multi-cloud networkingLeave a comment

kubectl-ai

rtrentin

What it is kubectl-ai acts as an intelligent interface, translating user intent into precise Kubernetes operations, making Kubernetes management more accessible and efficient. How to install Gemini API Key Go to https://aistudio.google.com/ then Get API Keys: Depending on the tier you will need to import a Google Cloud Project for billing purposes. Testing A simple test to validate the configuration. I asked kubectl-ai to list k8s clusters i have access: Costs https://ai.google.dev/gemini-api/docs/pricing References https://github.com/GoogleCloudPlatform/kubectl-ai?tab=readme-ov-file Continue reading kubectl-ai

multi-cloud networkingLeave a comment

Deploying and Operating a (GKE) K8S using GitOps (Flux)

rtrentin

Summary k8sfluxops is a GitOps repository that manages a complete Kubernetes infrastructure on GKE using Flux v2. https://github.com/rtrentinavx/k8sfluxops It demonstrates a production-grade setup with: 🎯 Core Purpose Declarative, Git-driven management of Kubernetes infrastructure where all changes are version-controlled and automatically reconciled by Flux. 📦 What It Deploys Category Components Ingress Traefik (routes / → nginx, /boutique/ → Online Boutique) Observability Grafana, Jaeger, OpenTelemetry Collector, Hubble UI, Kube-ops-view Policy/Security OPA Gatekeeper with 4 constraint templates, Policy Manager UI Cost Management Kubecost Backup Velero with GCS backend + UI Cluster Mgmt Rancher, Weave GitOps dashboard Demo Apps Online Boutique (10 microservices with OTel tracing), Nginx Autoscaling HPA for … Continue reading Deploying and Operating a (GKE) K8S using GitOps (Flux)

multi-cloud networkingLeave a comment

FastConnect Tip

rtrentin

Using AS_PATH to Prefer Routes from Oracle to the On-premises Network Oracle uses the shortest AS path when sending traffic to the on-premises network, regardless of which path was used to start the connection to Oracle.Therefore asymmetric routing is allowed. Asymmetric routing here means that Oracle’s response to a request can follow a different path than the request. Oracle implements AS path prepending to establish preference on which path to use if the edge device advertises the same route and routing attributes over several different connection types between the on-premises network and VCN. Oracle honors the complete AS path you … Continue reading FastConnect Tip

cloud networking, multi-cloud networking, thrid party integrationLeave a comment

Building a Cloud Backbone

rtrentin

This architecture establishes a cloud backbone connecting AWS, Azure, and GCP, with AWS Transit Gateway (TGW), Azure Virtual WAN (vWAN), and GCP Network Connectivity Center (NCC) serving as northbound components to manage connectivity within each cloud, while Aviatrix Transit Gateways form the backbone for inter-cloud connectivity, ensuring seamless traffic flow across the clouds. Southbound connectivity links on-premises environments to each cloud using dedicated circuits, specifically AWS Direct Connect, Azure ExpressRoute, and GCP Cloud Interconnect, enabling secure and high-performance access to cloud resources. AWS Transit Gateway Azure Virtual WAN (vWAN) GCP Network Connectivity Center (NCC) AWS Transit Gateway, Azure Virtual WAN, … Continue reading Building a Cloud Backbone

cloud networking, k8s, kubernetesLeave a comment

“Mastering” K8S

rtrentin

The repository contains Terraform scripts designed to create Google Kubernetes Engine (GKE) and Azure Kubernetes Service (AKS) clusters. These setups are fully customizable through input parameter files. Additionally, the scripts provision the necessary network infrastructure and bastions, ensuring secure access to the clusters. https://github.com/rtrentinavx/kubernetes References https://cloud.google.com/kubernetes-engine https://azure.microsoft.com/en-us/products/kubernetes-service Continue reading “Mastering” K8S

multi-cloud networkingLeave a comment

Cisco C8000v Autonomous IPSEC Configuration

rtrentin

Recommended For environments where GCM is not supported: IKEv2/IPSec Algorithm Cheat Sheet Phase 1 – IKEv2 (Control Channel) Purpose: Establish a secure, authenticated channel for negotiating IPsec. Category Algorithm Options Explanation Encryption AES-CBC-128 / AES-CBC-256 AES in CBC mode; strong encryption but needs separate integrity (HMAC). AES-GCM-128 / AES-GCM-256 AES in Galois/Counter Mode; provides encryption + integrity (AEAD). PRF SHA1 Legacy; avoid for new deployments. SHA256 Recommended minimum; widely supported. SHA384 / SHA512 Stronger hash for high-security environments; more CPU cost. Diffie-Hellman Group 14 (MODP 2048-bit) Classic DH; secure but slower than elliptic curve. Group 19 (ECDH P-256) Elliptic Curve … Continue reading Cisco C8000v Autonomous IPSEC Configuration

cloud networking, multi-cloud networking, thrid party integrationLeave a comment

Centralized Ingress using FortiGate NGFWs and Aviatrix Transit Gateways with FireNet enabled

rtrentin

High Level Design Ingress Design using the Aviatrix FireNet FortiGates: All FortiGates receive sessions via the load balancer as long as they pass the health checks. While an Active-Passive (A-P) cluster behind the load balancer is an option, it is generally more effective to use standalone FGT units behind the load balancer in multiple Availability Zones (AZs). This configuration provides a robust mechanism to withstand the complete failure of an AZ. For reference, i have attached the Aviatrix Transit Firewall Network design for FortiGate firewalls below: The application flow is show below: Aviatrix Transit Configuration Enable Firenet Navigate to CoPilot … Continue reading Centralized Ingress using FortiGate NGFWs and Aviatrix Transit Gateways with FireNet enabled

multi-cloud networkingLeave a comment

Using Cloud Interconnect with Aviatrix

rtrentin

Google Cloud Interconnect is a service provided by Google Cloud Platform (GCP) that enables customers to establish private, high-performance connections between their on-premises infrastructure and Google Cloud. It offers low-latency, secure connectivity by bypassing the public internet, making it ideal for scenarios like data migration, replication, disaster recovery, or hybrid cloud deployments. There are three main options: Key benefits include reduced latency, enhanced security (traffic stays off the public internet), cost savings on egress traffic, and direct access to Google Cloud’s internal IP addresses without needing VPNs or NAT devices. It’s widely used by enterprises in industries like media, healthcare, … Continue reading Using Cloud Interconnect with Aviatrix

multi-cloud networkingLeave a comment

Connecting On-Prem to AWS using MegaPort

rtrentin

There are several designings possible when connecting on-premises equipment to AWS using Direct Connect: In this document, we are going to use Megaport offerings to connect a data center to AWS. Port Types of ports offered by MegaPort: How to request/create a port Connect to the Megaport portal and click on Services tab. Select Create a Port: Pick a location: Choose the speed required, give a name to the port, and select the minimum contract term: MegaPort can cross connect ports in a few locations. Ports are assigned to diversity zones. A diversity zone groups devices at the same location … Continue reading Connecting On-Prem to AWS using MegaPort

multi-cloud networkingLeave a comment

AVX and AWS DNS

rtrentin

AWS DNS Design Options (from reference #1) Option 1: Inbound and Outbound endpoints deployed in the hub vpc Option 2: Inbound and Outbound endpoints deployed in the hub vpc for forwarding Option 3: VPC sharing This option will not be investigated as it does not fit a scalable and secure hub and spoke topology. Option 4: Shared Private Zones and Forwarded Rules (AWS recommended) Testing Configuration Information Hosted Private Zone: Outbound Config: Rule: Inbound config: Design Option 1 Create a dhcp option set pointing to the inbound endpoints: and associate to the vpc: Servers will have its /etc/resolv.conf updated to: … Continue reading AVX and AWS DNS