In my previous blog post, I showed you how to check for specific feature gates on an Azure Kubernetes Service cluster. -> https://www.danielstechblog.io/show-enabled-feature-gates-on-an-azure-kubernetes-service-cluster/ Especially for the SidecarContainers feature gate, which is enabled on Azure Kubernetes Service running Kubernetes version 1.29 or higher. The SidecarContainers feature gate brings support for running sidecar containers as init containers. For instance, a service mesh proxy container now starts before the main container and solves a couple of issues with ..read more

The Azure Kubernetes Fleet Manager comes with two different configuration options with and without a hub cluster configuration. In today’s blog post, we focus on the Azure Kubernetes Fleet Manager without a hub cluster configuration. This configuration option only provides the Azure Kubernetes Service update management, and this is our focus for today, Before we dive into the topic, let us step back and answer the question of why we need the Azure Kubernetes Fleet Manager in times of infrastructure as code. Why we need the Azure Kubernetes Fleet Manager? Imagine you use Terraform for your infr ..read more

Microsoft Defender for Cloud supports the continuous export of a variety of data to Azure Event Hubs and Azure Log Analytics workspaces. When you use Azure Event Hubs, you can stream those data also to 3rd-party solutions or Azure Data Explorer. The continuous export is handy for security alerts to maintain them for a longer period than the default 90 days. Using the Azure portal to configure the continuous export functionality is straightforward, but it gets cumbersome when configuring it for multiple subscriptions. Infrastructure as code Here comes infrastructure as code into play to automa ..read more

The Azure PostgreSQL Flexible Server was from its launch the better option than the Single Server, especially from a performance perspective. However, the Flexible Server was missing important features that were built-in in the Single Server from the beginning. Since the retirement announcement of the Single Server, it was time for Microsoft to bring the Flexible Server feature set on par. -> https://azure.microsoft.com/en-us/updates/azure-database-for-postgresql-single-server-will-be-retired-migrate-to-flexible-server-by-28-march-2025?WT.mc_id=AZ-MVP-5000119 -> https://techcommunity.mic ..read more

The gateway definition for the Istio ingress gateway provides a configuration parameter to enable the HTTPS redirect of HTTP connections. -> https://istio.io/latest/docs/reference/config/networking/gateway/#ServerTLSSettings apiVersion: networking.istio.io/v1beta1 kind: Gateway metadata: name: azst-aks-gateway namespace: istio-config spec: selector: istio: ingressgateway # use Istio default gateway implementation servers: - hosts: - "*.danielstechblog.de" port: number: 80 name: http protocol: HTTP tls: httpsRedirect: true - hosts ..read more

In the past, I have written two blog posts about how to run untrusted workloads on Azure Kubernetes Service. -> https://www.danielstechblog.io/running-gvisor-on-azure-kubernetes-service-for-sandboxing-containers/ -> https://www.danielstechblog.io/using-kata-containers-on-azure-kubernetes-service-for-sandboxing-containers/ Today, I walk you through how you gather log data of an untrusted workload isolated by Kata Containers with Fluent Bit. When you hear isolated, it always comes to mind that only one pattern works to gather log data: the sidecar pattern. Fluent Bit would run as a sidecar ..read more

In May this year, Microsoft announced the general availability of the Azure Linux support in Azure Kubernetes Service. -> https://azure.microsoft.com/en-us/updates/generally-available-azure-linux-support-in-aks/?WT.mc_id=AZ-MVP-5000119 -> https://techcommunity.microsoft.com/t5/linux-and-open-source-blog/introducing-the-azure-linux-container-host-for-aks/ba-p/3824101?WT.mc_id=AZ-MVP-5000119 Azure Linux is Microsoft’s Linux distribution of CBL-Mariner. -> https://github.com/microsoft/CBL-Mariner You can choose now between using Ubuntu or Azure Linux as the host operating system for your ..read more

A few weeks back, I passed the Certified Kubernetes Administrator exam, a long-term item on my to-do list, and eventually accomplished it. -> https://www.cncf.io/certification/cka/ -> https://training.linuxfoundation.org/certification/certified-kubernetes-administrator-cka/ I have been working with Kubernetes for nearly seven years now. Mostly with managed Kubernetes on Azure, Azure Kubernetes Service (AKS). Besides Azure Kubernetes Service, I am using KinD, Kubernetes in Docker, or Kubernetes on Docker Desktop daily for testing. I also played around with kubeadm, k3s, and Rancher Kubern ..read more

I have been using Azure Load Testing for my Azure Chaos Studio demos for a while now. The service provides an on-demand infrastructure to run your load tests as a managed service. Recently, the service received some significant updates I like to share with you. The first update targets the test duration. Previously limited to three hours max, you can now request an increase to 24 hours. That opens up some new testing scenarios. -> https://azure.microsoft.com/en-us/updates/azure-load-testing-run-tests-for-up-to-24-hours/?wt.mc_id=AZ-MVP-5000119 The second update also increases a previous lim ..read more

Azure resource locks are an essential building block protecting Azure resources from accidental deletion or modifications. In today’s blog post, I show you how to use Azure resource locks to protect your Azure resources and how to not block your Terraform infrastructure as code processes. Common setup and the Terraform issue Resources in Azure inherit the resource lock from their parent resource. Therefore, in most setups, a resource lock is created either on the resource group or the resource itself. In such a setup, you cannot leverage Terraform to its fullest, as delete operations are block ..read more