Daniel's Tech Blog

Cloud Computing, Cloud Native & Kubernetes

Tag: AKS

  • Use node initialization taints on Azure Kubernetes Service with Cilium

    On an Azure Kubernetes Service cluster with Bring Your Own Container Network Interface (BYOCNI) using Cilium, you could not use Cilium’s agent-not-ready taint functionality. -> https://docs.cilium.io/en/stable/installation/taints/ The reason for that is that the Azure control plane blocks add/remove operations on taints via the Kubernetes API. You have to remove taints via the Azure Kubernetes Service…

  • Cilium’s new Hubble flow policy log field

    Cilium in version 1.18 introduced a new useful feature called “policy log field” for Hubble flows. -> https://isovalent.com/blog/post/cilium-1-18/#hubble-flow-policy-log-field This feature provides additional possibilities for further insights/checks on which network policy was applied to a network flow. We have a look at how to configure the policy log field and what a Hubble flow looks like…

  • Restrict access to the IMDS endpoint on Azure Kubernetes Service with Cilium

    In today’s blog post, we take a look at restricting access to the Azure IMDS endpoint on an Azure Kubernetes Service (AKS) cluster with Cilium using the BYOCNI approach. The Instance Metadata Service (IMDS) endpoint, also known as short IMDS, can be called directly from every Azure VM or VMSS instance via the following command.…

  • How to restore a container image from an Azure Kubernetes Service node to an Azure Container Registry?

    Imagine a specific version of your container image used for your application has been deleted from your Azure Container Registry. It cannot be restored for whatever reason through your CI/CD pipeline, and you still need this version. How can you restore that specific version when you still have a running pod on one of the…

  • Kubernetes namespace exclusion options for Kyverno policies

    During my preparation for the Kyverno Certified Associate exam, I hit an interesting part that I would like to talk about today. Which options do we have to exclude entire namespaces from Kyverno policies? Depending on what we want to achieve, we have three different options at hand to accomplish our goal. Option 1 –…

  • How to send Cilium metrics to Azure Managed Prometheus

    In today’s blog post, I walk you through the setup on how to send Cilium metrics to Azure Managed Prometheus. Our setup covers two scenarios. The first one is an Azure Kubernetes Service cluster using Cilium via the BYOCNI (Bring Your Own CNI) option, and the second one is a K3s single node cluster running…

WordPress Cookie Notice by Real Cookie Banner