Ivan DelićinOracle DevelopersTweaking Installation of Ingress Nginx on OKE With HelmKubernetes workloads are often exposed through an Ingress rather than the plain Service itself. Ingress is the de facto standard when…Sep 6Sep 6
Ivan DelićBest Kept OKE’s Secrets: Storing Secrets in OCI VaultSecret management is a hot topic around Kubernetes security. Common challenges, such as secrets stored as plain text ¹ or the lack of…May 17May 17
Ivan DelićBest Kept OKE's Secrets: Storing Secrets in EtcdKeeping secrets safe is one of the leading security concerns in cloud-native architectures. We often store critical credentials as…May 15May 15
Ivan DelićinOracle DevelopersSafeguarding OKE: Super-Admin vs. Regular UserOCI IAM policies significantly influence OKE internals and security. Depending on the Policy verbs for the cluster resource (e.g., manage…Apr 18Apr 18
Ivan DelićinOracle DevelopersSafeguarding OKE: Kubernetes API Server Access Control With OCI IAM and RBAC ExplainedEvery cluster owner’s mission is to safeguard the OKE API server perimeter. You probably don’t want to expose kubectl access to the public…Apr 16Apr 16
Ivan DelićinOracle DevelopersSafeguarding OKE: Kubernetes Authentication and AuthorizationSafeguarding OKE starts with access control for the Kubernetes API Server. The API Server is a part of the managed control plane of OKE…Apr 10Apr 10
Ivan DelićHow to Resolve Multi-Attach Error With Block Storage PVC in OKE ProperlyIf you faced an error Multi-Attach error for volume "csi-..." Volume is already used by pod(s) when creating a pod, it means that…Apr 9Apr 9
Ivan DelićHow to Define Cloud-Init Script in OKE Terraform ResourceThe OCI provider for Terraform often provides minimalistic documentation around OKE, especially popular oci_containerengine_cluster and…Apr 3Apr 3
Ivan DelićHow to Customize Kube Reserved Resources in OKEDid you ever experience sudden kubelet failure at runtime, resulting in disconnected worker nodes? It’s easy to spot since worker nodes are…Mar 26Mar 26
Ivan DelićinOracle DevelopersPulling the OCIR images to OKE without SecretsWouldn’t it be nice for OKE to pull the container images from private OCIR repos in a passwordless mode, without stored secrets and…Mar 22Mar 22