Build and Manage Kubernetes Clusters

There are numerous options to build a Kubernetes cluster. If your company has a multi-cloud strategy, most likely you will have to deal with cluster creation on multiple cloud platform or on virtual machines on premise. Most likely, the chosen cloud platform already make it simple for us. However, it is still important to understand … Read moreBuild and Manage Kubernetes Clusters

MinIO for S3-compatible Object Storage

I reviewed some storage technologies on Kubernetes but they are all for block and file storage. In this post, I will discuss the current available options for container workload to use object storage. I will also touch on MinIO as an object storage solution. Object storage Block and file system are more native to operating … Read moreMinIO for S3-compatible Object Storage

Kubernetes Storage on Azure 3 of 3 – Ceph by Rook

In the last two posts, I covered the native storage options on Azure Kubernetes Service, as well as Portworx as an example of a proprietary Software Defined Storage (SDS) solution. There are also a number of open-source alternative SDS solutions. Ceph has nearly a decade of history from prior to containerization, and is the most … Read moreKubernetes Storage on Azure 3 of 3 – Ceph by Rook

Istio Lab – Authentication and Authorization

My previous blog discussed as service mesh what Istio can offer in terms of authentication and authorization capabilities. Istio can authenticate an incoming HTTP request, ensuring the JWT issued has not been tampered somewhere in the middle. The fields in the JWT allows for more flexibilities at the point of authorization. This combination allows Istio … Read moreIstio Lab – Authentication and Authorization

Istio Authentication and Authorization

Applications running on Kubernetes platform seeks to offload common non-business features to the platform. Istio helps Kubernetes bridge that gap. It can enforce mTLS communication, which is known as Peer Authentication. It can help with two other things with the use of JWT token: when a web request presents a JWT token, it can validate … Read moreIstio Authentication and Authorization

Traffic Segmentation on Kubernetes Platform

When operating Kubernetes as a platform for multiple tenants, one of the concerns is controlling the network traffic. This is sometimes referred to as traffic segmentation. This initiative involves a broad range of technical topics from networking to containerization. By no means I am an expert on each of those topics. I have however developed … Read moreTraffic Segmentation on Kubernetes Platform