Tag Archives: Kubernetes

Using distroless images in Istio on Azure Kubernetes Service

Looking at Docker Hub Istio provides the option using distroless images since version 1.3.0. As it is always a good idea on a Kubernetes cluster to reduce the attack surface, especially when running a managed Kubernetes cluster like Azure Kubernetes Service, using distroless images is one option of it. Per default Istio does not use the distroless image versions. So, you need to opt in for Read more [...]

ARM Template – Deploy an AKS cluster using managed identity and managed Azure AD integration

As I mentioned in my other blog post before I have updated my Azure Resource Manager template as well. Switching from the AAD service principal to managed identity option and from the AAD v1 integration to AAD v2 which is also managed. Other changes and improvements are the following ones: Private cluster support Managed control plane SKU tier support Windows node pool support Node Read more [...]

Terraform – Deploy an AKS cluster using managed identity and managed Azure AD integration

Recently, I updated my Terraform AKS module switching from the AAD service principal to managed identity option as well from the AAD v1 integration to AAD v2 which is also managed. Other changes and improvements are the following ones: Private cluster support Managed control plane SKU tier support Windows node pool support Node labels support addon_profile section parameterized -> Read more [...]

Running Istio on KinD – Kubernetes in Docker

In my last blog post I have shown you my local Kubernetes setup with KinD. I mentioned also Istio and today we walk through the configuration to get it running on Kubernetes in Docker. As prerequisite I recommend reading my previous blog post before you continue with this one. -> https://www.danielstechblog.io/local-kubernetes-setup-with-kind/ I made a configuration decision for KinD Read more [...]

Local Kubernetes setup with KinD

Getting started with Kubernetes these days is easy and does not require to be in the lucky position having access to a cloud provider subscription for playing around with managed Kubernetes like AKS, EKS or GKE. All you need is your local machine. But then you must choose which one of the available offerings you would like to use: minikube, Docker Desktop, MicroK8s, k3s/k3d or KinD? Today Read more [...]

Upgrading the node image of an Azure Kubernetes Service cluster

Last year I have written a shell script to update the VMSS base image of an Azure Kubernetes Service cluster. -> https://www.danielstechblog.io/updating-the-base-image-of-a-vmss-based-aks-cluster/ -> https://www.danielstechblog.io/aks-vmss-base-image-update-script-multiple-node-pool-support/ As I am using the VMSS API and not the AKS API it was not an officially supported way to update Read more [...]

Using Azure Policy for Kubernetes

In my last blog post I mentioned that the next topic is about Azure Policy in combination with Azure Arc enabled Kubernetes. I decided to write about Azure Policy for Kubernetes instead covering Azure Kubernetes Service and Azure Arc enabled Kubernetes. As Azure Policy for Kubernetes is based on the Open Policy Agent Gatekeeper implementation, I will also highlight the difference between the Read more [...]

Connect KinD with Azure Arc enabled Kubernetes

At this year’s first ever digital Microsoft Build conference, Microsoft announced the public preview of Azure Arc enabled Kubernetes. -> https://azure.microsoft.com/en-us/updates/azure-arc-support-for-azure-kubernetes-service-aks-engine-clusters/ Azure Arc enabled Kubernetes lets you connect Kubernetes clusters running on-premises or at another cloud provider with Azure for a unified management Read more [...]

Connect KinD with Azure Monitor for containers

Last year Microsoft announced the Azure Monitor for containers support for on-premises Kubernetes clusters. -> https://azure.microsoft.com/en-us/updates/azure-monitor-now-supports-monitoring-containers-on-premises-and-on-azure-stack/ As I recently switched from the Docker Desktop for Mac Kubernetes single node cluster to KinD (Kubernetes in Docker), I was curious about to try out the on-premises Read more [...]

Switching to Istio CNI plugin on Azure Kubernetes Service

You might question yourself, why the switch to the Istio CNI plugin might be useful? Istio uses, and other services meshes too, an init container to adjust the iptables rules for redirecting network traffic to/from the sidecar proxy container. The init container uses NET_ADMIN and NET_RAW capabilities to do the iptables changes and thus has more capabilities than per default. Exactly one capability Read more [...]