Tag Archives: AKS

Local Kubernetes setup with KinD

Getting started with Kubernetes these days is easy and does not require to be in the lucky position having access to a cloud provider subscription for playing around with managed Kubernetes like AKS, EKS or GKE. All you need is your local machine. But then you must choose which one of the available offerings you would like to use: minikube, Docker Desktop, MicroK8s, k3s/k3d or KinD? Today Read more [...]

Upgrading the node image of an Azure Kubernetes Service cluster

Last year I have written a shell script to update the VMSS base image of an Azure Kubernetes Service cluster. -> https://www.danielstechblog.io/updating-the-base-image-of-a-vmss-based-aks-cluster/ -> https://www.danielstechblog.io/aks-vmss-base-image-update-script-multiple-node-pool-support/ As I am using the VMSS API and not the AKS API it was not an officially supported way to update Read more [...]

Using Azure Policy for Kubernetes

In my last blog post I mentioned that the next topic is about Azure Policy in combination with Azure Arc enabled Kubernetes. I decided to write about Azure Policy for Kubernetes instead covering Azure Kubernetes Service and Azure Arc enabled Kubernetes. As Azure Policy for Kubernetes is based on the Open Policy Agent Gatekeeper implementation, I will also highlight the difference between the Read more [...]

Switching to Istio CNI plugin on Azure Kubernetes Service

You might question yourself, why the switch to the Istio CNI plugin might be useful? Istio uses, and other services meshes too, an init container to adjust the iptables rules for redirecting network traffic to/from the sidecar proxy container. The init container uses NET_ADMIN and NET_RAW capabilities to do the iptables changes and thus has more capabilities than per default. Exactly one capability Read more [...]

Using Azure Resource Graph to show ASC container image scan findings

In my previous blog post I showed you how to connect your Azure Container Registries with Azure Security Center. -> https://www.danielstechblog.io/connecting-azure-container-registry-with-azure-security-center/ Today we talk about how to receive the scan results via Azure Resource Graph instead of using the Security Center UI path. You can submit your queries against the Resource Graph Read more [...]

Connecting Azure Container Registry with Azure Security Center

Back in March Microsoft released the container image scanning solution in the Azure Security Center for the Azure Container Registry. -> https://azure.microsoft.com/en-us/updates/vulnerability-scanning-for-images-in-azure-container-registry-is-now-generally-available/ The container image scanning solution is powered by Qualys and seamlessly integrated into the Security Center UI. Connecting Read more [...]

Speaking at Global Azure Bootcamp 2020 Virtual – Cologne

Unfortunately, the in person event of the Global Azure Bootcamp 2020 Cologne is postponed due to the Corona virus pandemic. But the team worked hard behind the scenes and announced last week that the event will be held virtually. I am happy to be part of the Global Azure Bootcamp 2020 Virtual - Cologne on April 25th. -> https://www.meetup.com/Azure-Cologne-Meetup/events/266727986/ The Read more [...]

Terraform – Upgrading AKS Kubernetes version does not upgrade node pools

If you experience during an AKS Kubernetes version upgrade that only the control plane got upgraded, you are certainly using the Terraform Azure provider in version 1.40.0 or higher. -> https://github.com/terraform-providers/terraform-provider-azurerm/issues/5541 A current workaround is a null_resource with a trigger on the Kubernetes version and running a Bash script with the local-exec provisioner. Read more [...]

High available control plane with Istio 1.5 on Azure Kubernetes Service

Back in January I have written a blog post about installing the Istio control plane on AKS in HA mode. -> https://www.danielstechblog.io/install-a-high-available-istio-control-plane-on-azure-kubernetes-service/ Since the release of Istio 1.5 this month the overall architecture of the Istio control plane has changed. -> https://istio.io/news/releases/1.5.x/announcing-1.5/#introducing-istiod With Read more [...]

Updated maximum nodes limit – Azure Function App – AKS Azure CNI IP address calculation

Just a short information about the update I have done for the Azure Function App doing the AKS Azure CNI IP address calculation. Since the last update there has been a change to the maximum nodes per cluster limit supported by AKS. Maximum nodes per cluster (only with multiple node pools and VMSS): 1000 -> https://docs.microsoft.com/en-us/azure/aks/use-multiple-node-pools#limitations This Read more [...]