Workload Identity on Kubernetes 2 of 2 – EKS

I discussed in my previous post on workload identity and dived into how it works in AKS (Azure Kubernetes Service). In this post I will continue the topic with AWS as the example. From the perspective of CSP, we consider any running process on the cloud resource as workload. Therefore, I’ll start with control plan … Read moreWorkload Identity on Kubernetes 2 of 2 – EKS

Workload Identity on Kubernetes 1 of 2 – AKS

As applications are moved to the cloud, the application workload hosted on virtual machines need to interact with cloud resources. For this, we need an IAM solution with two mechanisms: CSPs such as Azure and AWS have their own implementations of the two mechanism. In Azure, we have Entra workload identity (including service principal and … Read moreWorkload Identity on Kubernetes 1 of 2 – AKS

Authentication to kube-apiserver via OIDC

Background There are many benefits of using OIDC to authenticate to kube-api server, especially with multiple clusters that need consistent log-in experience. With the last post on how OIDC Authorization Code Flow works, now I will discuss options with authentication for kubectl to connect to kube API server. To start, let’s look at the anatomy … Read moreAuthentication to kube-apiserver via OIDC

Kubernetes Platform as a Service and Red Hat OpenShift

The Three-layer model Kubernetes is so complex that it becomes a buzz word itself. I categorize the related work into three layers: a cluster layer, a platform layer and an application layer, by their purposes. The three layers are illustrated as below: Kubernetes Platform Kubernetes Platform Kubernetes Cluster Kubernetes Cluster Application Application AKS, EKS, self-built … Read moreKubernetes Platform as a Service and Red Hat OpenShift

Connect kubectl to private Kubernetes cluster in EKS and AKS

Managed Kubernetes services give user a cluster endpoint and a number of worker nodes, with the choice. For each access, users have the choice of making them publicly available, or keeping them on private networking. In my opinion, any deployment beyond personal hobbies, should use Kubernetes private cluster, with both cluster endpoint and worker nodes … Read moreConnect kubectl to private Kubernetes cluster in EKS and AKS

Kubernetes with Multiple CPU Architectures 2 of 2 – Node and Workload

For server CPU, the most common architectures today are amd64 (aka x86_64) and arm64. Although AMD developed the former first, Intel names it as x86_64 (or x64 for short). In terms of compatibility, they are the same. In general, arm64 architecture consumes less power and therefore mobile systems first favour it. Its power efficiency now … Read moreKubernetes with Multiple CPU Architectures 2 of 2 – Node and Workload