Tag: Networking
-
Switching to Istio CNI plugin on Azure Kubernetes Service
You might question yourself, why the switch to the Istio CNI plugin might be useful? Istio uses, and other services meshes too, an init container to adjust the iptables rules for redirecting network traffic to/from the sidecar proxy container. The init container uses NET_ADMIN and NET_RAW capabilities to do the iptables changes and thus has…
-
High available control plane with Istio 1.5 on Azure Kubernetes Service
Back in January I have written a blog post about installing the Istio control plane on AKS in HA mode. -> https://www.danielstechblog.io/install-a-high-available-istio-control-plane-on-azure-kubernetes-service/ Since the release of Istio 1.5 this month the overall architecture of the Istio control plane has changed. -> https://istio.io/news/releases/1.5.x/announcing-1.5/#introducing-istiod With the introduction of Istiod the number of deployed pods get dramatically reduced,…
-
Install a high available Istio control plane on Azure Kubernetes Service
Lately I worked intensively with Istio and focused especially on the topic high availability of the Istio control plane. When you install Istio with the default profile, as mentioned in the Istio documentation, you get a non-high available control plane. istioctl manifest apply \ –set values.global.mtls.enabled=true \ –set values.global.controlPlaneSecurityEnabled=true Per default Istio gets installed with…
-
Secure Kubernetes API server access in Azure Kubernetes Service
Running Kubernetes at a cloud provider especially managed Kubernetes like AKS or GKE provides you with a solid foundation and applied security best practices for the managed master control plane. But there is one downside, the public accessible API endpoint to control the Kubernetes cluster. Even the API endpoint is only exposed via HTTPS and…
-
Configuration options for CoreDNS in Azure Kubernetes Service
In my last blog post I have shown you the configuration of custom upstream nameservers for CoreDNS in AKS. -> https://www.danielstechblog.io/setting-custom-upstream-nameservers-for-coredns-in-azure-kubernetes-service/ But there are more configuration options available to customize your CoreDNS experience. We will focus at some of them today. First, let us have a look at the two options in the custom-coredns ConfigMap.…
-
Setting custom upstream nameservers for CoreDNS in Azure Kubernetes Service
Last year I have written a blog post about configuring kube-dns in Azure Kubernetes Service to provide a custom nameserver for DNS name resolution. -> https://www.danielstechblog.io/using-custom-dns-server-for-domain-specific-name-resolution-with-azure-kubernetes-service/ Since then Kubernetes switched to CoreDNS and AKS as well. Today I am not talking about the topic in my previous blog post, that will follow the next days,…