In this week's episode of our Cloud Commute podcast we talked to @anderseknert from #Styra about access policy management at cloud scale using OPA and OPA Enterprise / Styra DAS in #Kubernetes.
Controlling access to services and resources, inside and outside of Kubernetes, is more important than ever. OPA enables easy, unified policy creation and management and eases the bookkeeping with policy as code.
#kubernetes turns ten today and yall. i can’t believe it. it feels like yesterday i drank the firehose. happy birthday to the project that changed my life forever.
I know I'm not in the majority, but one of my main gripes with #kubernetes is really more a failure of #golang, and how they never managed to get extensions/plugins right. Eventually they just gave up on the idea altogether. Which means every extension point in kubernetes involves calling a service rather than implementing an interface. And besides the performance/availability impact of that, also means you're limited in what you can extend, unless you feel like maintaining a k8s fork.
10 years since Google made the first commit in #Kubernetes. And ten years of Google mostly running something else for their own services. I don’t work that much on infra these days, and Kubernetes sure has a fuckton of warts. But I’ve gotta say, compared to what we had before, and the way it transformed the industry… “game changer” is for once not an exaggeration.
And of course, before the "not all PHP" people show up - it is possibly to write PHP code to work as a clean little scalable microservice, but the vast majority of PHP code out there was written for the mighty monolithic vertical scaling LAMP stack and is very stateful by nature. Also, the fact that Tomcat can grok the cgroup limits imposed by containerization and tune itself accordingly is impressive.
I’m interested in running #FrankenPHP (i.e., #Caddy) as the app server for a website. The website has multiple domains pointing to it, and I plan to run this in a #Kubernetes cluster. Can someone point to any docs or blog posts that show how others have set up similar configurations with Caddy or FrankenPHP, especially with regard to how Caddy magically configures HTTPS for the domains in this kind of setup?
Another option is to let your existing ingress controller do the TLS termination (you can use projects cert-manager to automatically manage the certificates, and many cloud ingresses also have native support Let’s Enctypt or automatic cert generation).
Doe je iets met #opensource, #openstandards of #opensystems dan moet je erbij zijn. In november heb je weer een kans, want we organiseren 2x
p/jr een conferentie.
We zijn een vereniging, dus je kan lid worden! Zie: https://nluug.nl