Thoughts from the clouds
Would you like a compliance report for Azure best practices on your Azure resources, like the following screenshot shows (in this case for Azure Kubernetes Service)? If so, keep reading! Where is this coming from? You might have read some previous posts where I describe the work that the FastTrack for Azure team (where I … Continue reading Are you following Azure best practices? Sure?
If you are reading my blog you probably know what Virtual WAN and Azure Kubernetes Service are. You probably know as well that you can configure AKS so that egress traffic is sent through an Azure Firewall by using Azure routing as described in the article Control Egress Traffic in AKS. That article explains how … Continue reading Filtering AKS egress traffic with Virtual WAN
I finally decided to carve out an afternoon to test workload identity on AKS. I had done some preliminary reading, and my conclusion was that there had to be some voodoo magic and quantum entanglement at play there to make it work, so I braced myself for failure. The goal of the exercise was clear: … Continue reading Workload identity on AKS with Python: boring
I often need to learn how certain platforms work, and to achieve that there is no better way than deploying a sample workload and run some tests with it: for example for the “A day in the life of a packet on AKS” series that I wrote some years ago when AKS was something new … Continue reading Yet Another Demo App
Do you use AKS private clusters? Do you hate jump hosts? If the answer to both questions is “yes”, this blog post might be interesting for you. Let’s set things straight: it is not that I “hate” jump hosts, it is more that I “love” the way I have setup my PC’s environment: I like … Continue reading Accessing AKS private clusters with Azure Bastion and VS Code
Azure Files is a very convenient storage option when you need persistent state in Azure Kubernetes Service or Azure Red Hat OpenShift. It is cheap, it doesn’t count against the maximum number of disks that can be attached to each worker node, and it supports many pods mounting the same share at the same time. … Continue reading Mounting Azure Files shares from OpenShift
Some time ago I wrote this post about different storage options in Azure Red Hat OpenShift. One of the options discussed was using Azure NetApp Files for persistent storage of your pods. As discussed in that post, Azure NetApp Files has some advantages: ReadWriteMany support Does not count against the limit of Azure Disks per … Continue reading Using Trident to Automate Azure NetApp Files from OpenShift
Hey there! I receive pretty frequently questions around what storaget to use in Azure Red Hat Openshift (ARO), hence I decided to write this post. Using storage in Kubernetes in general and Openshift in particular has many nuances. I/O bottlenecks can quickly become an issue impacting the cluster integrity, the application performance, or both. This … Continue reading Azure Red Hat Openshift Storage Concepts
There are many nuances when choosing a node size in Azure Kubernetes Services, and not all of them are obvious. I decided to write a short post to discuss the most important ones. At the end of the day, this is going to be a trade-off: some factors are going to drive you towards larger … Continue reading Which VM size should I choose as AKS node?
Azure Application Service has a feature often referred as “Easy Auth” (see Authentication and authorization in Azure App Service and Azure Functions), which essentially consists of enabling user authentication for an application that does not support it. Many users love this feature, since it allows enjoying enterprise-grade authentication without writing a single line of code, … Continue reading Easy Auth on AKS with Ambassador
Cloudtrooper 