FluxCD: Continuous Deployment with GitOps

Background In the Korthweb project, I landed on Istio for the Ingress Gateway technology. I first attempted to expand the orthanc Helm Chart to bring Istio as dependency (sub-chart). One of the external chart for Istio gateway needs to be referenced multiple times (for ingress and egress). However, it cannot even be used as dependency … Read moreFluxCD: Continuous Deployment with GitOps

Creating self-signed x.509 certificate

In deployment automation, I often had to create self-signed X509 certificate for testing. This post summarized the three approaches I’ve taken. The OpenSSL way Traditionally, this is done in three OpenSSL commands: I have an older post to cover the basics of cryptography in TLS certificate and PKI. In the three commands above, the first … Read moreCreating self-signed x.509 certificate

From Ingress to Gateway: why my solution needs Istio Gateways on Kubernetes platforms

In my Korthweb project I was researching for the best ingress mechanism for HTTP and TCP workload, both of which need to be secured. I started with Kubernetes Ingress but eventually decided to go with Istio Gateway. This blog post is about the justification. In this essay, I will make the distinction between Ingress and … Read moreFrom Ingress to Gateway: why my solution needs Istio Gateways on Kubernetes platforms

Log Shipping in Kubernetes with EFK stack

I first worked on log shipping with ELK stack three years ago. In the context of Kubernetes cluster, log shipping has similar challenges. In this post I will discuss the set up of log shipping with Kubernetes cluster. Logging Architecture As discussed, if the Kubernetes cluster has a runtime in compliant with CRI (e.g. containerd), … Read moreLog Shipping in Kubernetes with EFK stack

Helm – Configuration Management for Kubernetes Resources

Developer ships application in Docker container, so it can eventually hosted in Kubernetes cluster. However, there are still some installation steps, before the application can operate online in production. In this post, we use the container image of Orthanc application as a starting point. We first build services in Kubernetes to go through these steps. … Read moreHelm – Configuration Management for Kubernetes Resources