Tag: Networking
-
Install a high available Istio control plane on Azure Kubernetes Service
Lately I worked intensively with Istio and focused especially on the topic high availability of the Istio control plane. When you install Istio with the default profile, as mentioned in the Istio documentation, you get a non-high available control plane. istioctl manifest apply \ –set values.global.mtls.enabled=true \ –set values.global.controlPlaneSecurityEnabled=true Per default Istio gets installed with…
-
Secure Kubernetes API server access in Azure Kubernetes Service
Running Kubernetes at a cloud provider especially managed Kubernetes like AKS or GKE provides you with a solid foundation and applied security best practices for the managed master control plane. But there is one downside, the public accessible API endpoint to control the Kubernetes cluster. Even the API endpoint is only exposed via HTTPS and…
-
Configuration options for CoreDNS in Azure Kubernetes Service
In my last blog post I have shown you the configuration of custom upstream nameservers for CoreDNS in AKS. -> https://www.danielstechblog.io/setting-custom-upstream-nameservers-for-coredns-in-azure-kubernetes-service/ But there are more configuration options available to customize your CoreDNS experience. We will focus at some of them today. First, let us have a look at the two options in the custom-coredns ConfigMap.…
-
Setting custom upstream nameservers for CoreDNS in Azure Kubernetes Service
Last year I have written a blog post about configuring kube-dns in Azure Kubernetes Service to provide a custom nameserver for DNS name resolution. -> https://www.danielstechblog.io/using-custom-dns-server-for-domain-specific-name-resolution-with-azure-kubernetes-service/ Since then Kubernetes switched to CoreDNS and AKS as well. Today I am not talking about the topic in my previous blog post, that will follow the next days,…
-
Running Linkerd on Azure Kubernetes Service
Certainly, you have heard the term service mesh in the context of Kubernetes. Istio is one of the service mesh implementations that you might have heard of mostly. Beside Istio, Linkerd is the other popular service mesh implementation for Kubernetes. In this blog post I talk about the installation of Linkerd and running it on…
-
Configure Azure Traffic Manager endpoint monitoring for container applications behind an ingress controller on AKS
Running an ingress controller on Azure Kubernetes Service requires configuration of the Azure Traffic Manager endpoint monitoring options when Traffic Manager is used in front of it. In this blog post I will show you an example configuration of the Traffic Manager endpoint monitoring for a container application behind the Ambassador API gateway running on…