Tag: Container
-
Restrict access to the IMDS endpoint on Azure Kubernetes Service with Cilium
In today’s blog post, we take a look at restricting access to the Azure IMDS endpoint on an Azure Kubernetes Service (AKS) cluster with Cilium using the BYOCNI approach. The Instance Metadata Service (IMDS) endpoint, also known as short IMDS, can be called directly from every Azure VM or VMSS instance via the following command.…
-
How to restore a container image from an Azure Kubernetes Service node to an Azure Container Registry?
Imagine a specific version of your container image used for your application has been deleted from your Azure Container Registry. It cannot be restored for whatever reason through your CI/CD pipeline, and you still need this version. How can you restore that specific version when you still have a running pod on one of the…
-
Using Istio with Kubernetes native sidecars on Azure Kubernetes Service
In my previous blog post, I showed you how to check for specific feature gates on an Azure Kubernetes Service cluster. -> https://www.danielstechblog.io/show-enabled-feature-gates-on-an-azure-kubernetes-service-cluster/ Especially for the SidecarContainers feature gate, which is enabled on Azure Kubernetes Service running Kubernetes version 1.29 or higher. The SidecarContainers feature gate brings support for running sidecar containers as init containers. For instance, a service…
-
Show enabled feature gates on an Azure Kubernetes Service cluster
Recently, I needed to check which feature gates are active on an Azure Kubernetes Service cluster running Kubernetes version 1.29.0. In particular, the SidecarContainers feature gate brings support for running sidecar containers as init containers. For instance, a service mesh proxy container now starts before the main container and solves a couple of issues with service…
-
Azure Kubernetes Fleet Manager – Advance your Kubernetes cluster update management on Azure
The Azure Kubernetes Fleet Manager comes with two different configuration options with and without a hub cluster configuration. In today’s blog post, we focus on the Azure Kubernetes Fleet Manager without a hub cluster configuration. This configuration option only provides the Azure Kubernetes Service update management, and this is our focus for today, Before we…
-
Fluent Bit and Kata Containers on Azure Kubernetes Service
In the past, I have written two blog posts about how to run untrusted workloads on Azure Kubernetes Service. -> https://www.danielstechblog.io/running-gvisor-on-azure-kubernetes-service-for-sandboxing-containers/ -> https://www.danielstechblog.io/using-kata-containers-on-azure-kubernetes-service-for-sandboxing-containers/ Today, I walk you through how you gather log data of an untrusted workload isolated by Kata Containers with Fluent Bit. When you hear isolated, it always comes to mind that only…