Month: January 2022

Running gVisor on Azure Kubernetes Service for sandboxing containers

gVisor is one option beside Kata Containers or Firecracker for sandboxing containers to minimize the risk when running untrusted workloads on Kubernetes. -> https://gvisor.dev/ Currently, the only managed Kubernetes service which supports gVisor in dedicated node pools per default is Google Kubernetes Engine. But with a bit of an effort this is doable as well…

27. January 2022
Run the Istio ingress gateway with TLS termination and TLS passthrough

The Istio ingress gateway supports two modes for dealing with TLS traffic: TLS termination and TLS passthrough. Running Istio with TLS termination is the default and standard configuration for most installations. Incoming TLS traffic is terminated at the Istio ingress gateway level and then sent to the destination service encrypted via mTLS within the service…

3. January 2022

Running gVisor on Azure Kubernetes Service for sandboxing containers