Ivan Delić – Medium

Ivan Delić
in
Oracle Developers

Safeguarding OKE: Super-Admin vs. Regular User

OCI IAM policies significantly influence OKE internals and security. Depending on the Policy verbs for the cluster resource (e.g., manage…

3 min readApr 18, 2024

--

Safeguarding OKE: Super-Admin vs. Regular User

--

Ivan Delić
in
Oracle Developers

Safeguarding OKE: Kubernetes API Server Access Control With OCI IAM and RBAC Explained

Every cluster owner’s mission is to safeguard the OKE API server perimeter. You probably don’t want to expose kubectl access to the public…

7 min readApr 16, 2024

--

Safeguarding OKE: Kubernetes API Server Access Control With OCI IAM and RBAC Explained

--

Ivan Delić
in
Oracle Developers

Safeguarding OKE: Kubernetes Authentication and Authorization

Safeguarding OKE starts with access control for the Kubernetes API Server. The API Server is a part of the managed control plane of OKE…

5 min readApr 10, 2024

--

Safeguarding OKE: Kubernetes Authentication and Authorization

--

Ivan Delić

How to Resolve Multi-Attach Error With Block Storage PVC in OKE Properly

If you faced an error Multi-Attach error for volume "csi-..." Volume is already used by pod(s) when creating a pod, it means that…

3 min readApr 9, 2024

--

How to Resolve Multi-Attach Error With Block Storage PVC in OKE Properly

--

Ivan Delić

How to Define Cloud-Init Script in OKE Terraform Resource

The OCI provider for Terraform often provides minimalistic documentation around OKE, especially popular oci_containerengine_cluster and…

1 min readApr 3, 2024

--

--

Ivan Delić

How to Customize Kube Reserved Resources in OKE

Did you ever experience sudden kubelet failure at runtime, resulting in disconnected worker nodes? It’s easy to spot since worker nodes are…

3 min readMar 26, 2024

--

How to Customize Kube Reserved Resources in OKE

--

Ivan Delić
in
Oracle Developers

Pulling the OCIR images to OKE without Secrets

Wouldn’t it be nice for OKE to pull the container images from private OCIR repos in a passwordless mode, without stored secrets and…

3 min readMar 22, 2024

--

Pulling the OCIR images to OKE without Secrets

--

Ivan Delić
in
Oracle Developers

Allowing OKE to Pull Images From Custom Image Repositories with Self-Signed CA

OKE supports pulling container images from various sources, including custom registries with non-trusted and self-signed CAs. Still, to…

2 min readOct 16, 2023

--

Allowing OKE to Pull Images From Custom Image Repositories with Self-Signed CA

--

Ivan Delić
in
Oracle Developers

Advanced Kubernetes Networking: OKE in a Hub-Spoke Architectures

The true power of OCI Container Engine for Kubernetes (OKE) arises from flexible core networking — VCN. VCN powers OKE to achieve advanced…

5 min readSep 13, 2023

--

Advanced Kubernetes Networking: OKE in a Hub-Spoke Architectures

--

Ivan Delić
in
Oracle Developers

Serve gRPC on OKE With Ingress and Network Load balancer

gRPC is a highly performant Remote Procedure Call (RPC) framework based on HTTP/2 protocol, a perfect fit for resilient microservice…

4 min readJul 14, 2023

--

--

Ivan Delić

Ivan Delić

I’m a solution engineer, developer, and architect with strong technical and social skills. My specialties are application development, architecture, and cloud.

Following

Help
Status
About
Careers
Blog
Privacy
Terms
Text to speech
Teams