1 views collected around this technical thread.
Learn how to configure Ingress‑Nginx in a running Kubernetes cluster for secure mTLS and HTTPS communication, covering prerequisites, certificate creation, deployment of HTTP and mTLS services, Ingress rules, SSL passthrough setup, and verification steps with practical kubectl and OpenSSL commands.
This article explains how to achieve zero‑trust security in Kubernetes by using a service mesh such as Linkerd, covering workload identity, mTLS, certificate management, policy definition with CRDs, and the practical limitations of mesh‑based protection.
This article explains how to secure cross‑data‑center traffic by applying TLS principles, setting up a private Certificate Authority, generating self‑signed certificates with OpenSSL, configuring mutual TLS (mTLS) on Nginx proxies for both HTTP and TCP streams, and verifying the setup with curl and redis‑cli commands.
This article explains how to secure cross‑data‑center traffic by encrypting it with TLS/mTLS, covering the principles of TLS, certificate authority roles, generating self‑signed certificates with OpenSSL, and configuring Nginx proxies for both HTTP and TCP streams to provide transparent encrypted channels without modifying applications.
This article introduces NGINX Service Mesh (NSM), a lightweight, highly integrated service‑mesh solution for Kubernetes that leverages NGINX Plus as a data plane, explains its security, traffic‑management, visualization, and hybrid‑deployment capabilities, outlines its architecture and components, and provides step‑by‑step commands for installation, verification, and sidecar injection.
This article explains how etcd 3.x switched its external API to gRPC, the challenges of using its gRPC‑gateway for HTTP requests in Apache APISIX, the default message size limit causing sync failures, and the certificate configuration pitfalls that were fixed through a PR merged in v3.5.0.
After two years of using Istio in production, the author explains the operational complexities, reliability issues, and protocol limitations that led to abandoning Istio in favor of Linkerd, highlighting the pros and cons of both service meshes within Kubernetes environments.