Daniel's Tech Blog

Cloud Computing, Cloud Native & Kubernetes

Tag: Security

  • Cilium’s IPsec performance on Azure Kubernetes Service BYOCNI

    After looking at Cilium’s transparent encryption performance for WireGuard and ztunnel on Azure Kubernetes Service BYOCNI, we now look at IPsec. -> https://www.danielstechblog.io/an-experiment-enable-cilium-native-routing-on-azure-kubernetes-service-byocni-part-2/ -> https://www.danielstechblog.io/cilium-ztunnel-native-mtls-for-cilium-on-azure-kubernetes-service-byocni/ As in the tests before, the MTU has been left untouched. In other words, jumbo frames have not been used. Set up IPsec in Cilium Similar to the ztunnel encryption…

  • Cilium ztunnel – native mTLS for Cilium on Azure Kubernetes Service BYOCNI

    At KubeCon Europe 2026, the Cilium project announced native mTLS support for Cilium via ztunnel. -> https://cilium.io/blog/2026/03/23/native-mtls-cilium/ Cilium’s ztunnel implementation is a fork of Istio’s ztunnel, reengineered to directly integrate it with the Cilium control plane and SPIRE as a certificate authority. Bringing ztunnel to Cilium is a joint effort by Isovalent and Microsoft. In…

  • Azure Data Explorer network access restrictions

    Azure Data Explorer offers several configuration options to restrict the network access to and from an Azure Data Explorer cluster. -> https://learn.microsoft.com/en-us/azure/data-explorer/security-network-restrict-public-access -> https://learn.microsoft.com/en-us/azure/data-explorer/security-network-restrict-outbound-access Today, we look into the options that still allow us to reach the Azure Data Explorer from the outside world and prevent data exfiltration by restricting the outbound access. Prevent data…

  • Deploy Azure DNS security policies via Terraform

    Today, I walk you through a new feature that has been released this year: Azure DNS security policies. -> https://azure.microsoft.com/en-us/updates?WT.mc_id=AZ-MVP-5000119&id=497535 Azure DNS security policies allow you to get insights into your DNS traffic at the Virtual Network level. The two main use cases for DNS security policies are blocking name resolution of known or malicious…

  • Restrict access to the IMDS endpoint on Azure Kubernetes Service with Cilium

    In today’s blog post, we take a look at restricting access to the Azure IMDS endpoint on an Azure Kubernetes Service (AKS) cluster with Cilium using the BYOCNI approach. The Instance Metadata Service (IMDS) endpoint, also known as short IMDS, can be called directly from every Azure VM or VMSS instance via the following command.…

  • Identifying values for the Azure Policy field parameter

    In Azure, you can use Azure Policy with its field parameter to check for or enforce certain Azure resource configurations. For instance, the built-in policy “Allowed virtual machine size SKUs” uses the field parameter to restrict the available VM SKUs. This is especially useful for not accidentally provisioning very expensive VM SKUs like the ones…

WordPress Cookie Notice by Real Cookie Banner