This blog introduces k8s-jwks-proxy, a lightweight reverse proxy that securely exposes Kubernetes API Server's OIDC discovery endpoints without enabling anonymous access. It demonstrates how to deploy the endpoints publicly accessible under a custom domain.

This guide walks you through enabling the new structured authentication configuration in Kubernetes 1.30+ using a local cluster with Kind. You'll learn how to generate JWT-compatible EC keys, create a JWKS file, and expose it securely via ngrok for use with Kubernetes' API server authentication.

How to authenticate machine to machine with Spiffe/Spire via TLS or JWT with JWKS endpoint. Description with commands in docker-compose. Plain and simple.

Simple enable load balancer in your kind kubernetes in 30 seconds

How to encrypt the connection between two machines and authorize request from client on server? The article has a script to generate certificates and examples of servers in NodeJS.

How to create monitoring cluster with Thanos and Loki and send all metrics, logs from other clusters to one place. All encrypted and authenticate via mTLS by Istio Service Mesh.

How to create a server and clients in NodeJS connected by mTLS with certificates signed with Custom Intermediate Certificate Authorities (CA).