CREATING CUSTOM AZURE POLICY FOR KUBERNETES TO DISALLOW NON-COMPLIANT IMAGE REGISTRIES
There are cases where you may need to explicitly ensure that specific container image registries are blacklisted from being used in your Kubernetes clusters. Let me provide you with a very recent and relevant example. From 3rd April 2023, k8s.gcr.io legacy image registry is officially frozen which means that no images, future Kubernetes versions and patch releases for earlier Kubernetes versions will be pushed to this registry.
Read moreKEEPING AKS CLUSTERS CONTINUOUSLY SECURE WITH AZURE POLICY
AzPolicy 💜 K8s: Introduction and highlights AzPolicy 💜 K8s: Practical walkthrough Azure Policy add-on Azure Portal Azure CLI Terraform Microsoft Defender for Containers Enforce Azure Policy definitions Enforce Azure Policy definitions in Azure Portal Enforce Azure Policy definitions via Azure CLI Enforce Azure Policy definitions via Terraform (IaC) Create and enforce custom Azure Policy definitions Azure Policy Remediation Additional resources 🐇This blog post is also a contribution to Azure Spring Clean 2023 where during 5 weekdays of March, 13th-17th, community contributors share learning resources that highlight best practices, lessons learned, and help with some of the more difficult topics of Azure Management.
Read moreHOW TO TRIGGER SUBSEQUENT GITHUB WORKFLOW IN A DIFFERENT REPOSITORY
I was recently working on automating some manual actions related to my tech blog and discovered an interesting use case that I thought was worth sharing with the community 😊 Did you know that it is possible to trigger a GitHub workflow that resides in a different repository? Let me show you how!
Read moreAKS CONTROL PLANE TIERS - WHAT, WHEN AND HOW?
Recently a new property became available in Azure Portal when creating a new Azure Kubernetes Service instance: Have you seen it and do you know what it actually is? Wait, does AKS have pricing tiers?! I thought that the only price we need to pay was based on the chosen VM SKU for AKS Nodes….
Read moreHOW TO MODIFY AZURE ARC (OR ANY) SERVICE PRINCIPAL SCOPE AFTER CREATION
A thought struck me one day when I was working with onboarding machines to Azure Arc. If you want to onboard multiple servers at scale to Azure Arc, you would need a Service Principal with Azure Connected Machine Onboarding role in the respective subscription or resource group where you want to create Azure Arc-enabled servers.
Read moreHOW TO FIX SERVICEACCOUNT ERROR IN AZURE DEVOPS ENVIRONMENTS FOR KUBERNETES CLUSTERS V.1.24 AND NEWER
Introduction of the issue Issue resolution approaches Use Azure DevOps Environment without Kubernetes Resources and deploy with manually created Kubernetes Service Connection Use Azure DevOps Environment with Kubernetes Resource of type “Generic provider (existing service account)” Automate creation of Kubernetes Resource of type “Generic provider (existing service account) Introduction of the issue [Update July 2023] This issue has been resolved and you should be able to create a Kubernetes resource targeting Azure Kubernetes Service in Azure DevOps Environments in the same way as before.
Read moreSTRENGTHENING SECURITY POSTURE OF CONTAINERIZED .NET APPLICATIONS WITH .NET CHISELED CONTAINERS (UPDATED DEC.2023)
Introduction Container Security - pitfalls and must do’s Containers and root user Running containers as unprivileged user Rootless Containers Running containers with unprivileged user in Kubernetes Supply chain and third-party dependencies Summary on mitigating common container security pitfalls Chiseled Ubuntu Containers && .NET Example: Porting Cat Encyclopedia app to .
Read more[🎄AZURE ADVENT CALENDAR🎄] EXPLORING UPGRADE STRATEGIES IN AZURE KUBERNETES SERVICE
Why upgrading AKS clusters is important? Cluster and Node OS image upgrade process AKS cluster upgrade flow AKS Auto-upgrade Enabling AKS auto-upgrade in IaC Azure CLI Terraform Bicep Auto-upgrade considerations Additional resources 🎄This blog post is also a contribution to Azure Advent Calendar where during December, experts from the tech community share their knowledge through contributions of a specific technology in the Azure domain.
Read moreKRIS'S QUICK CUP OF (A)K8S #5 - HOUSEKEEPING FOR KUBERNETES CONTEXTS
Let’s start today’s tech tip by identifying what a Kubernetes Context is. Kubernetes Context, which is also known as kubectl context, represents a Kubernetes cluster that kubectl command-line tool is currently targeting. You decide which Kubernetes cluster to set as active by modifying currently active context with kubectl config use-context <cluster_name> command.
Read moreAPPLYING DOCKERFILE BEST PRACTICES WITH HADOLINT
Hadolint - Introduction and benefits Installation and execution options for Hadolint Azure DevOps GitHub Actions Local development (VSCode Extension) Additional resources In this blog post I would like to take a look at how we can ensure that Dockerfiles we create are of high quality and are following best practices in the industry.
Read more