Tag: kubernetes

Application Gateway for Containers: Web Application Firewall support (5)

by erjosito

This post will explore the new support in Azure Application Gateway for Containers (AGC) for Web Application Firewall (WAF) as documented in https://aka.ms/agc/waf. This blog is part of a series: Before we start, kudos need to go to the great Christof Claessens, author of this extremely useful Azure Monitor Workbook to triage WAF logs. Is WAF a big … Continue reading Application Gateway for Containers: Web Application Firewall support (5)

Application Gateway for Containers: a not-so-gentle intro (4)

by erjosito

This post will explore the new support in Azure Application Gateway for Containers (AGC) for the overlay network option in Azure Kubernetes Service (AKS) as documented in https://aka.ms/agc/overlay, as well as whether you can see traffic between AGC and AKS with VNet Flow Logs. This blog is part of a series: What am I talking … Continue reading Application Gateway for Containers: a not-so-gentle intro (4)

Azure Fleet load balancing: not what you think

by erjosito

Azure Kubernetes Fleet Manager is a very interesting solution that allows you to deploy code to multiple clusters at the same time. I am not going to stir up the debate here of whether this approach is better or worse than GitOps or CD pipeline parametrization, but instead I am going to look in detail … Continue reading Azure Fleet load balancing: not what you think

Application Gateway for Containers: a not-so-gentle intro (3)

by erjosito

This post will take you one step further from the hello-world configuration that I described in the first post by adding TLS end-to-end, a scenario described in the public docs here. This blog is part of a series: TL;DR If you don’t have much time the diagram below, which is an extended version of the … Continue reading Application Gateway for Containers: a not-so-gentle intro (3)

Application Gateway for Containers: a not-so-gentle intro (2)

by erjosito

Have you ever have the feeling that something that should be easy turns into a mine field when you start working on it? I seem to be a specialist in not reading the required documentation and making rookie mistakes. Fortunately, Application Gateway for Containers (AGC) offers enough troubleshooting tools so that I could identify and … Continue reading Application Gateway for Containers: a not-so-gentle intro (2)

Cilium Network Policy in AKS

by erjosito

If you are following the Azure Kubernetes Service space, I am sure you noticed that Azure CNI powered by Cilium is Generally Available. But is this a big thing? What does it mean for you? Well, yes, it is big indeed. It is like changing the wheels of your car to new ones: Cilium is … Continue reading Cilium Network Policy in AKS

Yet Another Demo App

by erjosito

I often need to learn how certain platforms work, and to achieve that there is no better way than deploying a sample workload and run some tests with it: for example for the “A day in the life of a packet on AKS” series that I wrote some years ago when AKS was something new … Continue reading Yet Another Demo App

Mounting Azure Files shares from OpenShift

by erjosito

Azure Files is a very convenient storage option when you need persistent state in Azure Kubernetes Service or Azure Red Hat OpenShift. It is cheap, it doesn’t count against the maximum number of disks that can be attached to each worker node, and it supports many pods mounting the same share at the same time. … Continue reading Mounting Azure Files shares from OpenShift

Which VM size should I choose as AKS node?

by erjosito

There are many nuances when choosing a node size in Azure Kubernetes Services, and not all of them are obvious. I decided to write a short post to discuss the most important ones. At the end of the day, this is going to be a trade-off: some factors are going to drive you towards larger … Continue reading Which VM size should I choose as AKS node?

Easy Auth on AKS with Ambassador

by erjosito

Azure Application Service has a feature often referred as “Easy Auth” (see Authentication and authorization in Azure App Service and Azure Functions), which essentially consists of enabling user authentication for an application that does not support it. Many users love this feature, since it allows enjoying enterprise-grade authentication without writing a single line of code, … Continue reading Easy Auth on AKS with Ambassador