Tag Archives: Networking

Switching to Istio CNI plugin on Azure Kubernetes Service

You might question yourself, why the switch to the Istio CNI plugin might be useful? Istio uses, and other services meshes too, an init container to adjust the iptables rules for redirecting network traffic to/from the sidecar proxy container. The init container uses NET_ADMIN and NET_RAW capabilities to do the iptables changes and thus has more capabilities than per default. Exactly one capability Read more [...]

High available control plane with Istio 1.5 on Azure Kubernetes Service

Back in January I have written a blog post about installing the Istio control plane on AKS in HA mode. -> https://www.danielstechblog.io/install-a-high-available-istio-control-plane-on-azure-kubernetes-service/ Since the release of Istio 1.5 this month the overall architecture of the Istio control plane has changed. -> https://istio.io/news/releases/1.5.x/announcing-1.5/#introducing-istiod With Read more [...]

Install a high available Istio control plane on Azure Kubernetes Service

Lately I worked intensively with Istio and focused especially on the topic high availability of the Istio control plane. When you install Istio with the default profile, as mentioned in the Istio documentation, you get a non-high available control plane. istioctl manifest apply \ --set values.global.mtls.enabled=true \ --set values.global.controlPlaneSecurityEnabled=true Per default Istio gets Read more [...]

Secure Kubernetes API server access in Azure Kubernetes Service

Running Kubernetes at a cloud provider especially managed Kubernetes like AKS or GKE provides you with a solid foundation and applied security best practices for the managed master control plane. But there is one downside, the public accessible API endpoint to control the Kubernetes cluster. Even the API endpoint is only exposed via HTTPS and access is secured via the Azure Active Directory integration Read more [...]

Configuration options for CoreDNS in Azure Kubernetes Service

In my last blog post I have shown you the configuration of custom upstream nameservers for CoreDNS in AKS. -> https://www.danielstechblog.io/setting-custom-upstream-nameservers-for-coredns-in-azure-kubernetes-service/ But there are more configuration options available to customize your CoreDNS experience. We will focus at some of them today. First, let us have a look at the two options Read more [...]

Setting custom upstream nameservers for CoreDNS in Azure Kubernetes Service

Last year I have written a blog post about configuring kube-dns in Azure Kubernetes Service to provide a custom nameserver for DNS name resolution. -> https://www.danielstechblog.io/using-custom-dns-server-for-domain-specific-name-resolution-with-azure-kubernetes-service/ Since then Kubernetes switched to CoreDNS and AKS as well. Today I am not talking about the topic in my previous blog post, Read more [...]

Running Linkerd on Azure Kubernetes Service

Certainly, you have heard the term service mesh in the context of Kubernetes. Istio is one of the service mesh implementations that you might have heard of mostly. Beside Istio, Linkerd is the other popular service mesh implementation for Kubernetes. In this blog post I talk about the installation of Linkerd and running it on Azure Kubernetes Service. The easiest part to get started with Linkerd Read more [...]

Configure Azure Traffic Manager endpoint monitoring for container applications behind an ingress controller on AKS

Running an ingress controller on Azure Kubernetes Service requires configuration of the Azure Traffic Manager endpoint monitoring options when Traffic Manager is used in front of it. In this blog post I will show you an example configuration of the Traffic Manager endpoint monitoring for a container application behind the Ambassador API gateway running on AKS. First, here is the Kubernetes service Read more [...]

Azure Load Balancer behavior when externalTrafficPolicy is set to Local in the Kubernetes service object

In one of my last blog posts I talked about running the Ambassador Kubernetes-native microservices API gateway on Azure Kubernetes Service. Specially to define and set the configuration option externalTrafficPolicy to Local on the Ambassador Kubernetes service object. -> https://www.danielstechblog.io/running-ambassador-api-gateway-on-azure-kubernetes-service/ But have you ever asked yourself Read more [...]

Publishing Azure Functions on AKS through the Ambassador API gateway

In my last blog post I introduced you to the Ambassador Kubernetes-native microservices API gateway as an ingress controller running on Azure Kubernetes Service. -> https://www.danielstechblog.io/running-ambassador-api-gateway-on-azure-kubernetes-service/ Today I would like to show you how to publish an Azure Function running on Kubernetes through the Ambassador API gateway. It is nothing Read more [...]