Home - About me - Browse by categories

How to: Use Terraform to deploy Azure Kubernetes Service in Custom VNET with Kubenet

05/21/2019 UPDATE: the route table and NSG assignation are now directly managed by the Azure Kubernetes Service provider, you don’t need to run extra script anymore! This blog post has been updated according to this.

Few months ago, I have written this post that explains how to deploy an Azure Kubernetes Service cluster inside a custom virtual network with the Kubenet plugin, instead of AzureCNI.

Note: The AKS docs has also been updated with this scenario, here.

In this new post, I describe all what you need to know/do to get the same result, but fully automated using Terraform :-)

read more

Using Azure Front Door to handle SSL termination with Azure Kubernetes Service

Azure Front Door allows to manage web traffic routing at the global level. It has a lot of features like URL-based routing, session affinity, URL rewriting, health probes and also SSL termination.

In this post, I will describe how to setup SSL offloading for your applications running in Azure Kubernetes Service with Azure Front Door.

read more

Secure an Azure Kubernetes cluster with Azure Active Directory and RBAC

Azure Kubernetes Services supports Kubernetes RBAC with Azure Active Directory integration, that allows to bind ClusterRole and Role to subjects like Azure Active Directory users and groups.

The version 1.19.0 of the AzureRM Terraform provider supports this integration.

This blog post describes how to script the deployment of an AKS cluster, using RBAC + Azure AD with Terraform and Azure CLI.

All the scripts are in this GitHub repository.

read more

How to: Azure Kubernetes Service + Custom VNET with Kubenet

05/21/2019 UPDATE: the route table and NSG assignation are now directly managed by the Azure Kubernetes Service provider, you don’t need to run extra script anymore! This blog post has been updated according to this and this kind of deployment is now documented on Microsoft Azure docs, on this page.

You probably already know that it is possible to deploy an Azure Kubernetes Service cluster into an existing virtual network (VNET) to be able to control the network CIDR and consume other services on your private networks, like on-premises services through an Express Route for example.

If you read the network documentation of AKS you will see that there are two networking modes: Basic networking that controls the virtual network and uses Kubenet as network plugin or Advanced networking that lets you control the virtual network and uses Azure CNI network plugin.

In this post, I will explain how to use Advanced networking, to keep control on the virtual network, but continue to use Kubenet as a network plugin.

Thank you very much to my colleague Stéphane Erbrech who has helped a lot to get this scenario working and review this post before publication

read more

Use Azure managed identities with Azure Kubernetes Services (AKS)

In this blog post, I will explain how you can use the aad-pod-identity project (currently in Beta) to get an Azure managed identity bound to a pod running in your Kubernetes cluster. I will illustrate this with a basic sample that consists in retrieving secrets from an Azure Keyvault in a Go application running in a Kubernetes pod.

read more