Tag Archives: PaaS

Run the Envoy Proxy ratelimit service for Istio on AKS with Azure Cache for Redis

The Istio sidecar proxy uses Envoy and therefore supports two different rate limiting modes. A local one targeting only a single service and a global one targeting the entire service mesh. The local rate limit implementation only requires Envoy itself without the need for a rate limit service. In contrast the global rate limit implementation requires a rate limit service as its backend. Looking Read more [...]

Increase your application availability with pod anti-affinity settings in Azure Kubernetes Service

This is the second blog post of a series of posts covering the topic about increasing the application availability on Azure Kubernetes Services / Kubernetes. Today we cover the pod anti-affinity setting. What is the pod anti-affinity? In the first post of the series, I talked about the PodDisruptionBudget. The PDB guarantees that a certain amount of your application pods is available. Defining Read more [...]

Azure Kubernetes Service – Azure RBAC for Kubernetes authorization

At this year’s Ignite conference Microsoft announced the next major step of integrating Azure functionality into AKS: Azure RBAC for Kubernetes authorization. -> https://docs.microsoft.com/en-us/azure/aks/manage-azure-rbac Azure RBAC for Kubernetes authorization lets you assign built-in or custom roles onto the Azure Kubernetes Service object in Azure. So, you do not have to create Kubernetes Read more [...]

Increase your application availability with a PodDisruptionBudget on Azure Kubernetes Service

This is the first blog post of a series of posts covering the topic about increasing the application availability on Azure Kubernetes Service / Kubernetes. Today we cover the PodDisruptionBudget. What is a PodDisruptionBudget? A PDB is an additional Kubernetes object that is deployed beside your Deployment, ReplicaSet or StatefulSet increasing your application’s availability. This is done by Read more [...]

Azure Reservations and the RBAC dilemma

Cloud computing underlies a constant change. Things you take today for granted are different tomorrow. Surprisingly, even designs and implementations on the same platform can be different. Welcome to today’s topic of Azure Reservations and the RBAC dilemma. As I have written in my brief introduction, designs and implementations can be different. Azure RBAC is one example here. Being the owner Read more [...]

Troubleshooting Azure Kubernetes Service tunnel component issues

In Azure Kubernetes Service Microsoft manages the AKS control plane (Kubernetes API server, scheduler, etcd, etc.) for you. The AKS control plane interacts with the AKS nodes in your subscription via a secure connection that is established through the tunnelfront / aks-link component. -> https://docs.microsoft.com/en-us/azure/aks/concepts-clusters-workloads#kubernetes-cluster-architecture As Read more [...]

Automate taking backups from Azure disks attached to Azure Kubernetes Service

At the beginning of 2019 I wrote a blog post about taking backups from Azure disks attached to an Azure Kubernetes Service cluster. -> https://www.danielstechblog.io/taking-backups-from-azure-disks-attached-to-aks-via-azure-automation/ Since then, some things changed. Azure Function PowerShell support went into public preview in April 2019 and the AzTable (AzureRmStorageTable) module I use Read more [...]

Azure Policy for Azure Kubernetes Service

In June I already covered Azure Policy for Kubernetes in a blog post. -> https://www.danielstechblog.io/using-azure-policy-for-kubernetes/ Back then Azure Policy for AKS was in public preview. At this year’s Microsoft Ignite Azure Policy for AKS went GA. -> https://azure.microsoft.com/en-us/updates/ga-policy-addon-for-azure-kubernetes-service/ There have been some significant changes Read more [...]

Azure Kubernetes Service – Microsoft Ignite announcements

At this year’s first digital Microsoft Ignite conference Microsoft announced several GA and preview features for its Azure Kubernetes Service. GA: Azure Policy add-on for AKS GA: Ubuntu 18.04 as new base image GA: Mutate default storage class Preview: Azure RBAC for Kubernetes authorization Preview: AKS cluster start/stop feature Preview: Kubernetes 1.19 support Preview: New Read more [...]

Trigger an on-demand Azure Policy compliance evaluation scan

Azure Policy evaluates resource compliance automatically every 24 hours for already assigned policies or initiatives. New policy or initiative assignments start the evaluation after the assignment has been applied to the defined scope which might take up to 30 minutes. What might be a hidden gem to some of you is the case that you can trigger an on-demand compliance evaluation scan whenever Read more [...]