In the past, I have written two blog posts about how to run untrusted workloads on Azure Kubernetes Service. -> https://www.danielstechblog.io/running-gvisor-on-azure-kubernetes-service-for-sandboxing-containers/ -> https://www.danielstechblog.io/using-kata-containers-on-azure-kubernetes-service-for-sandboxing-containers/ Today, I walk you through how you gather log data of an untrusted workload isolated by Kata Containers with Fluent Bit. When you hear isolated, it always comes to mind that only one pattern works to gather log data: the sidecar pattern. Fluent Bit would run as a sidecar ..read more

In May this year, Microsoft announced the general availability of the Azure Linux support in Azure Kubernetes Service. -> https://azure.microsoft.com/en-us/updates/generally-available-azure-linux-support-in-aks/?WT.mc_id=AZ-MVP-5000119 -> https://techcommunity.microsoft.com/t5/linux-and-open-source-blog/introducing-the-azure-linux-container-host-for-aks/ba-p/3824101?WT.mc_id=AZ-MVP-5000119 Azure Linux is Microsoft’s Linux distribution of CBL-Mariner. -> https://github.com/microsoft/CBL-Mariner You can choose now between using Ubuntu or Azure Linux as the host operating system for your ..read more

A few weeks back, I passed the Certified Kubernetes Administrator exam, a long-term item on my to-do list, and eventually accomplished it. -> https://www.cncf.io/certification/cka/ -> https://training.linuxfoundation.org/certification/certified-kubernetes-administrator-cka/ I have been working with Kubernetes for nearly seven years now. Mostly with managed Kubernetes on Azure, Azure Kubernetes Service (AKS). Besides Azure Kubernetes Service, I am using KinD, Kubernetes in Docker, or Kubernetes on Docker Desktop daily for testing. I also played around with kubeadm, k3s, and Rancher Kubern ..read more

I have been using Azure Load Testing for my Azure Chaos Studio demos for a while now. The service provides an on-demand infrastructure to run your load tests as a managed service. Recently, the service received some significant updates I like to share with you. The first update targets the test duration. Previously limited to three hours max, you can now request an increase to 24 hours. That opens up some new testing scenarios. -> https://azure.microsoft.com/en-us/updates/azure-load-testing-run-tests-for-up-to-24-hours/?wt.mc_id=AZ-MVP-5000119 The second update also increases a previous lim ..read more

Azure resource locks are an essential building block protecting Azure resources from accidental deletion or modifications. In today’s blog post, I show you how to use Azure resource locks to protect your Azure resources and how to not block your Terraform infrastructure as code processes. Common setup and the Terraform issue Resources in Azure inherit the resource lock from their parent resource. Therefore, in most setups, a resource lock is created either on the resource group or the resource itself. In such a setup, you cannot leverage Terraform to its fullest, as delete operations are block ..read more

Last month the KubeCon + CloudNativeCon Europe took place in Amsterdam with a lot of news regarding Azure Kubernetes Service. Let us now walk through some of the highlights that have been announced for Azure Kubernetes Service. A lot of networking news has been made at KubeCon Europe. Starting with the general availability of the Azure CNI Overlay feature that addresses the IP address exhaustion issue that is present with the traditional Azure CNI plugin. -> https://azure.microsoft.com/en-us/updates/azurecnioverlay?WT.mc_id=AZ-MVP-5000119 -> https://learn.microsoft.com/en-us/azure/aks/az ..read more

Last year I wrote a blog post about running gVisor on Azure Kubernetes for sandboxing containers. -> https://www.danielstechblog.io/running-gvisor-on-azure-kubernetes-service-for-sandboxing-containers/ Back then, the only managed Kubernetes service that supported sandboxing containers in dedicated node pools was Google Kubernetes Engine via gVisor. A few weeks back, Microsoft announced the public preview of Kata Containers for Azure Kubernetes Service. -> https://techcommunity.microsoft.com/t5/apps-on-azure-blog/preview-support-for-kata-vm-isolated-containers-on-aks-for-pod/ba-p/3751557 ..read more

This is the second part of a three-part series about “Learnings from the field – Running Fluent Bit on Azure Kubernetes Service”. -> https://www.danielstechblog.io/learnings-from-the-field-running-fluent-bit-on-azure-kubernetes-service-part-1/ -> https://www.danielstechblog.io/learnings-from-the-field-running-fluent-bit-on-azure-kubernetes-service-part-2/ Logging is one of the central aspects when operating Kubernetes. The easiest way to get started with it is by using the solution your cloud provider provides. On Azure, this is Azure Monitor Container Insights that can also be used ..read more

This is the second part of a three-part series about “Learnings from the field – Running Fluent Bit on Azure Kubernetes Service”. -> https://www.danielstechblog.io/learnings-from-the-field-running-fluent-bit-on-azure-kubernetes-service-part-1/ Logging is one of the central aspects when operating Kubernetes. The easiest way to get started with it is by using the solution your cloud provider provides. On Azure, this is Azure Monitor Container Insights that can also be used on Google Kubernetes Engine and Amazon Elastic Kubernetes Service via Azure Arc. When you look for a platform-agnostic ap ..read more

Last week the KubeCon / CloudNativeCon North America took place in Detroit with a lot of news regarding Azure Kubernetes Service. Let us now walk through what has been announced for AKS. Microsoft further enhances the different CNI options that are available for Azure Kubernetes Service. Besides the standard of Azure CNI with Azure Network Policy Manager or Calico for Kubernetes network policies, the bring your own CNI option was introduced recently. At KubeCon North America Microsoft announced the preview of Azure CNI powered by Cilium as the next choice you have at your hand. -> https://a ..read more