Daniel's Tech Blog

Cloud Computing, Cloud Native & Kubernetes

Tag: Security

  • Using Azure Resource Graph to show ASC container image scan findings

    In my previous blog post I showed you how to connect your Azure Container Registries with Azure Security Center. -> https://www.danielstechblog.io/connecting-azure-container-registry-with-azure-security-center/ Today we talk about how to receive the scan results via Azure Resource Graph instead of using the Security Center UI path. You can submit your queries against the Resource Graph via the Azure…

  • Connecting Azure Container Registry with Azure Security Center

    Back in March Microsoft released the container image scanning solution in the Azure Security Center for the Azure Container Registry. -> https://azure.microsoft.com/en-us/updates/vulnerability-scanning-for-images-in-azure-container-registry-is-now-generally-available/ The container image scanning solution is powered by Qualys and seamlessly integrated into the Security Center UI. Connecting your Azure Container Registries with the Security Center requires ASC running in the Standard Tier.…

  • Secure Kubernetes API server access in Azure Kubernetes Service

    Running Kubernetes at a cloud provider especially managed Kubernetes like AKS or GKE provides you with a solid foundation and applied security best practices for the managed master control plane. But there is one downside, the public accessible API endpoint to control the Kubernetes cluster. Even the API endpoint is only exposed via HTTPS and…

  • Disable the Kubernetes dashboard on Azure Kubernetes Service

    A recently introduced change enables the capability to disable the Kubernetes dashboard on an AKS cluster. This is achieved by providing the Kubernetes dashboard as an AKS add-on like the Azure Monitor for containers integration, AKS virtual nodes or the HTTP application routing. I stumbled over that capability in the Terraform Azure provider documentation for…

  • AKS VMSS base image update script – multiple node pool support

    At the beginning of September, I have published a blog post about how to update the base image of a VMSS-based AKS cluster. -> https://www.danielstechblog.io/updating-the-base-image-of-a-vmss-based-aks-cluster/ On LinkedIn I had a good discussion with one of the AKS PMs about that and I want to highlight two things first. The shell script I have written directly…

  • Secure Jenkins worker nodes on Azure

    Jenkins has two nifty plugins available to leverage the power of the Azure platform for on-demand worker nodes. -> Azure Container Instances -> Azure Virtual Machines In this blog post I want to quickly highlight to secure the access to Jenkins worker nodes running on Azure. The assumption is that your Jenkins CI master is…

WordPress Cookie Notice by Real Cookie Banner