Authentication to kube-apiserver via OIDC

Background There are many benefits of using OIDC to authenticate to kube-api server, especially with multiple clusters that need consistent log-in experience. With the last post on how OIDC Authorization Code Flow works, now I will discuss options with authentication for kubectl to connect to kube API server. To start, let’s look at the anatomy … Read moreAuthentication to kube-apiserver via OIDC

Kubernetes Platform as a Service and Red Hat OpenShift

The Three-layer model Kubernetes is so complex that it becomes a buzz word itself. I categorize the related work into three layers: a cluster layer, a platform layer and an application layer, by their purposes. The three layers are illustrated as below: Kubernetes Platform Kubernetes Platform Kubernetes Cluster Kubernetes Cluster Application Application AKS, EKS, self-built … Read moreKubernetes Platform as a Service and Red Hat OpenShift

Connect kubectl to private Kubernetes cluster in EKS and AKS

Managed Kubernetes services give user a cluster endpoint and a number of worker nodes, with the choice. For each access, users have the choice of making them publicly available, or keeping them on private networking. In my opinion, any deployment beyond personal hobbies, should use Kubernetes private cluster, with both cluster endpoint and worker nodes … Read moreConnect kubectl to private Kubernetes cluster in EKS and AKS

Kubernetes with Multiple CPU Architectures 2 of 2 – Node and Workload

For server CPU, the most common architectures today are amd64 (aka x86_64) and arm64. Although AMD developed the former first, Intel names it as x86_64 (or x64 for short). In terms of compatibility, they are the same. In general, arm64 architecture consumes less power and therefore mobile systems first favour it. Its power efficiency now … Read moreKubernetes with Multiple CPU Architectures 2 of 2 – Node and Workload

Kubernetes with Multiple CPU Architectures 1 of 2 – Container Image

While working on a multi-arch Kubernetes cluster, I came across quite a few issues with image logistics and decided to put these issues in a separate post here. The goal is to supply images with multi-arch support in a standard way. Therefore it is not advisable to rely only on arbitrary image tags to distinguish … Read moreKubernetes with Multiple CPU Architectures 1 of 2 – Container Image