Daniel's Tech Blog

Cloud Computing, Cloud Native & Kubernetes

Tag: Container

  • Monitor the Envoy Proxy ratelimit service with Azure Monitor for containers

    The last two blog posts of this series covered the setup of the Envoy Proxy ratelimit service and its implementation with Istio. -> https://www.danielstechblog.io/run-the-envoy-proxy-ratelimit-service-for-istio-on-aks-with-azure-cache-for-redis/ -> https://www.danielstechblog.io/implement-rate-limiting-with-istio-on-azure-kubernetes-service/ In today’s post I walk you through on how to monitor the ratelimit service with Azure Monitor for containers. Not the standard monitoring of the container itself. We focus…

  • Implement rate limiting with Istio on Azure Kubernetes Service

    In my last blog post I walked you through the setup of the rate limiting reference implementation: The Envoy Proxy ratelimit service. -> https://www.danielstechblog.io/run-the-envoy-proxy-ratelimit-service-for-istio-on-aks-with-azure-cache-for-redis/ Our today’s topic is about connecting the Istio ingress gateway to the ratelimit service. The first step for us is the Istio documentation. -> https://istio.io/latest/docs/tasks/policy-enforcement/rate-limit/ Connect Istio with the ratelimit service…

  • Detecting SNAT port exhaustion on Azure Kubernetes Service

    Running applications on an Azure Kubernetes Service cluster which make a lot of outbound calls might led to a SNAT port exhaustion. In today’s blog article I walk you through how to detect and mitigate a SNAT port exhaustion on AKS. What is a SNAT port exhaustion? It is important to know what a SNAT…

  • Distribute your application across different availability zones in AKS using Pod Topology Spread Constraints

    This is the last blog post of a series of posts covering the topic about increasing the application availability on Azure Kubernetes Service / Kubernetes. Today we cover the pod topology spread constraints. What are pod topology spread constraints? In the first post of the series, I talked about the pod disruption budget. The PDB…

  • Run the Envoy Proxy ratelimit service for Istio on AKS with Azure Cache for Redis

    The Istio sidecar proxy uses Envoy and therefore supports two different rate limiting modes. A local one targeting only a single service and a global one targeting the entire service mesh. The local rate limit implementation only requires Envoy itself without the need for a rate limit service. In contrast the global rate limit implementation…

  • Cloud Native Club – Kubernetes Policies

    Last week I had the pleasure of being the guest of the fifth episode of the Cloud Native Club run by my former colleague Robin-Manuel Thiel. We talked about the topic Kubernetes policies covering the Open Policy Agent, Gatekeeper and Azure Policy for Kubernetes. The Cloud Native Club format is in German and hence no…

WordPress Cookie Notice by Real Cookie Banner