Apply configuration changes to the default node pool in AKS via Bicep

In today’s blog post we look into the Bicep and how to apply configuration changes to the default node pool in Azure Kubernetes Service within the same Bicep template. What sounds easy on the first look gets nasty if all the things shall be done within the same template like creating an Azure Kubernetes Service cluster, adding additional node pools, or changing the configuration of existing ones. Read more [...]

Migrate an Azure storage account from LRS to ZRS replication without downtime

This is a rather short blog post about a hidden gem in the Azure documentation. You have two options today migrating an existing Azure storage account from the LRS (locally redundant storage) to ZRS (zone-redundant storage) replication option. A manual migration or live migration. Choosing the manual migration option requires a new target storage account with ZRS and might imply an application Read more [...]

How to change the node size of the default node pool in AKS without downtime?

Currently, as of writing this blog post, Azure Kubernetes Service does not support changing the node size of the default node pool or additional node pools without recreating the whole AKS cluster or the additional node pool. Having all the configuration in infrastructure as code whether it is Bicep or Terraform seems to be a dead end for this simple operation. If we change the node size in our Read more [...]

Preventing SNAT port exhaustion on Azure Kubernetes Service with Virtual Network NAT

Last year I have written a blog post about detecting SNAT port exhaustion on Azure Kubernetes Service. -> Today we dive into the topic of how to prevent SNAT port exhaustion on Azure Kubernetes Service with Virtual Network NAT. Since this year the managed NAT gateway option for Azure Kubernetes Service Read more [...]

Conditions with for_each in Terraform

Conditions in Terraform are well-known and can provide in combination with the for_each argument a lot of flexibility. In today’s blog post I walk you through an example storage module I have created to showcase the topic. The module consists of three resources a resource group, a lock, and a storage account. As I am using conditions with for_each for the resource group and the lock I can decide Read more [...]

Kubernetes CPU requests demystified

Two weeks back I participated in an incredibly good and vivid discussion on Twitter about Kubernetes CPU requests and limits. During the discussion I learned a lot and were proven that my knowledge and statement are not correct. I had made the following statement: “CPU requests are used for scheduling but are not guaranteed at runtime.” The first part about the scheduling is correct and the Read more [...]

Using Rancher Desktop as Docker Desktop replacement on macOS

Last year I wrote a blog post about running Podman on macOS with Multipass as a Docker Desktop replacement. -> Back at that time I had looked also into Podman Machine and Rancher Desktop. Podman Machine was out very quickly without support for host volume mounts. Rancher Desktop instead was promising but the host volume Read more [...]

Remove dangling multi-arch container manifests from Azure Container Registry

Last year I wrote a blog post about removing dangling container manifests from ACR. -> I did not cover an edge case when it comes to multi-arch container manifests. So, here we are, and I walk you through that topic today. First, do not be afraid the PowerShell script from last year works perfectly Read more [...]

Running gVisor on Azure Kubernetes Service for sandboxing containers

gVisor is one option beside Kata Containers or Firecracker for sandboxing containers to minimize the risk when running untrusted workloads on Kubernetes. -> Currently, the only managed Kubernetes service which supports gVisor in dedicated node pools per default is Google Kubernetes Engine. But with a bit of an effort this is doable as well on Azure Kubernetes Service. At Read more [...]