Daniel's Tech Blog

Cloud Computing, Cloud Native & Kubernetes

Tag: Security

  • Azure Kubernetes Service – Azure RBAC for Kubernetes authorization

    At this year’s Ignite conference Microsoft announced the next major step of integrating Azure functionality into AKS: Azure RBAC for Kubernetes authorization. -> https://docs.microsoft.com/en-us/azure/aks/manage-azure-rbac Azure RBAC for Kubernetes authorization lets you assign built-in or custom roles onto the Azure Kubernetes Service object in Azure. So, you do not have to create Kubernetes roles and role…

  • Azure Policy for Azure Kubernetes Service

    In June I already covered Azure Policy for Kubernetes in a blog post. -> https://www.danielstechblog.io/using-azure-policy-for-kubernetes/ Back then Azure Policy for AKS was in public preview. At this year’s Microsoft Ignite Azure Policy for AKS went GA. -> https://azure.microsoft.com/en-us/updates/ga-policy-addon-for-azure-kubernetes-service/ There have been some significant changes between the public preview and the GA version. First, let us…

  • Trigger an on-demand Azure Policy compliance evaluation scan

    Azure Policy evaluates resource compliance automatically every 24 hours for already assigned policies or initiatives. New policy or initiative assignments start the evaluation after the assignment has been applied to the defined scope which might take up to 30 minutes. What might be a hidden gem to some of you is the case that you…

  • Using distroless images in Istio on Azure Kubernetes Service

    Looking at Docker Hub Istio provides the option using distroless images since version 1.3.0. As it is always a good idea on a Kubernetes cluster to reduce the attack surface, especially when running a managed Kubernetes cluster like Azure Kubernetes Service, using distroless images is one option of it. Per default Istio does not use…

  • Upgrading the node image of an Azure Kubernetes Service cluster

    Last year I have written a shell script to update the VMSS base image of an Azure Kubernetes Service cluster. -> https://www.danielstechblog.io/updating-the-base-image-of-a-vmss-based-aks-cluster/ -> https://www.danielstechblog.io/aks-vmss-base-image-update-script-multiple-node-pool-support/ As I am using the VMSS API and not the AKS API it was not an officially supported way to update the VMSS base image. But on the other hand, it…

  • Using Azure Policy for Kubernetes

    In my last blog post I mentioned that the next topic is about Azure Policy in combination with Azure Arc enabled Kubernetes. I decided to write about Azure Policy for Kubernetes instead covering Azure Kubernetes Service and Azure Arc enabled Kubernetes. As Azure Policy for Kubernetes is based on the Open Policy Agent Gatekeeper implementation,…

WordPress Cookie Notice by Real Cookie Banner