Blog

Open Service Mesh (OSM) is a lightweight and extensible cloud native service mesh, easy to install and configure and with features as mTLS to secure your microservice environments. Now that Open Service Mesh (OSM) integration with Azure Kubernetes Service (AKS) is GA (Check the announcement) I’ll show you not only to deploy it but also how to add your microservices to the mesh so communication between them is encrypted.

Disclaimer: this is just a Proof of Concept. If you deploy Azure Kubernetes Service clusters with availability zones, you’ll probaly need a high available storage solution. In such situation you may use Azure Files as an external storage solution. But what if you need something that performs better? Or something running inside your cluster?

Today I’ll show you how to use Container Insights and Azure Monitor to check your AKS cluster for pods without requests and limits. You’ll need to use the following tables and fields: KubePodInventory: Table that stores kubernetes cluster’s Pod & container information ClusterName: ID of the kubernetes cluster from which the event was sourced Computer: Computer/node name in the cluster that has this pod/container. Namespace: Kubernetes Namespace for the pod/container ContainerName:This is in poduid/containername format. Perf: Performance counters from Windows and Linux agents that provide insight into the performance of hardware components operating systems and applications. ObjectName: Name of the performance object. CounterName: Name of the performance counter. CounterValue: The value of the counter And take a close look at the following Objects and Counters:

This post will show you how to deploy a Static Website on a Storage Account protected with Private Endpoint using Terraform: Define the terraform providers to use # Create a providers.tf file with the following contents: terraform { required_version = "> 0.12" required_providers { azurerm = { source = "azurerm" version = "~> 2.26" } } } provider "azurerm" { features {} skip_provider_registration = true } Define the variables # Create a variables.tf file with the following contents:

Some months ago a customer asked me if there was a way to deploy a Windows node pool with spot virtual machines and ephemeral disks in Azure Kubernetes Service (AKS). The idea was to create a cluster that could be used to run Windows batch workloads and minimize costs by deploying the following:

This post will show you the steps you’ll have to take to deploy an Azure Files Storage with a Private Endpoint and use it to create volumes for an Azure Kubernetes Service cluster: Create a bicep file to declare the Azure resources # You’ll have to declare the following resources:

When configuring Azure Kubernetes Service with Azure Container Network Interface (CNI), every pod gets an IP address of the subnet you’ve configured. So how do you plan you address space? What factors should you consider? Each node consumes one IP. Each pod consumes one IP. Each internal LoadBalancer Service you anticipate consumes one IP. Azure reserves 5 IP addresses within each subnet. The Max pods per node is 250. The Max pods per nodes lower limit is 10. 30 pods is the minimum per cluster. Max nodes per cluster is 1000. When a cluster is upgraded a new node is added as part of the process which requires a minimum of one additional block of IP addresses to be available. Your node count is then n + 1. When you scale a cluster an additional node is added. Your node count is then n + number-of-additional-scaled-nodes-you-anticipate + 1. With all that in mind the formula to calculate the number of IPs required for your cluster should look like this:

I’m a proud owner of a Surafe Pro X SQ2 which is an ARM64 device. If you’ve been reading me, you know I like to tinker with kubernetes and therefore I needed a solution for this device. I remembered reading about k3s a lightweight kubernetes distro built for IoT & Edge computing, and decided to give it a try.

This morning I saw this tweet from Mr Brendan Burns: AKS Cost Monitoring and Governance With Kubecost https://t.co/OStwIBsuPp — brendandburns (@brendandburns) April 30, 2021 And I’m sure that once you also read through it, you’ll learn that you have to take several steps in order to achieve AKS Cost Monitoring and Governance With Kubecost.

By default Cloud Shell sessions run inside a container inside a Microsoft network separate from any resources you may have deployed in Azure. So what happens when you want to access services you have deployed inside a Virtual Network such as a private AKS cluster, a Virtual Machine or Private Endpoint enabled services?

As you may know I’ve been collaborating with Dapr and I’ve learned that one of the things it enables you to do is to collect traces with the use of the OpenTelemetry Collector and push the events to Azure Application Insights. After some reading I went and check if I could also write my ASP.NET Core applications to log using the OpenTelemetry Log and Event record definition:

Now that Dapr is about to hit version 1.0.0 let me show you how easy is to read secrets with a .NET 5 console application. Create a console application # dotnet new console -n DaprSecretSample cd DaprSecretSample Add a reference to the Dapr.Client library # dotnet add package Dapr.Client --prerelease Create a Secret Store component # Create a components folder and inside place a file named secretstore.yaml with the following contents:

Hacktoberfest® is an open global event where people all around de globe contribute to open source projects. The idea behind Hacktoberfest® is great, in my opinion it encourages and motivates contributions specially from those who don’t know where to start with OSS, but saddly what we saw this year was many people, let’s call them trolls, spamming repos with useless pull requests in order to claim the nice tee. The Hacktoberfest® organization reacted quickly to fix the situation and the rules of the game have been changed: the event is now offically opt-in only for projects and mantainers.

Today I’m going to show you how to manage Terraform Cloud with .NET Core using the Tfe.NetClient library. The idea is to create a simple console application that will: Add GitHub as a VCS Provider. Create a Workspace conected to a GitHub repo where your Terraform files live. Create a variable in the workspace. Create a Run (Plan) based on the Terraform files Apply the Run. Tfe.NetClient is still in alpha and not every Terraform Cloud API or feature is present. Please feel free to submit any issues, bugs or pull requests.

The intent of this post is to help you understand how to connect an Azure Function to a Storage Account privately so all traffic flows through a VNet therefore enhancing the security of your solutions and blobs. The Case: # Supose you have the following Azure Function written in C# which only copies a blob from one conatiner to another:

In this post I’ll show you how to expose your “Daprized” applications using and NGINX ingress controller. Prerequistes # A working kubernetes cluster with Dapr installed. If you need instructions please find them here Deploy an application to your Kubernetes cluster # I’ll be using a simple Azure Function I created back in 2017 in the following post: Run a Precompiled .NET Core Azure Function in a Container which exposes a simple validation function.

Dapr is an event-driven, portable runtime for building microservices on cloud and edge. Dapr supports the fundamental features you’ll need such as: service invocation, state management, publish/subscribe messaging and since version 0.5.0 the ability to read from secret stores! This post will show you to read kubernetes secrets using Dapr and .NET Core:

a couple of weeks ago I was trying to deploy MongoDB in AKS using the MongoDB Enterprise Operator and had trouble finding a simple tutorial to make the thing work. This post intends to fill that gap with a straight to the point approach. Prerequisites # Be sure to deploy AKS with a set of nodes with at least 8GB of RAM. I used Standard_D3_v2

So you are new to Dapr and you are trying to understand how it works with you .NET Core application. You already tried launching your app with the Dapr CLI and then you find yourself wondering on how to debug the mix with Visual Studio Code. Well, follow this simple steps and you’ll be ready:

For the last 3 years this blog was written using Jekyll which has a series of requirements such as Ruby that I don’t want to keep installing or maintaining on my PC. So I created this Developer Container for those who want to use Jekyll from an isolated container. Let’s check the container definition: