Category: General
-
Optimize your Azure Function PowerShell run duration in the consumption plan
Since PowerShell is available on Azure Functions this is the way to go for automating things in Azure. Especially running the function in the consumption plan and with a managed identity enabled. Per default an Azure Function in the consumption plan is restricted to a run duration of 5 minutes but can be extended to…
-
Switching to Istio CNI plugin on Azure Kubernetes Service
You might question yourself, why the switch to the Istio CNI plugin might be useful? Istio uses, and other services meshes too, an init container to adjust the iptables rules for redirecting network traffic to/from the sidecar proxy container. The init container uses NET_ADMIN and NET_RAW capabilities to do the iptables changes and thus has…
-
Using Azure Resource Graph to show ASC container image scan findings
In my previous blog post I showed you how to connect your Azure Container Registries with Azure Security Center. -> https://www.danielstechblog.io/connecting-azure-container-registry-with-azure-security-center/ Today we talk about how to receive the scan results via Azure Resource Graph instead of using the Security Center UI path. You can submit your queries against the Resource Graph via the Azure…
-
Connecting Azure Container Registry with Azure Security Center
Back in March Microsoft released the container image scanning solution in the Azure Security Center for the Azure Container Registry. -> https://azure.microsoft.com/en-us/updates/vulnerability-scanning-for-images-in-azure-container-registry-is-now-generally-available/ The container image scanning solution is powered by Qualys and seamlessly integrated into the Security Center UI. Connecting your Azure Container Registries with the Security Center requires ASC running in the Standard Tier.…
-
Speaking at Global Azure Bootcamp 2020 Virtual – Cologne
Unfortunately, the in person event of the Global Azure Bootcamp 2020 Cologne is postponed due to the Corona virus pandemic. But the team worked hard behind the scenes and announced last week that the event will be held virtually. I am happy to be part of the Global Azure Bootcamp 2020 Virtual – Cologne on…
-
Terraform – Upgrading AKS Kubernetes version does not upgrade node pools
If you experience during an AKS Kubernetes version upgrade that only the control plane got upgraded, you are certainly using the Terraform Azure provider in version 1.40.0 or higher. -> https://github.com/terraform-providers/terraform-provider-azurerm/issues/5541 A current workaround is a null_resource with a trigger on the Kubernetes version and running a Bash script with the local-exec provisioner. So, you…