Tag Archives: Networking

Install a high available Istio control plane on Azure Kubernetes Service

Lately I worked intensively with Istio and focused especially on the topic high availability of the Istio control plane. When you install Istio with the default profile, as mentioned in the Istio documentation, you get a non-high available control plane. istioctl manifest apply \ --set values.global.mtls.enabled=true \ --set values.global.controlPlaneSecurityEnabled=true Per default Istio gets Read more [...]

Secure Kubernetes API server access in Azure Kubernetes Service

Running Kubernetes at a cloud provider especially managed Kubernetes like AKS or GKE provides you with a solid foundation and applied security best practices for the managed master control plane. But there is one downside, the public accessible API endpoint to control the Kubernetes cluster. Even the API endpoint is only exposed via HTTPS and access is secured via the Azure Active Directory integration Read more [...]

Configuration options for CoreDNS in Azure Kubernetes Service

In my last blog post I have shown you the configuration of custom upstream nameservers for CoreDNS in AKS. -> https://www.danielstechblog.io/setting-custom-upstream-nameservers-for-coredns-in-azure-kubernetes-service/ But there are more configuration options available to customize your CoreDNS experience. We will focus at some of them today. First, let us have a look at the two options Read more [...]

Setting custom upstream nameservers for CoreDNS in Azure Kubernetes Service

Last year I have written a blog post about configuring kube-dns in Azure Kubernetes Service to provide a custom nameserver for DNS name resolution. -> https://www.danielstechblog.io/using-custom-dns-server-for-domain-specific-name-resolution-with-azure-kubernetes-service/ Since then Kubernetes switched to CoreDNS and AKS as well. Today I am not talking about the topic in my previous blog post, Read more [...]

Running Linkerd on Azure Kubernetes Service

Certainly, you have heard the term service mesh in the context of Kubernetes. Istio is one of the service mesh implementations that you might have heard of mostly. Beside Istio, Linkerd is the other popular service mesh implementation for Kubernetes. In this blog post I talk about the installation of Linkerd and running it on Azure Kubernetes Service. The easiest part to get started with Linkerd Read more [...]

Configure Azure Traffic Manager endpoint monitoring for container applications behind an ingress controller on AKS

Running an ingress controller on Azure Kubernetes Service requires configuration of the Azure Traffic Manager endpoint monitoring options when Traffic Manager is used in front of it. In this blog post I will show you an example configuration of the Traffic Manager endpoint monitoring for a container application behind the Ambassador API gateway running on AKS. First, here is the Kubernetes service Read more [...]

Azure Load Balancer behavior when externalTrafficPolicy is set to Local in the Kubernetes service object

In one of my last blog posts I talked about running the Ambassador Kubernetes-native microservices API gateway on Azure Kubernetes Service. Specially to define and set the configuration option externalTrafficPolicy to Local on the Ambassador Kubernetes service object. -> https://www.danielstechblog.io/running-ambassador-api-gateway-on-azure-kubernetes-service/ But have you ever asked yourself Read more [...]

Publishing Azure Functions on AKS through the Ambassador API gateway

In my last blog post I introduced you to the Ambassador Kubernetes-native microservices API gateway as an ingress controller running on Azure Kubernetes Service. -> https://www.danielstechblog.io/running-ambassador-api-gateway-on-azure-kubernetes-service/ Today I would like to show you how to publish an Azure Function running on Kubernetes through the Ambassador API gateway. It is nothing Read more [...]

Running Ambassador API gateway on Azure Kubernetes Service

Lately I was playing around with the Ambassador Kubernetes-native microservices API gateway as an ingress controller on Azure Kubernetes Service. -> https://www.getambassador.io/ Ambassador is based on the popular L7 proxy Envoy by Lyft. Beside the API gateway capabilities, you can use Ambassador just as an ingress controller for publishing your container applications to the outside world. -> Read more [...]

Kubernetes network policies on Azure Kubernetes Service with Azure NPM

Microsoft provides an own network policy module to implement Kubernetes network policies with the Azure CNI plugin for acs-engine and AKS called Azure NPM. -> https://github.com/Azure/azure-container-networking/tree/master/npm The Azure NPM is available since quite some time for acs-engine and natively integrated, but not yet for AKS. If you want to use Azure NPM on Azure Kubernetes Service, Read more [...]