Tag Archives: Cloud

Troubleshooting Azure Kubernetes Service tunnel component issues

In Azure Kubernetes Service Microsoft manages the AKS control plane (Kubernetes API server, scheduler, etcd, etc.) for you. The AKS control plane interacts with the AKS nodes in your subscription via a secure connection that is established through the tunnelfront / aks-link component. -> https://docs.microsoft.com/en-us/azure/aks/concepts-clusters-workloads#kubernetes-cluster-architecture As Read more [...]

Automate taking backups from Azure disks attached to Azure Kubernetes Service

At the beginning of 2019 I wrote a blog post about taking backups from Azure disks attached to an Azure Kubernetes Service cluster. -> https://www.danielstechblog.io/taking-backups-from-azure-disks-attached-to-aks-via-azure-automation/ Since then, some things changed. Azure Function PowerShell support went into public preview in April 2019 and the AzTable (AzureRmStorageTable) module I use Read more [...]

Azure Policy for Azure Kubernetes Service

In June I already covered Azure Policy for Kubernetes in a blog post. -> https://www.danielstechblog.io/using-azure-policy-for-kubernetes/ Back then Azure Policy for AKS was in public preview. At this year’s Microsoft Ignite Azure Policy for AKS went GA. -> https://azure.microsoft.com/en-us/updates/ga-policy-addon-for-azure-kubernetes-service/ There have been some significant changes Read more [...]

Azure Kubernetes Service – Microsoft Ignite announcements

At this year’s first digital Microsoft Ignite conference Microsoft announced several GA and preview features for its Azure Kubernetes Service. GA: Azure Policy add-on for AKS GA: Ubuntu 18.04 as new base image GA: Mutate default storage class Preview: Azure RBAC for Kubernetes authorization Preview: AKS cluster start/stop feature Preview: Kubernetes 1.19 support Preview: New Read more [...]

Trigger an on-demand Azure Policy compliance evaluation scan

Azure Policy evaluates resource compliance automatically every 24 hours for already assigned policies or initiatives. New policy or initiative assignments start the evaluation after the assignment has been applied to the defined scope which might take up to 30 minutes. What might be a hidden gem to some of you is the case that you can trigger an on-demand compliance evaluation scan whenever Read more [...]

Downgrade the Linux kernel on an Azure Ubuntu VM

Sometimes it might be that you need to downgrade the Linux kernel on an Azure Ubuntu VM. Especially when you use Azure Site Recovery for BCDR. As the ASR agent has a slight delay on supporting the latest Linux kernel versions. -> https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-support-matrix#supported-ubuntu-kernel-versions-for-azure-virtual-machines Ubuntu was one of Read more [...]

Using distroless images in Istio on Azure Kubernetes Service

Looking at Docker Hub Istio provides the option using distroless images since version 1.3.0. As it is always a good idea on a Kubernetes cluster to reduce the attack surface, especially when running a managed Kubernetes cluster like Azure Kubernetes Service, using distroless images is one option of it. Per default Istio does not use the distroless image versions. So, you need to opt in for Read more [...]

Assigning RBAC permissions with Azure Resource Manager templates

Recently, I updated my AKS ARM template supporting the latest AKS feature set and important RBAC role assignments for the AKS cluster. After having a hard time, I managed to get the RBAC role assignment working. When you now think what should be so complicated? Check out my tweet on Twitter getting the background information. -> https://twitter.com/neumanndaniel/status/1294272253211947008 It Read more [...]

ARM Template – Deploy an AKS cluster using managed identity and managed Azure AD integration

As I mentioned in my other blog post before I have updated my Azure Resource Manager template as well. Switching from the AAD service principal to managed identity option and from the AAD v1 integration to AAD v2 which is also managed. Other changes and improvements are the following ones: Private cluster support Managed control plane SKU tier support Windows node pool support Node Read more [...]

Terraform – Deploy an AKS cluster using managed identity and managed Azure AD integration

Recently, I updated my Terraform AKS module switching from the AAD service principal to managed identity option as well from the AAD v1 integration to AAD v2 which is also managed. Other changes and improvements are the following ones: Private cluster support Managed control plane SKU tier support Windows node pool support Node labels support addon_profile section parameterized -> Read more [...]