Chaos Mesh – Cloud Native Chaos Engineering

In this post, we discuss the resilience test problem and why chaos mesh emerged. Then we go over a lab of chaos mesh with a few experiments. The Problem I used to support a server application installed in customer’s data centre. The server application receives data from client application, cleanse the data and put them … Read moreChaos Mesh – Cloud Native Chaos Engineering

Knative Eventing Introduction

In the previous post, I mentioned that Knative Serving and Knative Eventing should be seen as two different projects. The former is supposed to be widely used as a serving layer for microservices, whereas the latter has a narrower customer base. There are a dozen companies who need to build Platform as a Service, and … Read moreKnative Eventing Introduction

Istio Operation Gotchas

In this post I discuss a few aspects when putting istio in operation. Installation Istio installation can be confusing, due to architectural and guideline changes as well as renaming of operator CRDs since its release, and especially since 2020. This left lots of information outdated on the web, adding to Istio’s perceived complexity. Currently, the … Read moreIstio Operation Gotchas

Service Proxy – from Nginx to Envoy

Envoy proxy is the underlying technology for Istio, as well as a number of other service mesh products, such as AppMesh (AWS), Consul (Hashicorp) and OpenServiceMesh (Azure). Most of the capabilities of Isito is ultimately provided by Envoy proxy. Envoy has a page outlining its differences with similar technologies. I decided to take a look … Read moreService Proxy – from Nginx to Envoy

Istio External Authorization via OIDC

Istio service mesh allows application developers to offload non-core features to infrastructure layer. We explored authentication and authorization with Istio in a basic lab. In this post we continue to explore its capabilities with OIDC integration. This capability is made available thanks to the CUSTOM action in authorization policy, supported since the release of 1.9. … Read moreIstio External Authorization via OIDC

Istio Lab – Authentication and Authorization

My previous blog discussed as service mesh what Istio can offer in terms of authentication and authorization capabilities. Istio can authenticate an incoming HTTP request, ensuring the JWT issued has not been tampered somewhere in the middle. The fields in the JWT allows for more flexibilities at the point of authorization. This combination allows Istio … Read moreIstio Lab – Authentication and Authorization