In this post I’ll show you how to setup Workload Identity in an AKS cluster using terraform and then deploy a pod with Azure CLI that you will use to login to Azure. Long story short: once workload identity is configured and enabled, kubernetes will inject 3 environment variables needed to login with Azure CLI:...
When you deploy an Azure Kubernetes Service with a node pool composed by spot virtual machines, you are running a cluster with the risk of losing nodes based on the configuration you set. Eviction may occur based on capacity or max price. In this post I’ll show you how to deploy an AKS cluster with such configuration...
When deploying an AKS cluster, even if you configure RBAC or AAD integration, local accounts will be enabled by default. This means that, given the right set of permitions, a user will be able to run the az get-credentials command with the --admin flag which will give you a non-audtibale access to the cluster. But...
If you deployed a private volume claim using the managed-premium storage class, then ran out of space and now you are searching how to expand the disk to a larger disk, this is how you can do it from scratch: manage-premium storage class is a premium storage class that allows volume expansion: allowVolumeExpansion:...
In my previous post AKS: Open Service Mesh & mTLS, I described how to deploy an AKS cluster with Open Service Mesh enabled, and how: Easy is to onboard applications onto the mesh by enabling automatic sidecar injection of Envoy proxy. OSM enables secure service to service communication. This time I’ll show you that...