Daniel's Tech Blog

Cloud Computing, Cloud Native & Kubernetes

Tag: Security

  • Fluent Bit and Kata Containers on Azure Kubernetes Service

    In the past, I have written two blog posts about how to run untrusted workloads on Azure Kubernetes Service. -> https://www.danielstechblog.io/running-gvisor-on-azure-kubernetes-service-for-sandboxing-containers/ -> https://www.danielstechblog.io/using-kata-containers-on-azure-kubernetes-service-for-sandboxing-containers/ Today, I walk you through how you gather log data of an untrusted workload isolated by Kata Containers with Fluent Bit. When you hear isolated, it always comes to mind that only…

  • Using Kata Containers on Azure Kubernetes Service for sandboxing containers

    Last year I wrote a blog post about running gVisor on Azure Kubernetes for sandboxing containers. -> https://www.danielstechblog.io/running-gvisor-on-azure-kubernetes-service-for-sandboxing-containers/ Back then, the only managed Kubernetes service that supported sandboxing containers in dedicated node pools was Google Kubernetes Engine via gVisor. A few weeks back, Microsoft announced the public preview of Kata Containers for Azure Kubernetes Service.…

  • Running gVisor on Azure Kubernetes Service for sandboxing containers

    gVisor is one option beside Kata Containers or Firecracker for sandboxing containers to minimize the risk when running untrusted workloads on Kubernetes. -> https://gvisor.dev/ Currently, the only managed Kubernetes service which supports gVisor in dedicated node pools per default is Google Kubernetes Engine. But with a bit of an effort this is doable as well…

  • Using Conftest for Azure Policy for Kubernetes

    Conftest is a tool that lets you write tests against structure data like Kubernetes templates. -> https://www.conftest.dev/ So, why should you use Conftest when you already established your policies with Azure Policy for Kubernetes? As Azure Policy for Kubernetes uses Gatekeeper the OPA implementation for Kubernetes under the hood it uses Gatekeeper constraint templates written…

  • Azure Policy for Kubernetes – custom policies on Azure Arc enabled Kubernetes

    On September 1st Microsoft announced the public preview of the custom policy support for Azure Policy for AKS. -> https://azure.microsoft.com/en-us/updates/custom-aks-policy-support-now-public-preview/ I am already using the public preview on my AKS cluster and was curious about if this would work as well with Azure Arc enabled Kubernetes. The short answer is yes, but with some minor…

  • Cloud Native Club – Kubernetes Policies

    Last week I had the pleasure of being the guest of the fifth episode of the Cloud Native Club run by my former colleague Robin-Manuel Thiel. We talked about the topic Kubernetes policies covering the Open Policy Agent, Gatekeeper and Azure Policy for Kubernetes. The Cloud Native Club format is in German and hence no…

WordPress Cookie Notice by Real Cookie Banner