FluxCD: Continuous Deployment with GitOps

Background In the Korthweb project, I landed on Istio for the Ingress Gateway technology. I first attempted to expand the orthanc Helm Chart to bring Istio as dependency (sub-chart). One of the external chart for Istio gateway needs to be referenced multiple times (for ingress and egress). However, it cannot even be used as dependency … Read moreFluxCD: Continuous Deployment with GitOps

Creating self-signed x.509 certificate

In deployment automation, I often had to create self-signed X509 certificate for testing. This post summarized the three approaches I’ve taken. The OpenSSL way Traditionally, this is done in three OpenSSL commands: I have an older post to cover the basics of cryptography in TLS certificate and PKI. In the three commands above, the first … Read moreCreating self-signed x.509 certificate

From Ingress to Gateway: why my solution needs Istio Gateways on Kubernetes platforms

In my Korthweb project I was researching for the best ingress mechanism for HTTP and TCP workload, both of which need to be secured. I started with Kubernetes Ingress but eventually decided to go with Istio Gateway. This blog post is about the justification. In this essay, I will make the distinction between Ingress and … Read moreFrom Ingress to Gateway: why my solution needs Istio Gateways on Kubernetes platforms

AKS Lessons Learned 2 of 2

Even though Azure Kubernetes Service (AKS) is a managed service, building a cluster is not trivial. For help resources, I would start with the webinar “Configure Your AKS cluster with Confidence” from April 2021, which focuses on a set of working best practices (convention over configuration) but obviously not every recommendation suits every use case. … Read moreAKS Lessons Learned 2 of 2

AKS Lessons Learned 1 of 2

In general, troubleshooting Kubernetes is tricky. That is because one has to get in and out of pods. I took two days to troubleshoot some networking issues with private AKS cluster. For the amount of of tricks I had to employ, I need to take some notes. The issue After writing the Terraform code, I … Read moreAKS Lessons Learned 1 of 2

From Microservice to Service Mesh

Microservice Microservice as an architecture was firstly conceptualized in this article by Martin Fowler in 2014. It covers the pros (strong module boundaries, independent deployment, technology diversity) and cons (dealing with distributed system, eventual consistency, operational complexity). The reality is, many teams develops their product with the microservice architectural pattern. The implementation of microservice architecture … Read moreFrom Microservice to Service Mesh