Based on the Atlassian quick start of Confluence Data Center on AWS, I have made my own version of it. Here are a few customisations that I have introduced. Customisation One: Remove public subnets. To meet the security compliances, we can not use public subnets. All ingress/ egress traffics should go through central managed reverse/ … Continue reading Customised Quick Start of Confluence Data Center on AWS
Have you read my previous post Install Kubernetes on AWS with kops? If yes, then kube-aws is an alternative to kops. If you have not, then kube-aws is an open source tool that simplifies the installation of Kubernetes on AWS. I have not tried kube-aws yet, but I will when I need to build another … Continue reading What is kube-aws?
Atlassian recently open sourced its in-house auto-scaling tool for Kubernetes - Escalator. I have not gotten a chance to try it yet, but according to this article, the tools is initially designed for the batch workloads which can not tolerate scaling-up delay. The idea behind it is to allow user to set up the percentage … Continue reading Escalator – auto-scaling tool for Kubernetes
Starting April 28, 2018, AWS will start to support Certificate Transparency. I am new to this, here are somethings that I learned so far. What exactly is certificate transparency? Certificate Transparency framework is a project that is initially launched by Google. What problems does certificate transparency solve? It is designed to solved some flaws in the … Continue reading Certificate Transparency
The blog title explains the main reason that I started the open source project CertStuff If you are not familiar with the Google proposal, here are some quotes that I found on the Symantec website: On July 27, 2017, Google posted a time-sensitive plan regarding Symantec-issued TLS server certificates. There are critical dates that will impact your … Continue reading Google Proposal of trust in existing Symantec-issued Certificates
Caching is 'fun' if you don't set it up correctly. A useful cheat sheet of CloudFront edge cache TTL settings that I found in AWS documents site. Origin Configuration Minimum TTL = 0 Seconds Minimum TTL > 0 Seconds The origin adds a Cache-Control max-age directive to objects CloudFront caching CloudFront caches objects for the lesser of … Continue reading CloudFront Edge Cache Settings
A nice diagram that I found on Okta illustrates the workflow of both SP-initiated and IDP-initialed SSO. Reference: https://developer.okta.com/standards/SAML/index http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf