Tag: Networking
-
Configuring Istio using the Kubernetes Gateway API
The Kubernetes Gateway API is the successor of the Kubernetes Ingress API and is currently in beta state. More and more projects add support for the Gateway API like Istio. -> https://istio.io/latest/blog/2022/gateway-api-beta/ -> https://istio.io/latest/blog/2022/getting-started-gtwapi/ In today’s blog post, I walk you through how to configure Istio using the Kubernetes Gateway API. At the time of…
-
Preventing SNAT port exhaustion on Azure Kubernetes Service with Virtual Network NAT
Last year I have written a blog post about detecting SNAT port exhaustion on Azure Kubernetes Service. -> https://www.danielstechblog.io/detecting-snat-port-exhaustion-on-azure-kubernetes-service/ Today we dive into the topic of how to prevent SNAT port exhaustion on Azure Kubernetes Service with Virtual Network NAT. Since this year the managed NAT gateway option for Azure Kubernetes Service is generally available…
-
Run the Istio ingress gateway with TLS termination and TLS passthrough
The Istio ingress gateway supports two modes for dealing with TLS traffic: TLS termination and TLS passthrough. Running Istio with TLS termination is the default and standard configuration for most installations. Incoming TLS traffic is terminated at the Istio ingress gateway level and then sent to the destination service encrypted via mTLS within the service…
-
Monitor the Envoy Proxy ratelimit service with Azure Monitor for containers
The last two blog posts of this series covered the setup of the Envoy Proxy ratelimit service and its implementation with Istio. -> https://www.danielstechblog.io/run-the-envoy-proxy-ratelimit-service-for-istio-on-aks-with-azure-cache-for-redis/ -> https://www.danielstechblog.io/implement-rate-limiting-with-istio-on-azure-kubernetes-service/ In today’s post I walk you through on how to monitor the ratelimit service with Azure Monitor for containers. Not the standard monitoring of the container itself. We focus…
-
Implement rate limiting with Istio on Azure Kubernetes Service
In my last blog post I walked you through the setup of the rate limiting reference implementation: The Envoy Proxy ratelimit service. -> https://www.danielstechblog.io/run-the-envoy-proxy-ratelimit-service-for-istio-on-aks-with-azure-cache-for-redis/ Our today’s topic is about connecting the Istio ingress gateway to the ratelimit service. The first step for us is the Istio documentation. -> https://istio.io/latest/docs/tasks/policy-enforcement/rate-limit/ Connect Istio with the ratelimit service…
-
Detecting SNAT port exhaustion on Azure Kubernetes Service
Running applications on an Azure Kubernetes Service cluster which make a lot of outbound calls might led to a SNAT port exhaustion. In today’s blog article I walk you through how to detect and mitigate a SNAT port exhaustion on AKS. What is a SNAT port exhaustion? It is important to know what a SNAT…