Daniel's Tech Blog

Cloud Computing, Cloud Native & Kubernetes

Tag: Public Cloud

  • Use Azure Log Alerts with Azure Data Explorer

    Since July 2024, the Azure Log Alerts support for Azure Data Explorer is generally available, and you might be familiar with log alerts already by using them with Log Analytics or Application Insights. -> https://azure.microsoft.com/en-us/updates/?id=log-alerts-for-azure-data-explorer Hence, we will focus on specific configuration best practices and a hidden gem that allows you to easily write your…

  • Azure Data Explorer network access restrictions

    Azure Data Explorer offers several configuration options to restrict the network access to and from an Azure Data Explorer cluster. -> https://learn.microsoft.com/en-us/azure/data-explorer/security-network-restrict-public-access -> https://learn.microsoft.com/en-us/azure/data-explorer/security-network-restrict-outbound-access Today, we look into the options that still allow us to reach the Azure Data Explorer from the outside world and prevent data exfiltration by restricting the outbound access. Prevent data…

  • Restrict access to the IMDS endpoint on Azure Kubernetes Service with Cilium

    In today’s blog post, we take a look at restricting access to the Azure IMDS endpoint on an Azure Kubernetes Service (AKS) cluster with Cilium using the BYOCNI approach. The Instance Metadata Service (IMDS) endpoint, also known as short IMDS, can be called directly from every Azure VM or VMSS instance via the following command.…

  • How to restore a container image from an Azure Kubernetes Service node to an Azure Container Registry?

    Imagine a specific version of your container image used for your application has been deleted from your Azure Container Registry. It cannot be restored for whatever reason through your CI/CD pipeline, and you still need this version. How can you restore that specific version when you still have a running pod on one of the…

  • Kubernetes namespace exclusion options for Kyverno policies

    During my preparation for the Kyverno Certified Associate exam, I hit an interesting part that I would like to talk about today. Which options do we have to exclude entire namespaces from Kyverno policies? Depending on what we want to achieve, we have three different options at hand to accomplish our goal. Option 1 –…

  • Use an Azure Managed Identity for Fluent Bit’s Azure Data Explorer output plugin on Azure Kubernetes Service

    The new Fluent Bit version 4 contains an interesting new feature for the Azure Data Explorer output plugin. Besides the standard option of using an Azure Service Principal for authentication, it now additionally supports an Azure Managed Identity for authentication. Azure_kusto (Output) azure managed identity support added (#10036) -> https://fluentbit.io/announcements/v4.0.0/ -> https://github.com/fluent/fluent-bit/pull/10036 Azure Managed Identities…

WordPress Cookie Notice by Real Cookie Banner