Thanks to Chat-GPT! This is a polished version with the help from Chat-GPT. Recently, I have been working on upgrading some Kubernetes clusters. Initially, the upgrade was not a complex task, but it became challenging when I had to migrate the runtime from Docker to Containerd. …

Remote debug Istio controlplane with delve in VSCODE Clone the istio repo Update the docker filewith ‘devle’ following the istio wiki Build image with debug enabled following the mentioned wiki as well. The github action can help if there is no container runtime in local to build. Update the image to the istiod deployment and update the ‘readOnlyRootFilesystem’ to ‘false’ Build tunnel with ‘port-forward’ between local and the istiod pod at port 40000

What happens when volumeManager in the kubelet starts? TL;DR The volumeManager is initialized along with the initialization of kubelet and is started by kubelet as well. …

Azure CNI in one of the CNI plugins AKS provides. Below example is based on an AKS cluster. The k8s version is 1.18.10 and CNI version is v1.2.0_hotfix. What? network The info of virtual network CNI creates endpoint The info of pod’s networking CNI creates netPlugin The parent plugin created when…

Generally speaking the process are two parts. Part-1: The 1st part is to provision the resources on Azure platform like control plane, networking, identity and virtual machine. Part-2: The 2nd part is to use the features of Azure virtual machine like custom data and custom script extension to install/configure kubelet related components…

Download URL: Shuanglu/k8sTcpdump The tool is to use the 'tcpdump' to capture the network trace of the pod The access to create privileged pod The access…github.com Input the “name” of the pod and “namespace” of the pod to the “xxx.json”. Example is “example/test.json” Run “./k8sTcpdump -p xxx.json” and it will bring up pods on the corresponding nodes to capture the network traces of the target pods. The ‘.cap’ file will be downloaded to the current folder.

Issue: In the AKS cluster, pods in a separate subnet(172.16.3.0/24) cannot connect to the Internet Environment: cloudprovider: AKS version: 1.17.11 NetworkPolicy: Calico NetworkPlugin: Azure nodepools: agentpool | 172.16.2.0/24 test | 172.16.3.0/24 Troubleshooting steps: Login to the node where the pod is running and run the test like ‘curl -v 216.58.193.78’…

Azure Policy in AKS is in-preview. Reviewed the deployment and found it uses open policy agent. Below are some language references for the constraint template created. https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-capabilities/template.yaml Introduction The Open Policy Agent (OPA, pronounced "oh-pa") is an open source, general-purpose policy engine that unifies policy…www.openpolicyagent.org

Glossary: Native client A type of client application that is installed natively on a device. It’s behalf of the human user while authenticating with AAD. We name it “kubectl app” in this article. Microsoft identity platform developer glossary This article contains definitions for some of the core developer concepts and terminology, which are helpful when…docs.microsoft.com 2. Web Client A type of client application that executes all code on a web server, and…