Daniel's Tech Blog

Cloud Computing, Cloud Native & Kubernetes

Tag: Cloud

  • Use Azure Log Alerts with Azure Data Explorer

    Since July 2024, the Azure Log Alerts support for Azure Data Explorer is generally available, and you might be familiar with log alerts already by using them with Log Analytics or Application Insights. -> https://azure.microsoft.com/en-us/updates/?id=log-alerts-for-azure-data-explorer Hence, we will focus on specific configuration best practices and a hidden gem that allows you to easily write your…

  • Azure Data Explorer network access restrictions

    Azure Data Explorer offers several configuration options to restrict the network access to and from an Azure Data Explorer cluster. -> https://learn.microsoft.com/en-us/azure/data-explorer/security-network-restrict-public-access -> https://learn.microsoft.com/en-us/azure/data-explorer/security-network-restrict-outbound-access Today, we look into the options that still allow us to reach the Azure Data Explorer from the outside world and prevent data exfiltration by restricting the outbound access. Prevent data…

  • Use node initialization taints on Azure Kubernetes Service with Cilium

    On an Azure Kubernetes Service cluster with Bring Your Own Container Network Interface (BYOCNI) using Cilium, you could not use Cilium’s agent-not-ready taint functionality. -> https://docs.cilium.io/en/stable/installation/taints/ The reason for that is that the Azure control plane blocks add/remove operations on taints via the Kubernetes API. You have to remove taints via the Azure Kubernetes Service…

  • Deploy Azure DNS security policies via Terraform

    Today, I walk you through a new feature that has been released this year: Azure DNS security policies. -> https://azure.microsoft.com/en-us/updates?WT.mc_id=AZ-MVP-5000119&id=497535 Azure DNS security policies allow you to get insights into your DNS traffic at the Virtual Network level. The two main use cases for DNS security policies are blocking name resolution of known or malicious…

  • Restrict access to the IMDS endpoint on Azure Kubernetes Service with Cilium

    In today’s blog post, we take a look at restricting access to the Azure IMDS endpoint on an Azure Kubernetes Service (AKS) cluster with Cilium using the BYOCNI approach. The Instance Metadata Service (IMDS) endpoint, also known as short IMDS, can be called directly from every Azure VM or VMSS instance via the following command.…

  • How to send Cilium metrics to Azure Managed Prometheus

    In today’s blog post, I walk you through the setup on how to send Cilium metrics to Azure Managed Prometheus. Our setup covers two scenarios. The first one is an Azure Kubernetes Service cluster using Cilium via the BYOCNI (Bring Your Own CNI) option, and the second one is a K3s single node cluster running…

WordPress Cookie Notice by Real Cookie Banner