Daniel's Tech Blog

Cloud Computing, Cloud Native & Kubernetes

Tag: Networking

  • Use Azure Log Alerts with Azure Data Explorer

    Since July 2024, the Azure Log Alerts support for Azure Data Explorer is generally available, and you might be familiar with log alerts already by using them with Log Analytics or Application Insights. -> https://azure.microsoft.com/en-us/updates/?id=log-alerts-for-azure-data-explorer Hence, we will focus on specific configuration best practices and a hidden gem that allows you to easily write your…

  • Azure Data Explorer network access restrictions

    Azure Data Explorer offers several configuration options to restrict the network access to and from an Azure Data Explorer cluster. -> https://learn.microsoft.com/en-us/azure/data-explorer/security-network-restrict-public-access -> https://learn.microsoft.com/en-us/azure/data-explorer/security-network-restrict-outbound-access Today, we look into the options that still allow us to reach the Azure Data Explorer from the outside world and prevent data exfiltration by restricting the outbound access. Prevent data…

  • Deploy Azure DNS security policies via Terraform

    Today, I walk you through a new feature that has been released this year: Azure DNS security policies. -> https://azure.microsoft.com/en-us/updates?WT.mc_id=AZ-MVP-5000119&id=497535 Azure DNS security policies allow you to get insights into your DNS traffic at the Virtual Network level. The two main use cases for DNS security policies are blocking name resolution of known or malicious…

  • Restrict access to the IMDS endpoint on Azure Kubernetes Service with Cilium

    In today’s blog post, we take a look at restricting access to the Azure IMDS endpoint on an Azure Kubernetes Service (AKS) cluster with Cilium using the BYOCNI approach. The Instance Metadata Service (IMDS) endpoint, also known as short IMDS, can be called directly from every Azure VM or VMSS instance via the following command.…

  • Provide additional metadata information to Cilium for IP addresses outside of the Kubernetes cluster scope

    In Cilium, IP addresses that do not belong to the Pod CIDR or Kubernetes Service CIDR range, and some special ranges like the Kubernetes API server, are recognized as the reserved:world identity. So, to say they do not belong to the Kubernetes cluster scope, known to Cilium itself. -> https://docs.cilium.io/en/stable/gettingstarted/terminology/#special-identities When you start using DNS-based…

  • Azure Load Balancer Health Event Logs

    In February, Microsoft announced the general availability of the Azure Load Balancer health event logs. -> https://azure.microsoft.com/en-us/updates?WT.mc_id=AZ-MVP-5000119&id=481818 Those health event logs are part of the diagnostic logs of an Azure Load Balancer As seen in the screenshot above, I have configured them on the Azure Load Balancer, part of my Azure Kubernetes Service cluster, and…

WordPress Cookie Notice by Real Cookie Banner