FluxCD: Continuous Deployment with GitOps

Background In the Korthweb project, I landed on Istio for the Ingress Gateway technology. I first attempted to expand the orthanc Helm Chart to bring Istio as dependency (sub-chart). One of the external chart for Istio gateway needs to be referenced multiple times (for ingress and egress). However, it cannot even be used as dependency … Read moreFluxCD: Continuous Deployment with GitOps

Creating self-signed x.509 certificate

In deployment automation, I often had to create self-signed X509 certificate for testing. This post summarized the three approaches I’ve taken. The OpenSSL way Traditionally, this is done in three OpenSSL commands: I have an older post to cover the basics of cryptography in TLS certificate and PKI. In the three commands above, the first … Read moreCreating self-signed x.509 certificate

From Ingress to Gateway: why my solution needs Istio Gateways on Kubernetes platforms

In my Korthweb project I was researching for the best ingress mechanism for HTTP and TCP workload, both of which need to be secured. I started with Kubernetes Ingress but eventually decided to go with Istio Gateway. This blog post is about the justification. In this essay, I will make the distinction between Ingress and … Read moreFrom Ingress to Gateway: why my solution needs Istio Gateways on Kubernetes platforms

AKS Lessons Learned 2 of 2

Even though Azure Kubernetes Service (AKS) is a managed service, building a cluster is not trivial. For help resources, I would start with the webinar “Configure Your AKS cluster with Confidence” from April 2021, which focuses on a set of working best practices (convention over configuration) but obviously not every recommendation suits every use case. … Read moreAKS Lessons Learned 2 of 2

AKS Lessons Learned 1 of 2

In general, troubleshooting Kubernetes is tricky. That is because one has to get in and out of pods. I took two days to troubleshoot some networking issues with private AKS cluster. For the amount of of tricks I had to employ, I need to take some notes. The issue After writing the Terraform code, I … Read moreAKS Lessons Learned 1 of 2

Istio Ingress and Egress Lab

Istio is a popular open-source service mesh implementation using Envoy proxy. One of the benefit of using Istio is the ingress and egress it brings to native Kubernetes platform. This article is a hands-on guide to test Istio ingress and egress gateways on Minikube. It was tested on my MacBook. All the information in this … Read moreIstio Ingress and Egress Lab