-
Show enabled feature gates on an Azure Kubernetes Service cluster
Recently, I needed to check which feature gates are active on an Azure Kubernetes Service cluster running Kubernetes version 1.29.0. In particular, the SidecarContainers feature gate brings support for running sidecar containers as init containers. For instance, a service mesh proxy container now starts before the main container and solves a couple of issues with service…
-
Azure Kubernetes Fleet Manager – Advance your Kubernetes cluster update management on Azure
The Azure Kubernetes Fleet Manager comes with two different configuration options with and without a hub cluster configuration. In today’s blog post, we focus on the Azure Kubernetes Fleet Manager without a hub cluster configuration. This configuration option only provides the Azure Kubernetes Service update management, and this is our focus for today, Before we…
-
Configure Microsoft Defender for Cloud continuous export via Terraform
Microsoft Defender for Cloud supports the continuous export of a variety of data to Azure Event Hubs and Azure Log Analytics workspaces. When you use Azure Event Hubs, you can stream those data also to 3rd-party solutions or Azure Data Explorer. The continuous export is handy for security alerts to maintain them for a longer…
-
Azure PostgreSQL Flexible Server – Feature set on par with Single Server
The Azure PostgreSQL Flexible Server was from its launch the better option than the Single Server, especially from a performance perspective. However, the Flexible Server was missing important features that were built-in in the Single Server from the beginning. Since the retirement announcement of the Single Server, it was time for Microsoft to bring the…
-
Using HTTP status code 307/308 for HTTPS redirect with the Istio ingress gateway
The gateway definition for the Istio ingress gateway provides a configuration parameter to enable the HTTPS redirect of HTTP connections. -> https://istio.io/latest/docs/reference/config/networking/gateway/#ServerTLSSettings apiVersion: networking.istio.io/v1beta1 kind: Gateway metadata: name: azst-aks-gateway namespace: istio-config spec: selector: istio: ingressgateway # use Istio default gateway implementation servers: – hosts: – “*.danielstechblog.de” port: number: 80 name: http protocol: HTTP tls: httpsRedirect:…
-
Fluent Bit and Kata Containers on Azure Kubernetes Service
In the past, I have written two blog posts about how to run untrusted workloads on Azure Kubernetes Service. -> https://www.danielstechblog.io/running-gvisor-on-azure-kubernetes-service-for-sandboxing-containers/ -> https://www.danielstechblog.io/using-kata-containers-on-azure-kubernetes-service-for-sandboxing-containers/ Today, I walk you through how you gather log data of an untrusted workload isolated by Kata Containers with Fluent Bit. When you hear isolated, it always comes to mind that only…