Replacing Istio CA Certificate

Istio CA certificate is the most sensitive object in Istio. When enable multicluster shared control plane, the CA certificate got shared on multiple cluster. Once this certificate leak out to public, there is no way but replacing the old CA certificate with the new one.

Read More

Mutual TLS communication between Istio mesh

Mutual TLS communication is about trusting each other between client and server. It is different from standard TLS that only client need to trust the server. In mutual TLS, server also need to trust client.

Read More

Capture pod packet with sniff

I have hard time thinking how easily capture packet request in Kubernetes pod object when trying to debug mutual TLS communication between pod. I can run tcpdump inside the pod, but sometime pod only have read only access and its hard to see the tcpdump. With tcpdump, I also can generate wireshark format to analyze better, but its not funny to copy the result of tcpdump from pod to or desktop everytime I want to capture.

Read More

Backup Kubernetes Cluster using Velero

Velero gives you tools to back up and restore your Kubernetes cluster resources and persistent volumes. Velero have ability to backup cluster, migrate cluster resource to other cluster, and also replicate cluster to other cluster.

Read More

Managing tools version using asdf

Since my job is mainly related to cloud stuff, I need to change tools version multiple time. Some tools like kubectl, istioctl, and helm have multiple version and behave different between the version. Changing version of these tools is not easy and repetitive task.

Read More

Install Istio Multicluster Replicated Control Plane

Istio is a service mesh platform that can control and modify traffic policy behaviour in Kubernetes by injecting sidecar to a container. Multicluster Replicated Control Plane is an uses cases to enable communication between two service in two difference service meshes without using Ingress and can enable mutual TLS between the service.

Read More