Daniel's Tech Blog

Cloud Computing, Cloud Native & Kubernetes

Tag: Cloud

  • Preventing SNAT port exhaustion on Azure Kubernetes Service with Virtual Network NAT

    Last year I have written a blog post about detecting SNAT port exhaustion on Azure Kubernetes Service. -> https://www.danielstechblog.io/detecting-snat-port-exhaustion-on-azure-kubernetes-service/ Today we dive into the topic of how to prevent SNAT port exhaustion on Azure Kubernetes Service with Virtual Network NAT. Since this year the managed NAT gateway option for Azure Kubernetes Service is generally available…

  • Kubernetes CPU requests demystified

    Two weeks back I participated in an incredibly good and vivid discussion on Twitter about Kubernetes CPU requests and limits. During the discussion I learned a lot and were proven that my knowledge and statement are not correct. I had made the following statement: “CPU requests are used for scheduling but are not guaranteed at…

  • Using Rancher Desktop as Docker Desktop replacement on macOS

    Last year I wrote a blog post about running Podman on macOS with Multipass as a Docker Desktop replacement. -> https://www.danielstechblog.io/running-podman-on-macos-with-multipass/ Back at that time I had looked also into Podman Machine and Rancher Desktop. Podman Machine was out very quickly without support for host volume mounts. Rancher Desktop instead was promising but the host…

  • Remove dangling multi-arch container manifests from Azure Container Registry

    Last year I wrote a blog post about removing dangling container manifests from ACR. -> https://www.danielstechblog.io/remove-dangling-container-manifests-from-azure-container-registry/ I did not cover an edge case when it comes to multi-arch container manifests. So, here we are, and I walk you through that topic today. First, do not be afraid the PowerShell script from last year works perfectly…

  • Running gVisor on Azure Kubernetes Service for sandboxing containers

    gVisor is one option beside Kata Containers or Firecracker for sandboxing containers to minimize the risk when running untrusted workloads on Kubernetes. -> https://gvisor.dev/ Currently, the only managed Kubernetes service which supports gVisor in dedicated node pools per default is Google Kubernetes Engine. But with a bit of an effort this is doable as well…

  • Using Conftest for Azure Policy for Kubernetes

    Conftest is a tool that lets you write tests against structure data like Kubernetes templates. -> https://www.conftest.dev/ So, why should you use Conftest when you already established your policies with Azure Policy for Kubernetes? As Azure Policy for Kubernetes uses Gatekeeper the OPA implementation for Kubernetes under the hood it uses Gatekeeper constraint templates written…

WordPress Cookie Notice by Real Cookie Banner