelines-with-github-actions Wed, 02 Aug 2023 00:00:00 +0800 https://www.donaldsebleung.com/blog/20230729-enabling-local-project-collaboration-with-gitea Enabling local project collaboration with Gitea Explore how to deploy a lightweight private Git server with minimal effort to Kubernetes with Gitea and Helm. donaldsebleung@gmail.com (Donald Sebastian Leung) https://www.donaldsebleung.com/blog/20230729-enabling-local-project-collaboration-with-gitea Sat, 29 Jul 2023 00:00:00 +0800 https://www.donaldsebleung.com/blog/20230720-securing-your-kubernetes-workloads-with-sigstore Securing your Kubernetes workloads with Sigstore Learn how to secure your CI/CD pipelines from software supply chain attacks by leveraging the Cosign and policy-controller projects from Sigstore. donaldsebleung@gmail.com (Donald Sebastian Leung) https://www.donaldsebleung.com/blog/20230720-securing-your-kubernetes-workloads-with-sigstore Thu, 20 Jul 2023 00:00:00 +0800 https://www.donaldsebleung.com/blog/20230715-patching-a-directory-traversal-attack-vulnerability Patching a directory traversal attack vulnerability Learn how seemingly innocuous bugs in Python code can manifest themselves as security loopholes that can be exploited by malicious actors and how to prevent these bugs from appearing in the first place. donaldsebleung@gmail.com (Donald Sebastian Leung) https://www.donaldsebleung.com/blog/20230715-patching-a-directory-traversal-attack-vulnerability Sat, 15 Jul 2023 00:00:00 +0800 https://www.donaldsebleung.com/blog/20230715-migrating-my-personal-website-to-an-event-driven-serverless-architecture Migrating my personal website to an event-driven serverless architecture Explore the motivation behind migrating my personal website from a traditional LAMP architecture to a cloud native serverless architecture and the advantages of doing so. donaldsebleung@gmail.com (Donald Sebastian Leung) https://www.donaldsebleung.com/blog/20230715-migrating-my-personal-website-to-an-event-driven-serverless-architecture Sat, 15 Jul 2023 00:00:00 +0800