Author Archives: Daniel

Connecting Azure Container Registry with Azure Security Center

Back in March Microsoft released the container image scanning solution in the Azure Security Center for the Azure Container Registry. -> https://azure.microsoft.com/en-us/updates/vulnerability-scanning-for-images-in-azure-container-registry-is-now-generally-available/ The container image scanning solution is powered by Qualys and seamlessly integrated into the Security Center UI. Connecting Read more [...]

Speaking at Global Azure Bootcamp 2020 Virtual – Cologne

Unfortunately, the in person event of the Global Azure Bootcamp 2020 Cologne is postponed due to the Corona virus pandemic. But the team worked hard behind the scenes and announced last week that the event will be held virtually. I am happy to be part of the Global Azure Bootcamp 2020 Virtual - Cologne on April 25th. -> https://www.meetup.com/Azure-Cologne-Meetup/events/266727986/ The Read more [...]

Terraform – Upgrading AKS Kubernetes version does not upgrade node pools

If you experience during an AKS Kubernetes version upgrade that only the control plane got upgraded, you are certainly using the Terraform Azure provider in version 1.40.0 or higher. -> https://github.com/terraform-providers/terraform-provider-azurerm/issues/5541 A current workaround is a null_resource with a trigger on the Kubernetes version and running a Bash script with the local-exec provisioner. Read more [...]

High available control plane with Istio 1.5 on Azure Kubernetes Service

Back in January I have written a blog post about installing the Istio control plane on AKS in HA mode. -> https://www.danielstechblog.io/install-a-high-available-istio-control-plane-on-azure-kubernetes-service/ Since the release of Istio 1.5 this month the overall architecture of the Istio control plane has changed. -> https://istio.io/news/releases/1.5.x/announcing-1.5/#introducing-istiod With Read more [...]

Install Homebrew for Linux in Azure Cloud Shell

As macOS user you properly know Homebrew the package manager and you might know that you can install it also on Linux. The Azure Cloud Shell is based on an Ubuntu image, but has some special requirements where to store data that should be persisted throughout your sessions. -> https://docs.microsoft.com/en-us/azure/cloud-shell/persisting-shell-storage#how-cloud-shell-storage-works Therefore, Read more [...]

Using the Powerlevel10k theme in Azure Cloud Shell

Last year I have written a blog post about setting up the Zsh with Oh My Zsh in Azure Cloud Shell. -> https://www.danielstechblog.io/setting-up-zsh-with-oh-my-zsh-in-azure-cloud-shell/ Recently, I switched to the Powerlevel10k theme and ran through the setup wizard to generate a configuration with a lean prompt style. -> https://github.com/romkatv/powerlevel10k Before, I used the Read more [...]

Updated maximum nodes limit – Azure Function App – AKS Azure CNI IP address calculation

Just a short information about the update I have done for the Azure Function App doing the AKS Azure CNI IP address calculation. Since the last update there has been a change to the maximum nodes per cluster limit supported by AKS. Maximum nodes per cluster (only with multiple node pools and VMSS): 1000 -> https://docs.microsoft.com/en-us/azure/aks/use-multiple-node-pools#limitations This Read more [...]

Combine istioctl commands with kubectl-select

Since working with Istio I stumbled a couple of times over some of the istioctl commands that require to select a specific pod or service. Some of these commands are istioctl… …dashboard controlz {Istio pilot pod name} …dashboard envoy {pod name} …experimental describe service {service name} …experimental metrics {service name} ...proxy-config bootstrap {pod name} For Read more [...]

Install a high available Istio control plane on Azure Kubernetes Service

Lately I worked intensively with Istio and focused especially on the topic high availability of the Istio control plane. When you install Istio with the default profile, as mentioned in the Istio documentation, you get a non-high available control plane. istioctl manifest apply \ --set values.global.mtls.enabled=true \ --set values.global.controlPlaneSecurityEnabled=true Per default Istio gets Read more [...]

Check cluster manageability with Azure Kubernetes Service Diagnostics

It does not matter if your AKS cluster is running without any issues or you currently experiencing issues, you should run Azure Kubernetes Service Diagnostics on a regular base. But what is Azure Kubernetes Service Diagnostics? Let me give you a quick introduction. AKS Diagnostics is a functionality in the Azure portal which provides you with the capability to run a self-diagnosis against your Read more [...]