I find that in my experience that a Node Image may need to get an update due to a big or security vulnerability. This is a seldom occurring occasion but I strongly be prepared for production environments. So what is a Node Image upgrade? MS docs says AKS supports upgrading the images on a node …
Category: Kubernetes
Azure Managed Grafana Setup with AKS
The following is a walk through of a quick setup of Azure Managed Grafana Instance and viewing performance graphs on applications running in Azure Kubernetes Service. This is a relatively new Azure platform service and the general documentation can be found at https://learn.microsoft.com/en-us/azure/managed-grafana/how-to-data-source-plugins-managed-identity?tabs=azure-portal I have had experience to build, configure and deploy Grafana into an …
How to reload an Env variable sync’d to a Pod mounted Azure Key Vault Secret
Implementation scenario to establish autorotation of pod mounted key vault secrets and reloading pods to update environment variables of those secrets.
How To Mount Azure Key Vault Secret to Pods in Azure Kubernetes Service
Scenario: You require a pod to mount a secret stored in an Azure Key Vault. So that an application running in the pod can access the secret as a file and environment variable. Also manage the access security between the AKS cluster to the key vault using a user assigned managed identity. Background: To integrate …
Continue reading How To Mount Azure Key Vault Secret to Pods in Azure Kubernetes Service
JMeter Load Testing against Azure Kubernetes Service
JMeter is an free load testing tool. You can find it at https://jmeter.apache.org/download_jmeter Comparing with other options freely available, I find this is has the right balance between being free, functionality and capabilities. I used to use Visual Studio Load Test tool but that is deprecated. The UI isn't has intuitive and there is some …
Continue reading JMeter Load Testing against Azure Kubernetes Service
My 3 Key Benefits of Istio Service Mesh with AKS
I have been working with Istio Service Mesh with Azure Kubernetes for a couple years, I like to share my experiences that were beneficial and impactful in my projects. Istio Service mesh helps with managing traffic among your microservices applications. Read more at https://istio.io/latest/about/service-mesh/ The general architecture is as follows where a service A (in …
Continue reading My 3 Key Benefits of Istio Service Mesh with AKS
Comprehensive Guide To Create an Azure Kubernetes Service with Az CLI
Objective: To provide key configuration parameters for the beginner when creating the Azure Kubernetes Service with Azure CLI. My design with related az aks create command configuration parameters. You can find the az aks create command’s documentation provides a list of about 60 parameters. az aks create --name --resource-group [--aad-admin-group-object-ids] [--aad-client-app-id] [--aad-server-app-id] [--aad-server-app-secret] [--aad-tenant-id] [--admin-username] …
Continue reading Comprehensive Guide To Create an Azure Kubernetes Service with Az CLI
Azure Portal Azure Kubernetes Resource Viewer vs Kubernetes Dashboard
As announced, in this article Kubernetes resource view is in public preview, I will review and give my thoughts on this new feature Kubernetes Resource View in the Azure Portal compared to the OSS Kubernetes Dashboard (Web UI). A prerequisite is that the AKS Cluster needs to be enable Azure AD integration. The biggest convenience …
Continue reading Azure Portal Azure Kubernetes Resource Viewer vs Kubernetes Dashboard
Kubernetes Error & Fix: clusterroles.rbac.authorization.k8s.io is forbidden: User clusterUser cannot list resource clusterroles
Issue Background: With an Azure Kubernetes Service deployment (version 1.17.9) in my dev environment, I launch the Kubernetes Dashboard application and I can’t see any Kubernetes resources and I get the following error notification clusterroles.rbac.authorization.k8s.io is forbidden: User "clusterUser" cannot list resource "clusterroles" in API group "rbac.authorization.k8s.io" at the cluster scope I am attempting to …
Error & Fix: Azure Kubernetes ‘Failed to pull image’
Error Message: Failed to pull image "rkaks/dotnetcoresqldb:dev": rpc error: code = Unknown desc = Error response from daemon: pull access denied for rkaks/dotnetcoresqldb, repository does not exist or may require 'docker login': denied: requested access to the resource is denied Shown from the Kubernetes Dashboard application Context I have my application's docker image pushed into …
Continue reading Error & Fix: Azure Kubernetes ‘Failed to pull image’
Roy Kim on Azure and Microsoft 365 