2 avril 20222 avril 2022

AKS | Bring your own Container Network Interface (CNI)

Hi!

This article shows how to deploy an AKS cluster with no CNI plugin pre-installed, which allows for installation of any third-party CNI plugin that works in Azure.

# Install the aks-preview extension
az extension add --name aks-preview

# Update the extension to make sure you have the latest version installed
az extension update --name aks-preview

# Create a resource group to create the cluster in
az group create -l <Region> -n <ResourceGroupName>

# create the cluster itself
az aks create -l <Region> -g <ResourceGroupName> -n <ClusterName> --network-plugin none

Maxime.

2 avril 2022

AKS | Node Pool Snapshot

Hi!

In this article, we will see a new feature of AKS : Node Pool Snapshot.

AKS releases a new node image weekly and every new cluster, new node pool, or upgrade cluster will always receive the latest image that can make it hard to maintain your environments consistent and to have repeatable environments.

Node pool snapshots allow you to take a configuration snapshot of your node pool and then create new node pools or new clusters based of that snapshot for as long as that configuration and kubernetes version is supported.

Take a Node Pool Snapshot:

NODEPOOL_ID=$(az aks nodepool show --name nodepool1 --cluster-name myAKSCluster --resource-group myResourceGroup --query id -o tsv)

az aks snapshot create --name MySnapshot --resource-group MyResourceGroup --nodepool-id $NODEPOOL_ID --location eastus

Create a Node Pool from a Snapshot:

SNAPSHOT_ID=$(az aks snapshot show --name MySnapshot --resource-group myResourceGroup --query id -o tsv)

az aks nodepool add --name np2 --cluster-name myAKSCluster --resource-group myResourceGroup --snapshot-id $SNAPSHOT_ID

Upgrading a Node Pool from a Snapshot:

SNAPSHOT_ID=$(az aks snapshot show --name MySnapshot --resource-group myResourceGroup --query id -o tsv)

az aks nodepool upgrade --name nodepool1 --cluster-name myAKSCluster --resource-group myResourceGroup --snapshot-id $SNAPSHOT_ID

Create a cluster from a Snapshot:

SNAPSHOT_ID=$(az aks snapshot show --name MySnapshot --resource-group myResourceGroup --query id -o tsv)

az aks create --name myAKSCluster2 --resource-group myResourceGroup --snapshot-id $SNAPSHOT_ID

Maxime.

29 mars 202229 mars 2022

ACR | Trusted Azure services

Hi!

Azure Container Registry can allow select trusted Azure services to access a registry that’s configured with network access rules. When trusted services are allowed, a trusted service instance can securely bypass the registry’s network rules and perform operations such as pull or push images.

Trusted service	Supported usage scenarios	Configure managed identity with RBAC role
Azure Container Instances	Deploy to Azure Container Instances from Azure Container Registry using a managed identity	Yes, either system-assigned or user-assigned identity
Microsoft Defender for Cloud	Vulnerability scanning by Microsoft Defender for container registries	No
ACR Tasks	Access the parent registry or a different registry from an ACR Task	Yes
Machine Learning	Deploy or train a model in a Machine Learning workspace using a custom Docker container image	Yes
Azure Container Registry	Import images to or from a network-restricted Azure container registry	No

To enable:

az acr update --name myregistry --allow-trusted-services true

To disable:

az acr update --name myregistry --allow-trusted-services false

Maxime.