Gitops

⚠️ Please note that the HTTP Application routing add-on for AKS is now deprecated and will be retired on 3rd of March, 2025. Normally if you were to expose an application running in AKS for external access, you would need multiple bits and pieces to be deployed and configured: Ingress Controller to ensure proper traffic routing and load balancing in an AKS cluster; Certificate management solution for automatic obtaining, provisioning, renewing and using of TLS certificates for applications running in AKS clusters; DNS zone and respective DNS records to expose applications on a specific URL for external access; This can be quite a lot to set up and will in some cases be an overhead for dev/test or playground AKS clusters. That’s when HTTP Application Routing add-on can help you out and do all this work for you! 🚀 ...

One day I was going through Azure Policies for Kubernetes and suddenly saw an alert related to the following policy for one of the AKS clusters: Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities. What this basically means is that you shouldn’t have any accounts in your cluster that have been assigned a ClusterRole or Role with CAP_SYS_ADMIN capabilities. CAP_SYS_ADMIN is a capability that is available in Linux. It provides a very privileged level of permissions that allows an account that has this capability to perform a range of system administration operations which can potentially be harmful and damaging for the whole system. You can read more about this capability here: capabilities(7) — Linux manual page. ...

It’s time for a new edition of Kris’s Quick cup of Kubernetes where I’m utilizing Azure Kubernetes Service (AKS) for demo purposes!😺 In second edition of this tech tip series I would like to share a few tips related to CronJobs, Rolling Updates and AKS add-ons that can make your life easier when working with Kubernetes and specifically Azure Kubernetes Service. #1 - Run CronJob instantly Sometimes you may need to run a CronJob (scheduled Job) instantly, for example, when you’re debugging some execution errors. So, can you do that instantly or do you need to wait for the next time slot that the CronJob is scheduled for to execute? Well, you can pretty easily create a regular Job based on CronJob definition and in that way trigger it instantly - here’s how you can do that with kubectl: ...

Starting a totally new Tech Tips subsection feels great - especially when it’s going to be purely dedicated to Kubernetes utilizing Azure Kubernetes Service (AKS) for demo purposes! :-) In this first edition I would like to demonstrate 4 helpful commands that can make your life easier when working with Kubernetes. AKS will be my Kubernetes distribution of choice. #1 - Live streaming of Pod logs Sometimes it can be really useful to monitor application’s logs, for instance when there are errors happening during application’s start-up or while it’s up and running. If you use kubectl logs <pod_name> -n <namespace> you will only get what’s been logged until the execution of command. In order to stream logs and follow them in real-time you will need to use -f flag (“f” for “follow”) with kubectl logs command, i.e. kubectl logs <pod_name> -n <namespace> -f. ...