Secure Jenkins worker nodes on Azure

Jenkins has two nifty plugins available to leverage the power of the Azure platform for on-demand worker nodes. -> Azure Container Instances -> Azure Virtual Machines In this blog post I want to quickly highlight to secure the access to Jenkins worker nodes running on Azure. The assumption is that your Jenkins CI master is running outside of Azure e.g. on-premises. When you are using Read more [...]

Updating the base image of a VMSS-based AKS cluster

Earlier this year I had written a blog post about updating the VMSS base image of an aks-engine cluster. -> https://www.danielstechblog.io/updating-the-base-image-of-an-vmss-aks-engine-cluster/ Today, we focus on Azure Kubernetes Service running with VMSS. Microsoft releases updates regularly to the AKS service and refreshes also the base image for the AKS worker nodes. -> https://github.com/azure/aks/releases This Read more [...]

Configuration options for CoreDNS in Azure Kubernetes Service

In my last blog post I have shown you the configuration of custom upstream nameservers for CoreDNS in AKS. -> https://www.danielstechblog.io/setting-custom-upstream-nameservers-for-coredns-in-azure-kubernetes-service/ But there are more configuration options available to customize your CoreDNS experience. We will focus at some of them today. First, let us have a look at the two options Read more [...]

AKS – Authentication issues real-time container logging solution

UPDATE 15.08.2019: The issue described here in my blog post has been resolved in the Azure docs with the following pull request. -> https://github.com/MicrosoftDocs/azure-docs/pull/37045 Back in June Microsoft announced an URL change affecting the Azure Monitor for containers real-time container logging solution. -> https://azure.microsoft.com/en-us/updates/azure-monitor-for-containers-updates-to-live-data-settings/ -> Read more [...]

Setting custom upstream nameservers for CoreDNS in Azure Kubernetes Service

Last year I have written a blog post about configuring kube-dns in Azure Kubernetes Service to provide a custom nameserver for DNS name resolution. -> https://www.danielstechblog.io/using-custom-dns-server-for-domain-specific-name-resolution-with-azure-kubernetes-service/ Since then Kubernetes switched to CoreDNS and AKS as well. Today I am not talking about the topic in my previous blog post, Read more [...]

Setting up Zsh with Oh My Zsh in Azure Cloud Shell

As you might know I recently switched jobs and now working primarily with a MacBook Pro at LeanIX. So, I am using the Zsh in my day to day work and wanted to have the same experience in Azure Cloud Shell as well. Per default the Azure Cloud Shell starts with a Bash environment, but also supports the Zsh. I have written a shell script to set up Oh My Zsh, kubectx, kubens, krew and Linkerd in Azure Read more [...]

Distribute Azure Kubernetes Service kubeconfig credentials

Last week I showed you the kubeconfig credentials distribution for AKS Engine. -> https://www.danielstechblog.io/distribute-aks-engine-kubeconfig-credentials/ In this blog post I walk you through the steps for Azure Kubernetes Service. The distribution of the kubeconfig credentials for an AKS cluster with AAD integration is a lot easier thanks to the following two built-in RBAC roles. -> Read more [...]

Distribute AKS Engine kubeconfig credentials

In my last blog post I showed you the integration of an AKS Engine cluster with Azure Active Directory. -> https://www.danielstechblog.io/using-an-aks-engine-cluster-with-azure-active-directory-integration/ Today we talk about the distribution of the kubeconfig credentials to our engineers and developers. You do not want to give them access via SSH to the AKS Engine master for two reasons. Read more [...]

Using an AKS Engine cluster with Azure Active Directory integration

As you might already know you can run an Azure Kubernetes Service cluster with Azure Active Directory integration for fine-grained RBAC role definitions. I have written a blog post about that awhile ago, if you need further information. -> https://www.danielstechblog.io/azure-kubernetes-service-and-azure-active-directory-integration/ Same as with AKS you can have AKS Engine clusters with Read more [...]

Tweaking data collection for Azure Monitor for containers

Recently Microsoft introduced silently some configurations options for the Azure Monitor for containers solution. As you might know the Azure Monitor for containers solution collects stdout, stderr and environment variables from AKS and AKS-engine clusters except from containers running in the kube-system namespace. If you want to use the new feature the minimum agent version that is required Read more [...]