Tag Archives: AKS

Using Kata Containers on Azure Kubernetes Service for sandboxing containers

Last year I wrote a blog post about running gVisor on Azure Kubernetes for sandboxing containers. -> https://www.danielstechblog.io/running-gvisor-on-azure-kubernetes-service-for-sandboxing-containers/ Back then, the only managed Kubernetes service that supported sandboxing containers in dedicated node pools was Google Kubernetes Engine via gVisor. A few weeks back, Microsoft announced Read more [...]

Learnings from the field – Running Fluent Bit on Azure Kubernetes Service – Part 3

This is the second part of a three-part series about “Learnings from the field – Running Fluent Bit on Azure Kubernetes Service”. -> https://www.danielstechblog.io/learnings-from-the-field-running-fluent-bit-on-azure-kubernetes-service-part-1/ -> https://www.danielstechblog.io/learnings-from-the-field-running-fluent-bit-on-azure-kubernetes-service-part-2/ Logging is one of the central Read more [...]

Learnings from the field – Running Fluent Bit on Azure Kubernetes Service – Part 2

This is the second part of a three-part series about “Learnings from the field – Running Fluent Bit on Azure Kubernetes Service”. -> https://www.danielstechblog.io/learnings-from-the-field-running-fluent-bit-on-azure-kubernetes-service-part-1/ Logging is one of the central aspects when operating Kubernetes. The easiest way to get started with it is by using the solution your cloud provider Read more [...]

Learnings from the field – Running Fluent Bit on Azure Kubernetes Service – Part 1

This is the first part of a three-part series about “Learnings from the field – Running Fluent Bit on Azure Kubernetes Service”. Logging is one of the central aspects when operating Kubernetes. The easiest way to get started with it is by using the solution your cloud provider provides. On Azure, this is Azure Monitor Container Insights that can also be used on Google Kubernetes Engine and Read more [...]

Azure Kubernetes Service – Using Kubernetes credential plugin kubelogin with Terraform

In today’s blog post we have a look at the Kubernetes credential plugin kubelogin for Azure Kubernetes Service and how to use it with Terraform. -> https://github.com/Azure/kubelogin -> https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins The Azure Kubernetes Service cluster I am using for demonstration is an AKS-managed Azure Active Directory Read more [...]

Azure Kubernetes Service news from KubeCon North America 2022

Last week the KubeCon / CloudNativeCon North America took place in Detroit with a lot of news regarding Azure Kubernetes Service. Let us now walk through what has been announced for AKS. Microsoft further enhances the different CNI options that are available for Azure Kubernetes Service. Besides the standard of Azure CNI with Azure Network Policy Manager or Calico for Kubernetes network policies, Read more [...]

Apply configuration changes to the default node pool in AKS via Bicep

In today’s blog post we look into the Bicep and how to apply configuration changes to the default node pool in Azure Kubernetes Service within the same Bicep template. What sounds easy on the first look gets nasty if all the things shall be done within the same template like creating an Azure Kubernetes Service cluster, adding additional node pools, or changing the configuration of existing ones. Read more [...]

How to change the node size of the default node pool in AKS without downtime?

Currently, as of writing this blog post, Azure Kubernetes Service does not support changing the node size of the default node pool or additional node pools without recreating the whole AKS cluster or the additional node pool. Having all the configuration in infrastructure as code whether it is Bicep or Terraform seems to be a dead end for this simple operation. If we change the node size in our Read more [...]

Preventing SNAT port exhaustion on Azure Kubernetes Service with Virtual Network NAT

Last year I have written a blog post about detecting SNAT port exhaustion on Azure Kubernetes Service. -> https://www.danielstechblog.io/detecting-snat-port-exhaustion-on-azure-kubernetes-service/ Today we dive into the topic of how to prevent SNAT port exhaustion on Azure Kubernetes Service with Virtual Network NAT. Since this year the managed NAT gateway option for Azure Kubernetes Service Read more [...]

Kubernetes CPU requests demystified

Two weeks back I participated in an incredibly good and vivid discussion on Twitter about Kubernetes CPU requests and limits. During the discussion I learned a lot and were proven that my knowledge and statement are not correct. I had made the following statement: “CPU requests are used for scheduling but are not guaranteed at runtime.” The first part about the scheduling is correct and the Read more [...]