VALIDATING QUALITY OF HELM CHARTS WITH HELM LINT
Linting tools, aka linters, can help you write better and cleaner code early in the software development lifecycle. Linter is a tool that scans existing and new code for potential errors, bad and insecure patterns and violations of the respective programming language best practices. In most cases you can install a linter as an IDE extension so that you can get notified about potential issues during local development, long before the code is checked in to your source code base.
Read moreAZURE DEVOPS AUDITING - PART 1 - OVERVIEW AND STREAMING TO AZURE MONITOR LOGS
Azure DevOps Auditing - overview and why you would use it Enable Azure DevOps Auditing Azure DevOps UI Azure DevOps REST API Overview of enabled Azure DevOps Auditing page Configure Azure DevOps log streaming to Azure Monitor logs UI REST API Accessing and querying Azure DevOps Audit logs with Log Analytics Additional resources Next steps In July 2019, as part of Sprint 154, Microsoft introduced support for auditing in Azure DevOps and this is a feature that you really should look into if you havenβt set it up or maybe havenβt heard about it yet.
Read moreKRIS'S QUICK CUP OF (A)K8S #4 - HTTP APPLICATION ROUTING ADD-ON IN AKS
Normally if you were to expose an application running in AKS for external access, you would need multiple bits and pieces to be deployed and configured: Ingress Controller to ensure proper traffic routing and load balancing in an AKS cluster; Certificate management solution for automatic obtaining, provisioning, renewing and using of TLS certificates for applications running in AKS clusters; DNS zone and respective DNS records to expose applications on a specific URL for external access; This can be quite a lot to set up and will in some cases be an overhead for dev/test or playground AKS clusters.
Read moreKRIS'S QUICK CUP OF (A)K8S #3 - (CLUSTER)ROLE MANAGEMENT
One day I was going through Azure Policies for Kubernetes and suddenly saw an alert related to the following policy for one of the AKS clusters: Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities. What this basically means is that you shouldn’t have any accounts in your cluster that have been assigned a ClusterRole or Role with CAP_SYS_ADMIN capabilities.
Read moreMONITORING KUBERNETES API DEPRECATIONS WITH PLUTO
What is Pluto? Installing and Running Pluto In-cluster Helm Chart scanning CI/CD -> Azure DevOps CI/CD -> GitHub Actions Local files Alternative tools Additional resources If you’ve worked with Kubernetes for a while you should have seen that version lifecycle that Kubernetes has is pretty aggressive.
Read moreHOW TO OVERRIDE ASP.NET CORE APPLICATION RUNTIME VERSION
With release of .NET and .NET Core one significant change you may have noticed is the new version support lifecycle. .NET Framework LTS (long-time support) versions are normally supported for 5+ years by Microsoft but support lifecycle for .NET and .NET Core LTS versions has decreased to 3 years.
Read moreDETECT AND AVOID THIS CERTIFICATE VALIDATION TRAP IN .NET!
There is one scary property in .NET which, if misused or forgotten, can make your security champions tremble at nightβ¦πππ As scary as it sounds, the risk of forgetting or misusing the property is pretty serious and I’ve seen it multiple times sneaking into the source code as part of the pull request.
Read moreLOG IN TO MICROSOFT ENTRA ID WITHOUT ACTIVE SUBSCRIPTION FROM AZURE CLI
In some cases you may have an Microsoft Entra ID tenant that doesnβt have an active subscription connected to it but you would nevertheless want to log in to it from a command line for instance, with Azure CLI. You may want to perform actions like creating a Microsoft Entra ID Application for example.
Read moreRE-USING AZURE DEVOPS ENVIRONMENT EFFICIENTLY ACROSS MULTIPLE PIPELINES
Following up on the recent blog post series about Continuous Delivery to AKS with Azure DevOps Environments: π± Part 1 π± Part 2 I would like to share a simple but really useful way to re-use the same Azure DevOps Environment in multiple deployment stages across multiple pipelines. Normally if you want to deploy multiple applications to the same AKS cluster, you would specify a target Azure DevOps Environment by writing it’s name in environment property of deployment stage of every application:
Read moreSETTING UP OAUTH 2.0 AUTHENTICATION FOR APPLICATIONS IN AKS WITH NGINX AND OAUTH2 PROXY
Introduction and use cases Setting up authentication with OAuth 2.0 Create OAuth2 Proxy application in Microsoft Entra ID Configure NGINX Ingress Controller Configure and deploy OAuth2 Proxy Cookie Secret Create OAuth2 Proxy secrets in AKS cluster Deployment with Helm Can a single OAuth2 Proxy instance be used for multiple applications using different subdomains?
Read more