Aks

Azure Private Endpoints attach a managed service (PostgreSQL, Key Vault, Storage…) to the private network via an internal IP. The challenge: for AKS pods to resolve the FQDN of that resource to its private IP rather than its public IP, you need to correctly configure private DNS zones and Virtual Network Links. Architecture of the problem When Azure creates a Private Endpoint for, say, a PostgreSQL Flexible Server, it automatically creates a private DNS zone of the form privatelink.postgres.database.azure.com. This zone contains an A record mapping the server’s FQDN to the Private Endpoint’s private IP. ...

During my attendance at KubeCon, I had the opportunity to participate in the Azure day with Kubernetes. A new tool currently under development was presented: retina What is Retina? Retina is a tool for monitoring the network and services of AKS clusters. Its goal is to collect customizable telemetry and push it to various backends (Prometheus, via a PV, etc.). How it works Retina offers several data collection modes: Via the CLI In this capture mode, running a command through the Retina CLI triggers the creation of a Kubernetes job that performs a capture based on a node selector. The default duration is one minute, but it can be configured via --no-wait=true to run continuously. Other options include capping the output file size, filtering by [ip]:[port], or filtering via a DNS query udp port 53. ...