application-gateway-kubernetes-ingress
aad-pod-identity
Our great sponsors
application-gateway-kubernetes-ingress | aad-pod-identity | |
---|---|---|
9 | 7 | |
662 | 570 | |
0.8% | - | |
6.0 | 0.0 | |
4 days ago | 7 months ago | |
Go | Go | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
application-gateway-kubernetes-ingress
-
AKS ingress - internal LB + App Gateway vs. public LB + Ingress/Gateway API
Unfortunately in some cases it works poorly. For more insights, read this - https://github.com/Azure/application-gateway-kubernetes-ingress/issues/1124
-
What do you think about the AGIC?
My main concern is about zero-downtime deployments - https://github.com/Azure/application-gateway-kubernetes-ingress/blob/master/docs/how-tos/minimize-downtime-during-deployments.md
-
App Gateway cannot reach AKS Service?
However, you better read and understand some specific behaviors of AGIC which are caused by its architecture - https://github.com/Azure/application-gateway-kubernetes-ingress/blob/master/docs/how-tos/minimize-downtime-during-deployments.md & https://github.com/Azure/application-gateway-kubernetes-ingress/issues/1124
-
What are the most popular ingress controllers
application-gateway-kubernetes-ingress (Azure only)
-
creating resource "kubernetes_ingress" with Terraform
Probably something like this https://azure.github.io/application-gateway-kubernetes-ingress/
-
The Kubernetes Ingress Concept and Ingress Controller (Part 1)
AKS Application Gateway Ingress Controller is an ingress controller that configures the Azure Application Gateway.
-
Aks ingress controller- Nginx+ vs AGIC
AGIC has a lack of annotations that I find nginx+ offers like server snippets and custom headers. granted you can write re-write rules for AGIC with the help of the portal, it resets everything if one pod fails and this is a major showstopper for me. More info about the exact issue I'm talking about is in this issue. Apart from this, like the previous comments, the extra WAF rules and compliances offered makes AGIC a good choice if you don't have any extra header addition requirements like i do.
- Looking for objective feedback on AKS
-
Is there a "delta" post from Kubernetes to Azure Kubernetes (AKS)?
If you want Azure to manage ingress, you can use Azure application gateway and application gateway ingress controller (agic). However, if you want a public/private combination, fox example if you have 8 microservices out of which you want 6 to have private endpoint and 2 to have public endpoint over https, then it cannot be dones as agic only supports one ip per port. Also one agic can only use one application gateway (With auto management, meaning it automatically manages the listeners, https settings, backendpools, probes etc. on app gateway). If you it as shared gateway, then you need to manage application gateway manually (with az cli). Also, its github page has good how tos (https://github.com/Azure/application-gateway-kubernetes-ingress).
aad-pod-identity
-
Managed Identiy to Connect AKS with Azure SQL
Can someone please help me with a step by step guide to perform this. https://github.com/Azure/aad-pod-identity Blog I am referring: https://trstringer.com/connect-k8s-apps-msi/
-
Anyone in here using AAD Pod Identity?
Link to my direct issue on the GitHub site: https://github.com/Azure/aad-pod-identity/discussions/1320
-
Obtain Azure access token from a local Docker container
Q: So how am I supposed to log in to Azure so that my app can obtain tokens? A: I tell devs: For local development log in to Azure CLI with your normal user account. It has Contributor over your Dev/Test subscription and you can access secrets and configuration from their Dev/Test Key Vaults. For staging and production running in Azure (in our case Docker containers running on AKS) we use User-Assigned Managed Identity and aad-pod-identity project. This managed identity has least-privilege permissions over staging and production environments to do it's job at runtime.
-
Use Azure AD workload identity to securely access Azure services or resource from your Kubernetes cluster
The existing Azure AD Pod Identity project addresses this need. However, the Azure AD workload identity approach is simpler to use and deploy, and overcomes several limitations in Azure AD Pod Identity:
-
Implement Azure AD Workload Identity on AKS with terraform
As described on the documentation, azwi is the suggested approach from now on since Azure AD Pod Identity has been (somehow) deprecated as you can read on the github repo and on the blog post here.
- Required permissions to backup and restore database in K8s cluster to Azure Blob storage
-
Authenticating to SQL Server from a containerized service
Unfortunately, password maintenance and rotation is a chore and has to be done in both places. There are however other things that you might want to try. 1. Kerberos authentication in pure container environments. This is something you can do on any Linux environment that is connected to AD. 2. Use AAD pod identity (https://github.com/Azure/aad-pod-identity) if running from AKS, but it is still in preview.
What are some alternatives?
ingress-nginx - Ingress-NGINX Controller for Kubernetes
Pulumi - Pulumi - Infrastructure as Code in any programming language. Build infrastructure intuitively on any cloud using familiar languages 🚀
externalsecret-operator - An operator to fetch secrets from cloud services and inject them in Kubernetes
kubernetes-ingress-controller - :gorilla: Kong for Kubernetes: The official Ingress Controller for Kubernetes.
aks-engine - AKS Engine: legacy tool for Kubernetes on Azure (see status)
devtron - Tool integration platform for Kubernetes
cloudpods - A cloud-native open-source unified multi-cloud and hybrid-cloud platform. 开源、云原生的多云管理及混合云融合平台
envoy - Cloud-native high-performance edge/middle/service proxy
kots - KOTS provides the framework, tools and integrations that enable the delivery and management of 3rd-party Kubernetes applications, a.k.a. Kubernetes Off-The-Shelf (KOTS) Software.
skipper - An HTTP router and reverse proxy for service composition, including use cases like Kubernetes Ingress
azure-sdk-for-net - This repository is for active development of the Azure SDK for .NET. For consumers of the SDK we recommend visiting our public developer docs at https://learn.microsoft.com/dotnet/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-net.