Orchestrate Landing Zone with Landing Zone Accelerator on AWS

As a continuation to the last post, we explore the Landing Zone Accelerator on AWS (LZA) as an orchestration tool in this post. LZA borrows a lot from the ASEA, an accelerator project to deploy the security reference architecture (SRA). LZA however, is a multi-purpose project that consists of both the orchestration engine and a … Read moreOrchestrate Landing Zone with Landing Zone Accelerator on AWS

Orchestrate Landing Zone with AWS Control Tower

Following an introduction to AWS Landing Zone, I’ll dive deeper into Control Tower as an orchestration tool in this post. More on Landing Zone In data center operation, there are numerous tasks that other teams have to complete before the the deployment of an application. For example, the 42U server cabinet must be in place … Read moreOrchestrate Landing Zone with AWS Control Tower

Authentication to kube-apiserver via OIDC

Background There are many benefits of using OIDC to authenticate to kube-api server, especially with multiple clusters that need consistent log-in experience. With the last post on how OIDC Authorization Code Flow works, now I will discuss options with authentication for kubectl to connect to kube API server. To start, let’s look at the anatomy … Read moreAuthentication to kube-apiserver via OIDC

OAuth 2.0 and OIDC 2 of 2

I wrote a brief on this topic a while back. Now I need to configure OIDC in a few occasions I decide to dive deeper into the flows this time. As I stated in the last post, Nate Barbettini’s presentation from 2017 was awesome and I viewed it again. Slides are available here. Another great … Read moreOAuth 2.0 and OIDC 2 of 2

Kubernetes Platform as a Service and Red Hat OpenShift

The Three-layer model Kubernetes is so complex that it becomes a buzz word itself. I categorize the related work into three layers: a cluster layer, a platform layer and an application layer, by their purposes. The three layers are illustrated as below: Kubernetes Platform Kubernetes Platform Kubernetes Cluster Kubernetes Cluster Application Application AKS, EKS, self-built … Read moreKubernetes Platform as a Service and Red Hat OpenShift

Connect kubectl to private Kubernetes cluster in EKS and AKS

Managed Kubernetes services give user a cluster endpoint and a number of worker nodes, with the choice. For each access, users have the choice of making them publicly available, or keeping them on private networking. In my opinion, any deployment beyond personal hobbies, should use Kubernetes private cluster, with both cluster endpoint and worker nodes … Read moreConnect kubectl to private Kubernetes cluster in EKS and AKS