Posts

This post was originally posted on the Ordina JWorks Blog What problem do we have? Deploying components to a Kubernetes cluster should be as easy as running kubectl apply -f folder-with-deployment-manifests. This approach works very well for a single environment, but quickly become very hard to do properly when managing multiple environments (Dev, Staging, …, Production). The reason for this is due to the configuration differences in these environments. Every environment needs a different configuration to: connect to different databases, use other secret values, use different deployment configurations (number of replicas for example), … Managing these differences can be very hard to do in a single set of manifests. ...

This post was originally posted on the Ordina JWorks Blog This post will describe how to use the Istio service mesh to provide service to service authentication and authorization in a Kubernetes cluster. It will show how ServiceRoles, ServiceRoleBindings and Identities in Istio can be used to achieve this. What is Istio? Istio is a service mesh created by Google, Lyft and IBM. It aims to simplify some security and management aspects of a microservices software architecture. More information on Istio and its features can be found in its docs. In this blogpost we will highlight one of the key security features of Istio: service to service authentication and authorization. For the sake of simplicity, this post will focus on an Istio setup in Kubernetes. ...