Does Workload Identity on AKS work across tenants?
Introduction
An interesting use case for Workload Identity came up recently. I was asked if a Pod in an AKS cluster that was deployed in one tenant can access Azure resources within another tenant.
I’ve configured Workload Identity on AKS many times, and I thought “in theory” it should “just work”, but I never tested it across tenants. So I decided to give it a try.
TL;DR: Yes, it does work.
Continue readingStreamline Network Observability on AKS: A Step-by-Step Guide to enable the AKS add-on with Terraform
Have you ever had to troubleshoot network issues in your Kubernetes clusters? If so, you know how challenging it can be to identify and resolve problems.
To troubleshoot network issues you probably had to use a combination of tools like kubectl, tcpdump, wireshark, and netstat. The list goes on and on… While these tools are great for debugging and capturing network logs and traces, they don’t provide a holistic view of your cluster’s network traffic.
Purging Deleted Azure Key Vaults
Do you constantly provision and delete Azure Key Vaults?
If so, you may have noticed attempts to recreate a recently deleted key vault will result in the following error:
The vault name is already in use.
This is because Azure Key Vaults are kept in a deleted state and not automatically purged. You must manually purge these key vaults to be able to reuse the name.
To confirm the key vault in question is in “deleted” state, you can run the following:
Continue readingWeb Application Routing on AKS
Exposing your web applications on Azure Kubernetes Service (AKS) has gotten a little bit easier. In this post, I will cover the new Web Application Routing feature for AKS and discuss reasons why you may want to implement it within your cluster.
Exposing your app
You have a lot of options when it comes to exposing your application Pods to the world. If you’re using a managed-Kubernetes service in the cloud, you could deploy a Service and set the type to LoadBalancer and your cloud provider will provision one with a public IP. The Service sits in front of your Pods and if all you need is a public IP, you’re good to go.
Continue readingDeploying ARM64 workloads to AKS
You might have heard by now that Azure has partnered with Ampere to bring ARM-based processors for virtual machines on Azure. This is super exciting as it gives you an opportunity to deploy workloads on highly performant and power efficient virtual machines and these characteristics ultimately result in excellent price-performance (lower costs 🥳)
So… are you ready to deploy your workloads to ARM64 node pools on AKS? I sure wasn’t when attempting to deploy the azure-voting-app-redis application to my cluster.
Continue readingSharing Bicep Modules with Azure Container Registry
One of the things I do as a Cloud Native Advocate at Microsoft is build end-to-end lab scenarios in the https://aka.ms/oss-labs repo. Most of the demo scenarios we aim to cover is in and around the container space and a majority of the labs uses Azure Bicep to declaratively provision Azure infrastructure. As more labs get spun up, there is a potential for redundant Bicep code. You might have already guessed, there’s a need for re-usable code to spin up AKS clusters.
Continue readingSecurely connect to your Azure Linux Virtual Machine with Tailscale SSH
Being on the Cloud Advocate team at Microsoft, we’re always looking to empower every developer to achieve more on Azure. One way of doing this is by bringing you hands-on content to deliver end-to-end scenarios using cloud-native and open source technologies.
My colleague on the Cloud Native team, Aaron Wislang has been cooking up a bunch of labs in our Azure Open Source Labs repo and one area we’ve been collaborating on is within the Azure Linux VM space.
Continue reading