Istio External Authorization via OIDC

Istio service mesh allows application developers to offload non-core features to infrastructure layer. We explored authentication and authorization with Istio in a basic lab. In this post we continue to explore its capabilities with OIDC integration. This capability is made available thanks to the CUSTOM action in authorization policy, supported since the release of 1.9. … Read moreIstio External Authorization via OIDC

FluxCD: Continuous Deployment with GitOps

This post explains why I land on FluxCD GitOps for my project. Let’s star Background In the Korthweb project, I landed on Istio for the Ingress Gateway technology. I first attempted to expand the orthanc Helm Chart to bring Istio as dependency (sub-chart). One of the external chart for Istio gateway needs to be referenced … Read moreFluxCD: Continuous Deployment with GitOps

AKS Lessons Learned 2 of 2

Even though Azure Kubernetes Service (AKS) is a managed service, building a cluster is not trivial. For help resources, I would start with the webinar “Configure Your AKS cluster with Confidence” from April 2021, which focuses on a set of working best practices (convention over configuration) but obviously not every recommendation suits every use case. … Read moreAKS Lessons Learned 2 of 2

AKS Lessons Learned 1 of 2

In general, troubleshooting Kubernetes is tricky. That is because one has to get in and out of pods. I took two days to troubleshoot some networking issues with private AKS cluster. For the amount of of tricks I had to employ, I need to take some notes. The issue After writing the Terraform code, I … Read moreAKS Lessons Learned 1 of 2

From Microservice to Service Mesh

We all know what microservice is now but how does service mesh assist with microservice development. Microservice Microservice as an architecture was firstly conceptualized in this article by Martin Fowler in 2014. It covers the pros (strong module boundaries, independent deployment, technology diversity) and cons (dealing with distributed system, eventual consistency, operational complexity). The reality … Read moreFrom Microservice to Service Mesh

Single-node Kubernetes cluster – docker desktop

While there are many tools to set up single-node Kubernetes cluster (e.g. minikube, MicroK8s, kind, or k3s with the k3d wrapper), docker-desktop has a significant advantage: it comes with Docker installation, on MacOS, or on Windows. It is installed simply by enabling the option “Enable Kubernetes”. It can be blown away and reset in a … Read moreSingle-node Kubernetes cluster – docker desktop