Tag Archives: PaaS

Learnings from the field – Running Fluent Bit on Azure Kubernetes Service – Part 1

This is the first part of a three-part series about “Learnings from the field – Running Fluent Bit on Azure Kubernetes Service”. Logging is one of the central aspects when operating Kubernetes. The easiest way to get started with it is by using the solution your cloud provider provides. On Azure, this is Azure Monitor Container Insights that can also be used on Google Kubernetes Engine and Read more [...]

Azure Kubernetes Service – Using Kubernetes credential plugin kubelogin with Terraform

In today’s blog post we have a look at the Kubernetes credential plugin kubelogin for Azure Kubernetes Service and how to use it with Terraform. -> https://github.com/Azure/kubelogin -> https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins The Azure Kubernetes Service cluster I am using for demonstration is an AKS-managed Azure Active Directory Read more [...]

Azure Kubernetes Service news from KubeCon North America 2022

Last week the KubeCon / CloudNativeCon North America took place in Detroit with a lot of news regarding Azure Kubernetes Service. Let us now walk through what has been announced for AKS. Microsoft further enhances the different CNI options that are available for Azure Kubernetes Service. Besides the standard of Azure CNI with Azure Network Policy Manager or Calico for Kubernetes network policies, Read more [...]

Migrate an Azure storage account from LRS to ZRS replication without downtime

This is a rather short blog post about a hidden gem in the Azure documentation. You have two options today migrating an existing Azure storage account from the LRS (locally redundant storage) to ZRS (zone-redundant storage) replication option. A manual migration or live migration. Choosing the manual migration option requires a new target storage account with ZRS and might imply an application Read more [...]

How to change the node size of the default node pool in AKS without downtime?

Currently, as of writing this blog post, Azure Kubernetes Service does not support changing the node size of the default node pool or additional node pools without recreating the whole AKS cluster or the additional node pool. Having all the configuration in infrastructure as code whether it is Bicep or Terraform seems to be a dead end for this simple operation. If we change the node size in our Read more [...]

Preventing SNAT port exhaustion on Azure Kubernetes Service with Virtual Network NAT

Last year I have written a blog post about detecting SNAT port exhaustion on Azure Kubernetes Service. -> https://www.danielstechblog.io/detecting-snat-port-exhaustion-on-azure-kubernetes-service/ Today we dive into the topic of how to prevent SNAT port exhaustion on Azure Kubernetes Service with Virtual Network NAT. Since this year the managed NAT gateway option for Azure Kubernetes Service Read more [...]

Using Rancher Desktop as Docker Desktop replacement on macOS

Last year I wrote a blog post about running Podman on macOS with Multipass as a Docker Desktop replacement. -> https://www.danielstechblog.io/running-podman-on-macos-with-multipass/ Back at that time I had looked also into Podman Machine and Rancher Desktop. Podman Machine was out very quickly without support for host volume mounts. Rancher Desktop instead was promising but the host volume Read more [...]

Remove dangling multi-arch container manifests from Azure Container Registry

Last year I wrote a blog post about removing dangling container manifests from ACR. -> https://www.danielstechblog.io/remove-dangling-container-manifests-from-azure-container-registry/ I did not cover an edge case when it comes to multi-arch container manifests. So, here we are, and I walk you through that topic today. First, do not be afraid the PowerShell script from last year works perfectly Read more [...]

Using Conftest for Azure Policy for Kubernetes

Conftest is a tool that lets you write tests against structure data like Kubernetes templates. -> https://www.conftest.dev/ So, why should you use Conftest when you already established your policies with Azure Policy for Kubernetes? As Azure Policy for Kubernetes uses Gatekeeper the OPA implementation for Kubernetes under the hood it uses Gatekeeper constraint templates written in Rego. Read more [...]

Mitigating slow container image pulls on Azure Kubernetes Service

It might happen that you experience slow container image pulls on your Azure Kubernetes Service nodes. First thought might be the Azure Container Registry is the root cause. Even when using the ACR without the geo-replication option enabled, image pulls from an ACR in Europe to AKS nodes running in Australia are fast. Therefore, it can be the ACR especially when you do not use the Premium SKU as the Read more [...]