Gateway API¶

July 1, 2024
in Keto, Authentication, Authorization, Ory, Identity Management
40 min read
Total views: 21

Ory Keto: Authorization and Access Control as a Service

Internet has come a long way since its inception. The first few years might have been a new adventure for those building web applications, but in the modern day software development and in 2024, you rarely stop to question most of the common practices around the industry.

One of the most frequent requirement for any application is to have some sort of access control policy. The most used approach in today's world is the use of RBAC. It makes a lot of sense to treat a group of one or multiple identities of a system the same way and grant or deny them a specific set of permissions.

Ory Keto comes with all the batteries included. It provides a fearless authorization platform, friendly API for developers, and scalable stateless application.

If you're creating an application over HTTP these days, chances are, Ory Keto has a lot to offer you. Stick around till the end to find out how.

June 24, 2024
in GitHub Actions, Kubernetes, CI/CD, Code Review, DevOps
44 min read
Total views: 29

How to Set Up Preview Environments for Pull Requests

Have you ever been frustrated at long merge queues? Did you ever wish there was a better and faster way to get feedback on your code changes and approval from your team members?

You may have also been on the other side of the table, reviewing pull requests and wishing there was a better way to actually test the revisions before approving it; giving you a sense of what it would feel and look like if it were to merge.

Netlify and other frontend hosting services have spoiled us with the ability to spin up a live instance of the application for each pull request for static files. But what about backend applications? How can we achieve the same and deploy our backend for every new proposed change in pull requests?

In this blog post, we will explore how to set up preview environments for each pull request using GitHub Actions and Kubernetes. This guide includes spinning up the application as a live instance with an internet accessible URL to preview and verify the changes before they find their way into the main trunk.

June 10, 2024
in Oathkeeper, Kratos, Authentication, Ory, Security
45 min read
Total views: 55

Ory Oathkeeper: Identity and Access Proxy Server

Ory has a great ecosystem of products when it comes to authentication and authorization. Ory Oathkeeper is an stateless Identity and Access Proxy server.

It is capable of acting as a reverse-proxy as well as a decision maker and policy enforcer for other proxy servers.

In today's application development world, if you're operating on HTTP layer, Ory Oathkeeper has a lot to offer to you.

Stick around to find out how.

May 13, 2024
in Kubernetes, FluxCD, External Secrets, OpenTofu, AWS
47 min read
Total views: 13

GitOps Continuous Deployment: FluxCD Advanced CRDs

FluxCD is a powerful ecosystem of GitOps operators that can be enabled on-demand as per the requirement of your environment. It enables you to opt-in for the features you need and to disable the ones you don't.

As the complexity and requirement of your environment grows, so does the need for extra tooling to cover the implementation of the features you need.

FluxCD comes with more than just the support for Kustomization and HelmRelease. With FluxCD, you can also manage your Docker images as new versions get built. You can also get notified of the events that happen on your behalf by the FluxCD operators.

Stick till the end to see how you can take your Kubernetes cluster to the next level using advanced FluxCD CRDs.

May 6, 2024
in Kubernetes, AWS, OpenTofu, cert-manager, Cilium
45 min read
Total views: 125

cert-manager: All-in-One Kubernetes TLS Certificate Manager

Kubernetes is a great orchestration tool for managing your applications and all its dependencies. However, it comes with an extensible architecture and with an unopinionated approach to many of the day-to-day operational tasks.

One of these tasks is the management of TLS certificates. This includes issuing as well as renewing certificates from a trusted Certificate Authority. This CA may be a public internet-facing application or an internal service that needs encrypted communication between parties.

In this post, we will introduce the industry de-facto tool of choice for managing certificates in Kubernetes: cert-manager. We will walk you through the installation of the operator, configuring the issuer(s), and receiving a TLS certificate as a Kubernetes Secret for the Ingress or Gateway of your application.

Finally, we will create the Gateway CRD and expose an application securely over HTTPS to the internet.

If that gets you excited, hop on and let's get started!