Deep Dive into Enterprise IT
Background There are many benefits of using OIDC to authenticate to kube-api server, especially with multiple clusters that need consistent log-in experience. With the last post on how OIDC Authorization Code Flow works, now I will discuss options with authentication for kubectl to connect to kube API server. To start, let’s look at the anatomy … Read moreAuthentication to kube-apiserver via OIDC
Managed Kubernetes services give user a cluster endpoint and a number of worker nodes, with the choice. For each access, users have the choice of making them publicly available, or keeping them on private networking. In my opinion, any deployment beyond personal hobbies, should use Kubernetes private cluster, with both cluster endpoint and worker nodes … Read moreConnect kubectl to private Kubernetes cluster in EKS and AKS
Update: also read my other article here on the different generations of ingress technologies. In my Korthweb project I was researching for the best ingress mechanism for HTTP and TCP workload, both of which need to be secured. I started with Kubernetes Ingress but eventually decided to go with Istio Gateway. This blog post is … Read moreFrom Ingress to CRD: why my solution needs Istio Gateways on Kubernetes platforms
Even though Azure Kubernetes Service (AKS) is a managed service, building a cluster is not trivial. For help resources, I would start with the webinar “Configure Your AKS cluster with Confidence” from April 2021, which focuses on a set of working best practices (convention over configuration) but obviously not every recommendation suits every use case. … Read moreAKS Lessons Learned 2 of 2
In general, troubleshooting Kubernetes is tricky. That is because one has to get in and out of pods. I took two days to troubleshoot some networking issues with private AKS cluster. For the amount of of tricks I had to employ, I need to take some notes. The issue After writing the Terraform code, I … Read moreAKS Lessons Learned 1 of 2