Tag: Networking
-
Using Cilium Hubble Exporter to log blocked egress traffic on Azure Kubernetes Service
In one of my previous blog posts, I covered how to do egress traffic blocking with Cilium bring-your-own CNI on Azure Kubernetes Service -> https://www.danielstechblog.io/egress-traffic-blocking-with-cilium-cluster-wide-network-policies-on-azure-kubernetes-service/ Today we look into Cilium Hubble Exporter which lets us write Hubble flows to the Cilium agent log output. Thus, Hubble flows can be collected by the logging solution running…
-
Egress traffic blocking with Calico global network policies on Azure Kubernetes Service
In my last blog post, I covered how to do egress traffic blocking with Cilium bring-your-own CNI on Azure Kubernetes Service as Azure CNI powered by Cilium does not officially support Cilium cluster-wide network policies and Cilium CIDR groups. -> https://www.danielstechblog.io/egress-traffic-blocking-with-cilium-cluster-wide-network-policies-on-azure-kubernetes-service/ In addition to the Cilium option on Azure Kubernetes Service, there has been and…
-
Egress traffic blocking with Cilium cluster-wide network policies on Azure Kubernetes Service
Today, we talk about how to block egress traffic with Cilium cluster-wide network policies on Azure Kubernetes Service. For this, we need an Azure Kubernetes Service cluster with Cilium installed via the bring-your-own CNI approach. Azure CNI powered by Cilium unfortunately only partially supports Cilium network policies. However, Cilium cluster-wide network policies and Cilium CIDR…
-
Using Istio with Kubernetes native sidecars on Azure Kubernetes Service
In my previous blog post, I showed you how to check for specific feature gates on an Azure Kubernetes Service cluster. -> https://www.danielstechblog.io/show-enabled-feature-gates-on-an-azure-kubernetes-service-cluster/ Especially for the SidecarContainers feature gate, which is enabled on Azure Kubernetes Service running Kubernetes version 1.29 or higher. The SidecarContainers feature gate brings support for running sidecar containers as init containers. For instance, a service…
-
Using HTTP status code 307/308 for HTTPS redirect with the Istio ingress gateway
The gateway definition for the Istio ingress gateway provides a configuration parameter to enable the HTTPS redirect of HTTP connections. -> https://istio.io/latest/docs/reference/config/networking/gateway/#ServerTLSSettings apiVersion: networking.istio.io/v1beta1 kind: Gateway metadata: name: azst-aks-gateway namespace: istio-config spec: selector: istio: ingressgateway # use Istio default gateway implementation servers: – hosts: – “*.danielstechblog.de” port: number: 80 name: http protocol: HTTP tls: httpsRedirect:…
-
Azure Load Testing news
I have been using Azure Load Testing for my Azure Chaos Studio demos for a while now. The service provides an on-demand infrastructure to run your load tests as a managed service. Recently, the service received some significant updates I like to share with you. The first update targets the test duration. Previously limited to…