Already have feature requests in for it but....need options to take AGC private. Traffic through Front Door to AGC via Private Link Services. Please and thank you :)
@theakscommunity7 сағат бұрын
Private front-ends are on our roadmap. We can't provide an ETA at this time
@LawrenceWebber-kl1vq15 күн бұрын
Would be keen to use the App Gateway for Containers but the lack of WAF integration is a dealbreaker for us at the moment. Do you have an idea of when this will be added?
@theakscommunity14 күн бұрын
This is in the works. I don't have any details on timing, but we will share on this channel as soon as we have a good idea
@mystiqkc22 күн бұрын
Nice short tutorial. Thanks!
@NitroAMD24 күн бұрын
Is there a public repo for the "aks-node-viewer" coming? I could only find the AWS "eks-node-viewer" and I read on a GitHub issue [kubernetes-sigs/karpenter/issues/970] "AKS has an internal repo implementing the pricing data and forking from EKS node Viewer".
@joshduffney7954Ай бұрын
For those who watch the beginning of the stream, I needed to install libssl-dev on wsl for the cargo-component to install.
@Sri_x53Ай бұрын
Thank you
@amitverma7545Ай бұрын
Can you make one on open service mesh on aks apart form istio
@theakscommunityАй бұрын
Please note that OSM has been archived by it's maintainers. openservicemesh.io/blog/osm-project-update We suggest following this guidance to move to the Istio add-on. learn.microsoft.com/en-us/azure/aks/open-service-mesh-istio-migration-guidance We would love to know if there are any obstacles or missing features that would prevent you from moving forward.
@amitverma7545Ай бұрын
@@theakscommunity thanks a lot means osm is legacy now and istio is new solution do you know in AKS which one I should go
@brianredmond5609Ай бұрын
@@amitverma7545 We recommend the Istio Add-on for AKS. It's a managed offering, so we take care of the Istio control plane for you.
@AshredeLagardeАй бұрын
Great job Paul!
@themilkpirateАй бұрын
Can one finally use the Azure installed Gatekeeper for selfmade policies?
@theakscommunityАй бұрын
You have to go through Azure Policy to create your own policies that sync to Gatekeeper on the cluster. learn.microsoft.com/en-us/azure/aks/use-azure-policy#create-and-assign-a-custom-policy-definition
@diegonayalazoАй бұрын
Amazing!! ❤
@muditagarwal7012Ай бұрын
Step towards GKE autopilot
@piotrmaciocha8584Ай бұрын
nice, thank you!
@jmp6012 ай бұрын
Perfect! Now let's see it in US gov cloud!
@theakscommunityАй бұрын
It's not supported in Gov Cloud today,, but it is in our plans. No ETA at this time, but we will be sure to share when we know more
@thebluesclues20123 ай бұрын
I listened to the end
@dirty_park3 ай бұрын
Great tutorial! Straight to the point! 🎉🎉🎉🎉
@jeevajilife3 ай бұрын
Is there any supporting evidence that AGC is performant over other solution?
@theakscommunity3 ай бұрын
Thanks for the question. AGC has been completely redesigned from the ground up to improve the performance of both the data plane and control plane. The video demonstrates the performance improvements for the control plane. A quick performance test against the frontend will yield improved results for the data plane as well. Please let us know how us that performing for you.
@hank68693 ай бұрын
🤷 'PromoSM'
@fzavalloni3 ай бұрын
Nice to see an evolution. In our company we tried to use the Application Gateway Ingress controller however we need to create more than 100 ingresses what is not possible in the Application Gateway. I am eager to test it.
@theakscommunity3 ай бұрын
Sounds good. Please let us know how it goes.
@muditagarwal70123 ай бұрын
is Fleet GA?
@serbrech3 ай бұрын
The cluster management behavior shown in this video is GA yes. The dataplane part to place workload on member clusters via the hub's apiserver will GA shortly.
@GK-rl5du5 ай бұрын
Great discussion.. this is my foray into WASI. Have couple of questions though 1. So, WASI is the bytecode the WASM modules should use for making syscalls to use host's resources? And something like wastime implements these new bytecodes and issue syscalls accordingly. 2. How should I think about security/isolation model of wasm modules vs containers? As you've mentioned container runtimes like docker setup required namespaces to isolate containers from other processes on the host. As I understand that in wasm modules, an application has to request explicit networking capabilities to utilize host's networking stack. But, assuming we provide such capabilities to our wasm module, then can our app setup a tap on some other network interface on the host? Like how does WASI wasmtime provide isolation as we are used to containers.
@joshduffney79544 ай бұрын
Hey @GK-rl5du, thanks for comment & great questions. I'll do my best to answer and let Yosh correct me if I'm off base. 1. Your understanding matches mine. I've been thinking about WASI as an API. And that API defines the interactions between WebAssembly modules and the host system. Much like syscalls do for the container runetimes like ContainerD. An interesting next step would be to dive into the component model. 2. Capabilities are indeed how the wasm module gets access to the host resources and without those it cannot reach the host. From what I've read and heard it’s supposed to be "sandboxed" but idk what's meant by that. I don't yet understand how the isolation is achieved and if the capability creates an isolated instance of the network interface, for example, or if it's shared. Or if even with an isolated instance if it'd be possible to tap other network interfaces. I'll dig into this and ask ppl smarter on the subject than myself and report back. :)
@joshduffney79544 ай бұрын
So, I just spoke with Yosh and here's what I learned. The implementation largely depends on the runtime and how it provides the "API" for the capability. But, all things considered it's isolated by the memory on the host machine that the wasm process is running. And all the data sent and received is locked into that address space. In theory, that shouldn't allow any cross contamination for a lack of a better work. However, that's where hyperlight comes in as a runtime and provides vm level isolation at the process level to ensure isolation.
@GK-rl5du4 ай бұрын
@@joshduffney7954 thanks for all your efforts Josh 🙂 it's beginning to make sense to me. So, without capabilities based security from runtime and additional help from tech like Hyperlight, a wasm module is similar to an OS process (in terms of isolation/security)? My reasoning is, a vanilla OS process is also memory isolated from other OS processes due to the virtue of Virtual Memory. I'll do my own homework too to understand this better. But this is an interesting tech for sure 😊
@joebuydem5 ай бұрын
nice talk. really explained what WASM really is. good job. subbed. :)
@joshduffney79545 ай бұрын
Hey @joebuydem, thanks watching and subscribing. Glad to hear you found value in the conversation. More Wasm content is in the near future! :)
@joshduffney79545 ай бұрын
Figured out the issue I ran into around 1:03:33, the dev container uses docker in docker so the registry that was hosted in my local docker desktop wasn't visible. So I needed to run another registry inside the dev container. docker run -d -p 5001:5000 -e REGISTRY_STORAGE_DELETE_ENABLED=true --name registry registry And now I can push the image. docker push localhost:5001/alpine:v1
@joshduffney79545 ай бұрын
My apologies for the audio quality on my end... I didn't notice that the wrong mic was selected until afterwards.