Daniel's Tech Blog

Cloud Computing, Cloud Native & Kubernetes

Tag: Kubernetes

  • Connecting Azure Container Registry with Azure Security Center

    Back in March Microsoft released the container image scanning solution in the Azure Security Center for the Azure Container Registry. -> https://azure.microsoft.com/en-us/updates/vulnerability-scanning-for-images-in-azure-container-registry-is-now-generally-available/ The container image scanning solution is powered by Qualys and seamlessly integrated into the Security Center UI. Connecting your Azure Container Registries with the Security Center requires ASC running in the Standard Tier.…

  • Terraform – Upgrading AKS Kubernetes version does not upgrade node pools

    If you experience during an AKS Kubernetes version upgrade that only the control plane got upgraded, you are certainly using the Terraform Azure provider in version 1.40.0 or higher. -> https://github.com/terraform-providers/terraform-provider-azurerm/issues/5541 A current workaround is a null_resource with a trigger on the Kubernetes version and running a Bash script with the local-exec provisioner. So, you…

  • High available control plane with Istio 1.5 on Azure Kubernetes Service

    Back in January I have written a blog post about installing the Istio control plane on AKS in HA mode. -> https://www.danielstechblog.io/install-a-high-available-istio-control-plane-on-azure-kubernetes-service/ Since the release of Istio 1.5 this month the overall architecture of the Istio control plane has changed. -> https://istio.io/news/releases/1.5.x/announcing-1.5/#introducing-istiod With the introduction of Istiod the number of deployed pods get dramatically reduced,…

  • Updated maximum nodes limit – Azure Function App – AKS Azure CNI IP address calculation

    Just a short information about the update I have done for the Azure Function App doing the AKS Azure CNI IP address calculation. Since the last update there has been a change to the maximum nodes per cluster limit supported by AKS. Maximum nodes per cluster (only with multiple node pools and VMSS): 1000 ->…

  • Combine istioctl commands with kubectl-select

    Since working with Istio I stumbled a couple of times over some of the istioctl commands that require to select a specific pod or service. Some of these commands are istioctl… …dashboard controlz {Istio pilot pod name} …dashboard envoy {pod name} …experimental describe service {service name} …experimental metrics {service name} …proxy-config bootstrap {pod name} For…

  • Install a high available Istio control plane on Azure Kubernetes Service

    Lately I worked intensively with Istio and focused especially on the topic high availability of the Istio control plane. When you install Istio with the default profile, as mentioned in the Istio documentation, you get a non-high available control plane. istioctl manifest apply \ –set values.global.mtls.enabled=true \ –set values.global.controlPlaneSecurityEnabled=true Per default Istio gets installed with…

WordPress Cookie Notice by Real Cookie Banner