Category: Oracle Public Cloud

OCI – Oracle Container Engine for Kubernetes (OKE) – Using Client Certificates and RBAC

Kubernetes has been proven the best way that we have today to run microservices deployments, whether it is via a Serverless approach or by managing your own deployments in the cluster. This has solidified with the strong adoption of Kubernetes by all the major Cloud Vendors, as the strategic way to orchestrate containers and run serverless functions.

However, one of the situations that we need to be mindful, is that kubernetes creates by default a super powerful user that has full access to almost every resource in the cluster (accessible via kubectl or directly though APIs). This is very convenient for most dev & test scenarios, but it is imperative that for production workloads, we limit such power and use Role Base Access Control (RBAC), stable since version 1.8, for fine-grained authorisation access control to kubernetes cluster resources.

For the purpose of this demo, I am assuming some familiarity with Kubernetes and kubectl. I will mainly focus on the Authentication and Authorisation aspects that allow us to use Client certificates to get access to protected resources in a Kubernetes cluster.

In a nutshell this is what I am going to do:

  1. Create and use Client certificates to authenticate into a Kubernetes cluster
  2. Create a Role Base Access Control to fine grain authorise resources in the Kubernetes cluster
  3. Configure kubectl with the new security context, to properly limit access to resources in the Kubernetes cluster.

This is a super simplified visual representation:

Continue reading “OCI – Oracle Container Engine for Kubernetes (OKE) – Using Client Certificates and RBAC”

Enhance the security of your website with Oracle Cloud Infrastructure’s Web Application Firewall

Oracle recently introduced a Web Application Firewall (WAF) to further enhance and secure Oracle Cloud Infrastructure offerings. The Oracle Cloud Infrastructure WAF is based on Oracle Zenedge and Oracle Dyn technologies. It inspects all traffic destined to your web application origin and identifies and blocks all malicious traffic. The WAF offers the following tools, which can be used on any website, regardless of where it is being hosted:

  • Origin management
  • Bot management
  • Access control
  • Over 250 robust protection rules that include the OWASP rulesets to protect against SQL injection, cross-site scripting, HTML injection, and more

In this post, I configure a set of access control WAF policies to a website. Access control defines explicit actions for requests that meet conditions based on URI, request headers, client IP address, or countries and regions.

Continue reading “Enhance the security of your website with Oracle Cloud Infrastructure’s Web Application Firewall”

AUSOUG Connect 2018 – Talking Dev

ausoug-title-01.pngIn November 2018, I had the privilege to attend the Australian Oracle User Group national conference “#AUSOUG Connect” in Melbourne. My role was to have video interviews with as many of the speakers and exhibitors at the conference. Overall, 10 interviews over the course of the day, 90 mins of real footage, 34 short clips to share and plenty of hours reviewing and post-editing to capture the best parts.

Continue reading “AUSOUG Connect 2018 – Talking Dev”

Teaching How to Generate Wildcard SSL Certificates for your LBaaS

Security is super important, but also annoying. From a backend developer mindset, all I want is to build great services exposed as APIs that the world can consume with ease. The problem is that in most cases, consumption of my endpoints will be blocked by browsers and other tools/client unless they are exposed as HTTPS with valid SSL certificates.

In this blog, I am going to show you how to use Let’s Encrypt to create your own “Wildcard SSL Certificate” for your existing domain, for example: *.mydomain.com – Then I am going to show you how to assign this certificate to your Oracle LBaaS Listener endpoint.

Continue reading “Teaching How to Generate Wildcard SSL Certificates for your LBaaS”

Teaching How to Get Started with Oracle Container Engine for Kubernetes (OKE)

In a previous blog, I explained how to provision a Kubernetes cluster locally on your laptop (either as a single node with minikube or a multi-node using VirtualBox), as well as remotely in the Oracle Public Cloud IaaS. In this blog, I am going to show you how to get started with Oracle Container Engine for Kubernetes (OKE). OKE is a fully-managed, scalable, and highly available service that you can use to deploy your containerized applications to the cloud on Kubernetes.

Continue reading “Teaching How to Get Started with Oracle Container Engine for Kubernetes (OKE)”

Teaching How to Invoke REST APIs from Oracle Visual Builder Web/Mobile Apps

In this blog, I am going to show you how to build a nice and simple UI with data coming from invoking REST APIs. All without code, but in just a few clicks.

I consider myself a good backend developer, good at making things functional, but I really struggle every time I need to produce nice UIs. However, using Oracle Visual Builder, I feel like I don’t have to be a UI developer or designer, I can very easily produce nice and friendly mobile UIs that consume my backend REST APIs. If you are like me, a backend programmer who loves API-first design approach, I’m sure that you will find this blog not only informative, but also refreshing.

This is a quick view of what we are going to achieve in this article:

  1. First, we are going to auto-create Service controls in Oracle Visual Builder by pointing to existing REST APIs.
  2. Then, we are going to use the out-of-the box widgets and components to build a simple, yet powerful UI that consumes such APIs.
  3. Finally, we are going to publish the UI and test it across different media, e.g. Web on a laptop, mobile, tablets, etc.

Continue reading “Teaching How to Invoke REST APIs from Oracle Visual Builder Web/Mobile Apps”

Teaching How to Invoke Gen2 Oracle Cloud Infrastructure (OCI) resources via REST APIs

I am thrilled with the Oracle’s Gen2 Cloud Infrastructure architecture, where Oracle completely separates the Cloud Control Computers from the User Code, so that no threats can enter from outside the cloud and no threats can spread from within tenants.

Obviously with more security, there comes more coordination, especially at the moment of invoking OCI resources APIs. Luckily, Oracle did a good job at providing a simple to use CLI and SDK (see here for more information).

For the purpose of this blog, I built a simple NodeJS application that helps demystify the security aspect of invoking OCI APIs. Check this link for examples of running similar code across other Programming Languages.

My NodeJS application manages OCI resources in order to:

  • List ADW instances
  • Stop an ADW instance
  • Start an ADW instance

I started this NodeJS application to list, start and stop ADW resources. However, I designed this application to easily extend it to invoke any other type of OCI resources.

I containerised this application with Docker, to make it easier to ship and run.

This is a picture of the moving parts:

Continue reading “Teaching How to Invoke Gen2 Oracle Cloud Infrastructure (OCI) resources via REST APIs”

Teaching How to Increase Value from your Data

Databases and Data Warehouses have been around for a long time and they bring multiple benefits to business, but these also come at a cost. Some of the associated challenges include:

  • Complex and Expensive to provision and secure
  • Inability to manage data and user growth
  • Costly to maintain

In this post, I will provide some resources on how Oracle Autonomous Database and Data Warehouse aim at easing these challenges and increase the speed at which you can innovate and the value you can get from your data.

Continue reading “Teaching How to Increase Value from your Data”

Boring FAQ to engaging Digital Assitant under 5 mins

Majority of the websites have FAQ pages, and they are always dull. If only you could convert your FAQ to something more tangible that solves the users need you could resolve customer frustration of finding the right information. Moreover, if that experience is more interactive, it leads to an engaging experience where you can contextualise the data and also execute the task on behalf of the customer. We can create this rich experience by making your traditional FAQ’s wrapped inside a chatbot.

In this article let’s have a look at how we can quickly convert FAQ Pages to a Bot in minutes. Oracle’s natural language understanding technology and QnA engine available in Digital Assistant platform can sift through the historical FAQ data and answer even sophisticated requests from your clients. Further, you can handover complex queries to your support as I discussed in an earlier article

Continue reading “Boring FAQ to engaging Digital Assitant under 5 mins”

Teaching a trick to easily import Excel Data into Oracle Autonomous Database (ADW and ATP)

The other day my boss shared with me a nice trick that I found it very useful and has simplified my life a lot, when creating demos or quick prototypes. For this reason and knowing how many people are quickly switching into using Oracle Autonomous Database (ADW or ATP), I thought it would be a good idea to be shared as a quick reference.

The trick consists in using SQL Developer to easily import Data from Excel spreadsheets, directly into Oracle Autonomous DB (ADW or ATP). This also opens up a nice wizard that helps create and configure new database tables to be created and then used to import the data. How cool is that?

This complements a previous article that explains how to provision and get started with Oracle Autonomous Transaction Processing Database. Also, we have published articles to get started with Oracle Autonomous Data Warehouse.

Remember, the difference is simple:

Continue reading “Teaching a trick to easily import Excel Data into Oracle Autonomous Database (ADW and ATP)”