Azure Insights: Kubernetes Service; Load Testing; Administrative Unit; Secure Score

February 13 2022

Microsoft Azure pros discuss using gVisor with Kubernetes Service, Load Testing, the capabilities of the Administrative Unit, and Secure Score.

Using gVisor on Azure Kubernetes Service

Writing on Daniel’s Tech Blog, Daniel Neumann explored how to run gVisor on Azure Kubernetes Service and sandbox containers. Currently, only Google Kubernetes Engine supports gVisor in dedicated node pools, but there are ways to run it for AKS that are not officially supported by Microsoft.

Neumann started by configuring containers for the nodes in a new node pool, using a shell script.

The run script downloads the config.toml from GitHub as we do not want to rebuild the container image every time this file changes. In the next step the install script is copied over to the AKS node using the hostPath volume mount. Finally, we execute the install script via nsenter on the node, backing up the original containerd configuration file and replacing it. The last step is a restart of containerd itself applying the new configuration. As containerd is only a CRI running containers will not be restarted. Afterwards the daemon set is kept running with an infinite sleep.

Before gVisor will work in a sandboxed runtime, a runtime class is used to make Kubernetes aware of it. He described this setup, and cautioned about the need for ongoing maintenance.

Taking advantage of Azure Load Testing

Tobias Zimmergren explored the benefits of Azure Load Testing. Load testing allows users to simulate the type of load their applications will need to withstand. All too often, Azure solutions are deployed without enough thought to reliability. As a result, there may be problems with scalability, a system might not handle retry-actions with exponential back-off, or connectivity to other services does not follow best practices.

Zimmergren recommends users test scalability, verify alerts are sending, measure client-side metrics, and other considerations. Azure Load Testing is easy to use, with options to integrate with Pipelines or GitHub. Users can take JMeter scripts and load test. He walked fellow users through the setup process.

When the load tests have finished, we can see the test's metrics, including errors and performance - and all the server-side metrics from the connected services. The connected monitoring is the true benefit of using Azure Load Testing. I have used many load testing platforms in the past, but I never got immediate insights from all my dependencies.  

What is the Azure Administrative Unit?

About MSCN Reporter

More about MSCN Reporter