Tag Archives: Security

Distribute AKS Engine kubeconfig credentials

In my last blog post I showed you the integration of an AKS Engine cluster with Azure Active Directory. -> https://www.danielstechblog.io/using-an-aks-engine-cluster-with-azure-active-directory-integration/ Today we talk about the distribution of the kubeconfig credentials to our engineers and developers. You do not want to give them access via SSH to the AKS Engine master for two reasons. Read more [...]

Using an AKS Engine cluster with Azure Active Directory integration

As you might already know you can run an Azure Kubernetes Service cluster with Azure Active Directory integration for fine-grained RBAC role definitions. I have written a blog post about that awhile ago, if you need further information. -> https://www.danielstechblog.io/azure-kubernetes-service-and-azure-active-directory-integration/ Same as with AKS you can have AKS Engine clusters with Read more [...]

Updating the base image of an VMSS aks-engine cluster

In mid-February was a CVE for runc published and immediately patched on the major cloud provider platforms. -> https://seclists.org/oss-sec/2019/q1/119 -> https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/ -> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736 As an example if you were running an Azure Kubernetes Service cluster with Kubernetes version 1.12.4, you Read more [...]

Kubernetes network policies on Azure Kubernetes Service with Azure NPM

Microsoft provides an own network policy module to implement Kubernetes network policies with the Azure CNI plugin for acs-engine and AKS called Azure NPM. -> https://github.com/Azure/azure-container-networking/tree/master/npm The Azure NPM is available since quite some time for acs-engine and natively integrated, but not yet for AKS. If you want to use Azure NPM on Azure Kubernetes Service, Read more [...]

Azure Kubernetes Service and Azure Active Directory integration

Last week Microsoft announced the GA of Azure Kubernetes Service. Since then we can integrate Azure Active Directory with Azure Kubernetes Service. When enabling Azure Active Directory integration, AKS requires that RBAC is also enabled. A detailed configuration guide can be found in the Azure documentation. -> https://docs.microsoft.com/en-us/azure/aks/aad-integration Before you can make Read more [...]

Using ACS Engine to build private Kubernetes clusters with bring your own Virtual Network on Azure

Looking at Azure Container Service (AKS) – Managed Kubernetes you may have recognized that AKS currently does not support bring your own VNET and private Kubernetes masters. If you need both capabilities and one of them today, you must use ACS Engine to create the necessary Azure Resource Manager templates for the Kubernetes cluster deployment. -> https://github.com/Azure/acs-engine Beside Read more [...]

Deploying Application Security Groups with an Azure Resource Manager template

This month Microsoft launched the public preview of the Application Security Groups, short ASG, in all Azure regions. -> https://azure.microsoft.com/en-us/updates/public-preview-for-asg/ ASGs are like a security group and makes it easier to define an Azure Network Security Group rule set. You can join Azure VMs or to be more specific the Azure VM’s NIC to an ASG. In the next step you would Read more [...]

Link summary for guidance for mitigation and protection from Spectre and Meltdown on Windows Server, Hyper-V and Azure

From a security perspective the new year has started with a big bang. If you have lost the traction where you get the necessary information for guidance for mitigation and protection from Spectre and Meltdown on Windows Server, Hyper-V, and Azure, then have a look at the following link summary. Windows Server in general: Windows Server guidance to protect against speculative execution side-channel Read more [...]

Deploy the update management solution through an Azure Resource Manager template

In my last blog article, I talked about the update management solution in Azure and what the capabilities are. -> https://www.danielstechblog.io/keeping-azure-vms-date-update-management-solution/ Today we will have a look on how to deploy the update management solution through an Azure Resource Manager template. All what we need is to define the following Azure services in the template. Read more [...]

Keeping your Azure VMs up-to-date with the update management solution

Based on the Azure services Log Analytics and Azure Automation you can use three new capabilities in the Azure portal for your Azure VMs: inventory, change tracking, and update management. -> https://azure.microsoft.com/en-us/updates/update-management-inventory-and-change-tracking-are-available-in-azure-automation/ In this blog article I will talk about the update management solution. If you Read more [...]