Journey of an IT Architect

  • Thumbnail for Service Proxy – from Nginx to Envoy

    Service Proxy – from Nginx to Envoy

    Update (Nov 20, 2022): 1. Envoy’s configuration schema can be hard to get used to. It is lacking examples because the documentation is mostly generated.…

    Read
  • Thumbnail for Istio External Authorization via OIDC

    Istio External Authorization via OIDC

    Istio service mesh allows application developers to offload non-core features to infrastructure layer. We explored authentication and authorization with Istio in a basic lab. In…

    Read
  • Thumbnail for Istio Lab – Authentication and Authorization

    Istio Lab – Authentication and Authorization

    My previous blog discussed as service mesh what Istio can offer in terms of authentication and authorization capabilities. Istio can authenticate an incoming HTTP request,…

    Read
  • Thumbnail for Istio Authentication and Authorization

    Istio Authentication and Authorization

    Applications running on Kubernetes platform seeks to offload common non-business features to the platform. Istio helps Kubernetes bridge that gap. It can enforce mTLS communication,…

    Read
  • Thumbnail for Traffic Segmentation on Kubernetes Platform

    Traffic Segmentation on Kubernetes Platform

    When operating Kubernetes as a platform for multiple tenants, one of the concerns is controlling the network traffic. This is sometimes referred to as traffic…

    Read
  • Thumbnail for FluxCD: Continuous Deployment with GitOps

    FluxCD: Continuous Deployment with GitOps

    This post explains why I land on FluxCD GitOps for my project. Let’s star Background In the Korthweb project, I landed on Istio for the…

    Read