Lately I worked intensively with Istio and focused especially on the topic high availability of the Istio control plane.
When you install Istio with the default profile, as mentioned in the Istio documentation, you get a non-high available control plane.
istioctl manifest apply \
--set values.global.mtls.enabled=true \
Per default Istio gets Read more [...]
Running Kubernetes at a cloud provider especially managed Kubernetes like AKS or GKE provides you with a solid foundation and applied security best practices for the managed master control plane.
But there is one downside, the public accessible API endpoint to control the Kubernetes cluster. Even the API endpoint is only exposed via HTTPS and access is secured via the Azure Active Directory integration Read more [...]
In my last blog post I have shown you the configuration of custom upstream nameservers for CoreDNS in AKS.
But there are more configuration options available to customize your CoreDNS experience. We will focus at some of them today.
First, let us have a look at the two options Read more [...]
Last year I have written a blog post about configuring kube-dns in Azure Kubernetes Service to provide a custom nameserver for DNS name resolution.
Since then Kubernetes switched to CoreDNS and AKS as well. Today I am not talking about the topic in my previous blog post, Read more [...]
Certainly, you have heard the term service mesh in the context of Kubernetes. Istio is one of the service mesh implementations that you might have heard of mostly. Beside Istio, Linkerd is the other popular service mesh implementation for Kubernetes.
In this blog post I talk about the installation of Linkerd and running it on Azure Kubernetes Service. The easiest part to get started with Linkerd Read more [...]
Running an ingress controller on Azure Kubernetes Service requires configuration of the Azure Traffic Manager endpoint monitoring options when Traffic Manager is used in front of it.
In this blog post I will show you an example configuration of the Traffic Manager endpoint monitoring for a container application behind the Ambassador API gateway running on AKS.
First, here is the Kubernetes service Read more [...]
In one of my last blog posts I talked about running the Ambassador Kubernetes-native microservices API gateway on Azure Kubernetes Service. Specially to define and set the configuration option externalTrafficPolicy to Local on the Ambassador Kubernetes service object.
But have you ever asked yourself Read more [...]
In my last blog post I introduced you to the Ambassador Kubernetes-native microservices API gateway as an ingress controller running on Azure Kubernetes Service.
Today I would like to show you how to publish an Azure Function running on Kubernetes through the Ambassador API gateway. It is nothing Read more [...]
Lately I was playing around with the Ambassador Kubernetes-native microservices API gateway as an ingress controller on Azure Kubernetes Service.
Ambassador is based on the popular L7 proxy Envoy by Lyft. Beside the API gateway capabilities, you can use Ambassador just as an ingress controller for publishing your container applications to the outside world.
-> Read more [...]
Microsoft provides an own network policy module to implement Kubernetes network policies with the Azure CNI plugin for acs-engine and AKS called Azure NPM.
The Azure NPM is available since quite some time for acs-engine and natively integrated, but not yet for AKS. If you want to use Azure NPM on Azure Kubernetes Service, Read more [...]