Tag: aks

Application Gateway for Containers: Web Application Firewall support (5)

by erjosito

This post will explore the new support in Azure Application Gateway for Containers (AGC) for Web Application Firewall (WAF) as documented in https://aka.ms/agc/waf. This blog is part of a series: Before we start, kudos need to go to the great Christof Claessens, author of this extremely useful Azure Monitor Workbook to triage WAF logs. Is WAF a big … Continue reading Application Gateway for Containers: Web Application Firewall support (5)

Application Gateway for Containers: a not-so-gentle intro (3)

by erjosito

This post will take you one step further from the hello-world configuration that I described in the first post by adding TLS end-to-end, a scenario described in the public docs here. This blog is part of a series: TL;DR If you don’t have much time the diagram below, which is an extended version of the … Continue reading Application Gateway for Containers: a not-so-gentle intro (3)

Application Gateway for Containers: a not-so-gentle intro (1)

by erjosito

I haven’t had a look at the Azure Application Gateway for Containers for a while now, and after I was recently asked about it I decided to go for another dive. I believe I found a couple of interesting things that would be worthy to share, so here we go. This blog post is part … Continue reading Application Gateway for Containers: a not-so-gentle intro (1)

Cilium Network Policy in AKS

by erjosito

If you are following the Azure Kubernetes Service space, I am sure you noticed that Azure CNI powered by Cilium is Generally Available. But is this a big thing? What does it mean for you? Well, yes, it is big indeed. It is like changing the wheels of your car to new ones: Cilium is … Continue reading Cilium Network Policy in AKS

Are you following Azure best practices? Sure?

by erjosito

Would you like a compliance report for Azure best practices on your Azure resources, like the following screenshot shows (in this case for Azure Kubernetes Service)? If so, keep reading! Where is this coming from? You might have read some previous posts where I describe the work that the FastTrack for Azure team (where I … Continue reading Are you following Azure best practices? Sure?

Filtering AKS egress traffic with Virtual WAN

by erjosito

If you are reading my blog you probably know what Virtual WAN and Azure Kubernetes Service are. You probably know as well that you can configure AKS so that egress traffic is sent through an Azure Firewall by using Azure routing as described in the article Control Egress Traffic in AKS. That article explains how … Continue reading Filtering AKS egress traffic with Virtual WAN

Workload identity on AKS with Python: boring

by erjosito

I finally decided to carve out an afternoon to test workload identity on AKS. I had done some preliminary reading, and my conclusion was that there had to be some voodoo magic and quantum entanglement at play there to make it work, so I braced myself for failure. The goal of the exercise was clear: … Continue reading Workload identity on AKS with Python: boring

Accessing AKS private clusters with Azure Bastion and VS Code

by erjosito

Do you use AKS private clusters? Do you hate jump hosts? If the answer to both questions is “yes”, this blog post might be interesting for you. Let’s set things straight: it is not that I “hate” jump hosts, it is more that I “love” the way I have setup my PC’s environment: I like … Continue reading Accessing AKS private clusters with Azure Bastion and VS Code

Which VM size should I choose as AKS node?

by erjosito

There are many nuances when choosing a node size in Azure Kubernetes Services, and not all of them are obvious. I decided to write a short post to discuss the most important ones. At the end of the day, this is going to be a trade-off: some factors are going to drive you towards larger … Continue reading Which VM size should I choose as AKS node?

Azure Machine Learning inferencing on AKS under the covers

by erjosito

You probably know that you can use Azure Machine Learning Services to support you along the complete life cycle of your Machine Learning development, from training to deployment. And you probably know as well that for production-grade deployments one of the best platforms to run your inferencing is Kubernetes. From the Azure Machine Learning portal … Continue reading Azure Machine Learning inferencing on AKS under the covers