Securing Kubernetes Services with WireGuard

As my application nears production readiness, one of the key considerations is securely accessing internal Kubernetes services—such as databases and message brokers—from my local development machine. Initially, I configured TCP forwarding for these services on my ingress controller: tcp:"4222": nats/nats-cluster:4222"5432": pgo/astring-ha:5432"6379": redis/redis:6379"9042": scylla/scylla-client:9042While each service requires authentication, I’m still not fully comfortable exposing them directly to the public internet. Ideally, only HTTP endpoints (like my backend services or monitoring tools) should be publicly accessible, protected via basic auth or other mechanisms....

December 6, 2024 · 4 min · 823 words · Me

Transitioning to Cilium

In my previous posts, I discussed how I used MetalLB to implement load balancing in my on-premises Kubernetes cluster. While MetalLB served its purpose by providing Layer 2 load balancing, I heard Cilium and discovered its powerful networking capabilities. In this post, I’ll explain what Cilium is, why it’s beneficial, and how I replaced both my Container Network Interface (CNI) and MetalLB with Cilium. Understanding Cilium and Its Advantages What Is Cilium?...

December 4, 2024 · 5 min · 986 words · Me