Last year I have written a blog post about detecting SNAT port exhaustion on Azure Kubernetes Service.
Today we dive into the topic of how to prevent SNAT port exhaustion on Azure Kubernetes Service with Virtual Network NAT.
Since this year the managed NAT gateway option for Azure Kubernetes Service Read more [...]
Yesterday, I received a long-awaited email notifying me that I have been awarded for the sixth time as a Microsoft MVP. This is now my third award for the category Microsoft Azure.
Happy to be part of this community for another year and looking forward to it. Read more [...]
Conditions in Terraform are well-known and can provide in combination with the for_each argument a lot of flexibility. In today’s blog post I walk you through an example storage module I have created to showcase the topic.
The module consists of three resources a resource group, a lock, and a storage account. As I am using conditions with for_each for the resource group and the lock I can decide Read more [...]
Last year I wrote a blog post about running Podman on macOS with Multipass as a Docker Desktop replacement.
Back at that time I had looked also into Podman Machine and Rancher Desktop. Podman Machine was out very quickly without support for host volume mounts. Rancher Desktop instead was promising but the host volume Read more [...]
Last year I wrote a blog post about removing dangling container manifests from ACR.
I did not cover an edge case when it comes to multi-arch container manifests. So, here we are, and I walk you through that topic today.
First, do not be afraid the PowerShell script from last year works perfectly Read more [...]
gVisor is one option beside Kata Containers or Firecracker for sandboxing containers to minimize the risk when running untrusted workloads on Kubernetes.
Currently, the only managed Kubernetes service which supports gVisor in dedicated node pools per default is Google Kubernetes Engine. But with a bit of an effort this is doable as well on Azure Kubernetes Service.
At Read more [...]
Conftest is a tool that lets you write tests against structure data like Kubernetes templates.
So, why should you use Conftest when you already established your policies with Azure Policy for Kubernetes?
As Azure Policy for Kubernetes uses Gatekeeper the OPA implementation for Kubernetes under the hood it uses Gatekeeper constraint templates written in Rego. Read more [...]
It might happen that you experience slow container image pulls on your Azure Kubernetes Service nodes. First thought might be the Azure Container Registry is the root cause. Even when using the ACR without the geo-replication option enabled, image pulls from an ACR in Europe to AKS nodes running in Australia are fast. Therefore, it can be the ACR especially when you do not use the Premium SKU as the Read more [...]
On September 1st Microsoft announced the public preview of the custom policy support for Azure Policy for AKS.
I am already using the public preview on my AKS cluster and was curious about if this would work as well with Azure Arc enabled Kubernetes.
The short answer is yes, but with some minor adjustments.
First Read more [...]
In one of my last blog posts I walked you through the setup how to run Podman on macOS with Multipass as Docker for Desktop alternative.
Today I briefly show you the local Kubernetes setup with KinD on Podman. Even the Podman support of KinD is in an experimental state it runs stable enough for the daily usage.
The Read more [...]