Thoughts from the clouds
Azure Application Service has a feature often referred as “Easy Auth” (see Authentication and authorization in Azure App Service and Azure Functions), which essentially consists of enabling user authentication for an application that does not support it. Many users love this feature, since it allows enjoying enterprise-grade authentication without writing a single line of code, … Continue reading Easy Auth on AKS with Ambassador
Hey there, welcome to yet another instance of the wonderful networking world of Kubernetes. Today I will explore some new cool stuff that recently came to Azure Kubernetes Service (AKS), plus one thing I did not have in previous blogs. First things first, this is a blog series, you can find previous installments here: Part … Continue reading A Day in the Life of a Packet in AKS (part 4): NSGs
This post is a continuation from Part 4: NSGs. Other posts in this series: Part 1: deep dive in AKS with Azure CNI in your own vnet Part 2: deep dive in AKS with kubenet in your own vnet, and ingress controllers Part 3: outbound connectivity from AKS pods Part 4: NSGs with Azure CNI … Continue reading A Day in the Life of a Packet in AKS (part 5): Virtual Node
This post is a continuation from Part 5: Virtual Node. Other posts in this series: Part 1: deep dive in AKS with Azure CNI in your own vnet Part 2: deep dive in AKS with kubenet in your own vnet, and ingress controllers Part 3: outbound connectivity from AKS pods Part 4: NSGs with Azure … Continue reading A Day in the Life of a Packet in AKS (part 6): Network Policy
Thanks for the good feedback on this blog series! Here another set of questions I have been receiving lately: how does outbound connectivity look like for AKS pods? To answer that, we will look at how that works on both the Azure CNI and kubenet AKS clusters, deployed in one virtual network. After deploying your … Continue reading A Day in the Life of a Packet in AKS (part 3): Outbound Connectivity
Hey again, to complete the previous post on the Azure CNI, here it goes using kubenet instead. To make it a bit more interesting we are going to explore a bunch of additional stuff: Deploying AKS with kubenet in your own vnet (note that this is not well documented or supported by Microsoft at the … Continue reading A Day in the Life of a Packet in AKS (part 2): kubenet and ingress controller
I have been often troubleshooting networking inside of Azure Kubernetes Service (AKS) multiple times, so prompted by a colleague I decided to do a deep dive into the way packets are forwarded. Turned out I have learnt quite a lot! In this blog I will describe how to check every step of the way in … Continue reading A Day in the Life of a Packet in Azure Kubernetes Service (part 1): Azure CNI
After reading the title above, you might be wondering why the heck you would want to do such a thing. The reason in my particular case is to connect an Azure Stack installation to an Azure ExpressRoute circuit, since Azure Stack needs some kind of connectivity to Azure. Azure Stack uses internally BGP and /31 … Continue reading Setting up /31 interfaces and BGP on a CentOS machine
Cloudtrooper 