KEEPING AKS CLUSTERS CONTINUOUSLY SECURE WITH AZURE POLICY

AzPolicy πŸ’œ K8s: Introduction and highlights AzPolicy πŸ’œ K8s: Practical walkthrough Azure Policy add-on Microsoft Defender for Containers Enforce Azure Policy definitions Azure Portal Azure CLI Terraform (IaC) Create and enforce custom Azure Policy definitions Azure Policy Remediation Additional resources πŸ‡This blog post is also a contribution to Azure Spring Clean 2023 where during 5 weekdays of March, 13th-17th, community contributors share learning resources that highlight best practices, lessons learned, and help with some of the more difficult topics of Azure Management.

Read more

[πŸŽ„.NET ADVENT CALENDARπŸŽ„] STRENGTHENING SECURITY POSTURE OF CONTAINERIZED .NET APPLICATIONS WITH CHISELED UBUNTU CONTAINERS

Introduction Container Security - pitfalls and must do’s Containers and root user Running containers as unprivileged user Rootless Containers Running containers with unprivileged user in Kubernetes Supply chain and third-party dependencies Summary on mitigating common container security pitfalls Chiseled Ubuntu Containers && .NET Example: Porting Cat Encyclopedia app to .

Read more

[πŸŽ„AZURE ADVENT CALENDARπŸŽ„] EXPLORING UPGRADE STRATEGIES IN AZURE KUBERNETES SERVICE

Why upgrading AKS clusters is important? Cluster and Node OS image upgrade process AKS cluster upgrade flow AKS Auto-upgrade Enabling AKS auto-upgrade in IaC Azure CLI Terraform Bicep Auto-upgrade considerations Additional resources πŸŽ„This blog post is also a contribution to Azure Advent Calendar where during December, experts from the tech community share their knowledge through contributions of a specific technology in the Azure domain.

Read more

APPLYING DOCKERFILE BEST PRACTICES WITH HADOLINT

Hadolint - Introduction and benefits Installation and execution options for Hadolint Azure DevOps GitHub Actions Local development (VSCode Extension) Additional resources In this blog post I would like to take a look at how we can ensure that Dockerfiles we create are of high quality and are following best practices in the industry.

Read more

AZURE DEVOPS AUDITING - PART 1 - OVERVIEW AND STREAMING TO AZURE MONITOR LOGS

Azure DevOps Auditing - overview and why you would use it Enable Azure DevOps Auditing Azure DevOps UI Azure DevOps REST API Overview of enabled Azure DevOps Auditing page Configure Azure DevOps log streaming to Azure Monitor logs Azure DevOps UI Azure DevOps REST API Accessing and querying Azure DevOps Audit logs with Log Analytics Additional resources Next steps In July 2019, as part of Sprint 154, Microsoft introduced support for auditing in Azure DevOps and this is a feature that you really should look into if you haven’t set it up or maybe haven’t heard about it yet.

Read more

MONITORING KUBERNETES API DEPRECATIONS WITH PLUTO

What is Pluto? Installing and Running Pluto In-cluster Helm Chart scanning CI/CD -> Azure DevOps CI/CD -> GitHub Actions Local files Alternative tools Additional resources If you’ve worked with Kubernetes for a while you should have seen that version lifecycle that Kubernetes has is pretty aggressive. Kubernetes is being actively developed which means that new releases come out pretty frequently - and all of us who are using Kubernetes, be it a managed or a self-hosted distribution, must adapt and adjust.

Read more

SETTING UP OAUTH 2.0 AUTHENTICATION FOR APPLICATIONS IN AKS WITH NGINX AND OAUTH2 PROXY

Introduction and use cases Setting up authentication with OAuth 2.0 Create OAuth2 Proxy application in Azure AD Configure NGINX Ingress Controller Configure and deploy OAuth2 Proxy Cookie Secret Create OAuth2 Proxy secrets in AKS cluster Deployment with Helm Can a single OAuth2 Proxy instance be used for multiple applications using different subdomains?

Read more

ACCELERATED NETWORKING FOR AKS NODES

What is Accelerated Networking and why use it in AKS? Network performance test with and without Accelerated Networking in AKS Linux nodes Windows nodes Enable Accelerated Networking for AKS nodes Additional resources In this blog post I would like to talk about Accelerated Networking, how it can improve internal communication inside an AKS cluster and how you can enable that for Linux and Windows AKS nodes.

Read more

CONTINUOUS DELIVERY TO AKS WITH AZURE DEVOPS ENVIRONMENTS - PART 2

Deploy application to AKS with ADO Environments Create Azure DevOps Environment and Kubernetes resource Update Access Control and Deployment Policies Create build pipeline with deployment stage Deploy and look around Workloads Services Automate migration of Kubernetes resources between Azure DevOps Environments Additional resources Welcome to Part 2 of blog post series on Continuous Delivery to Azure Kubernetes Service with Azure DevOps Environments!

Read more

CONTINUOUS DELIVERY TO AKS WITH AZURE DEVOPS ENVIRONMENTS - PART 1

What is an Azure DevOps Environment? Introduction Benefits of using ADO Environments (IMHO) Resource Grouping Tips One Environment representing all development/staging/production clusters One Environment representing one development/staging/production cluster One Environment representing one application deployed in development/staging/production cluster Next Steps In the first part of this blog series I would like to talk about Azure DevOps Environments, benefits of using it for deployment of applications to AKS or any other Kubernetes distribution (or even a VM), and provide a few tips and tricks for how ADO environments and resources can be created.

Read more