Daniel's Tech Blog

Cloud Computing, Cloud Native & Kubernetes

Tag: Security

  • Updating the base image of a VMSS-based AKS cluster

    Earlier this year I had written a blog post about updating the VMSS base image of an aks-engine cluster. -> https://www.danielstechblog.io/updating-the-base-image-of-an-vmss-aks-engine-cluster/ Today, we focus on Azure Kubernetes Service running with VMSS. Microsoft releases updates regularly to the AKS service and refreshes also the base image for the AKS worker nodes. -> https://github.com/azure/aks/releases This week I…

  • Distribute Azure Kubernetes Service kubeconfig credentials

    Last week I showed you the kubeconfig credentials distribution for AKS Engine. -> https://www.danielstechblog.io/distribute-aks-engine-kubeconfig-credentials/ In this blog post I walk you through the steps for Azure Kubernetes Service. The distribution of the kubeconfig credentials for an AKS cluster with AAD integration is a lot easier thanks to the following two built-in RBAC roles. -> Azure…

  • Distribute AKS Engine kubeconfig credentials

    In my last blog post I showed you the integration of an AKS Engine cluster with Azure Active Directory. -> https://www.danielstechblog.io/using-an-aks-engine-cluster-with-azure-active-directory-integration/ Today we talk about the distribution of the kubeconfig credentials to our engineers and developers. You do not want to give them access via SSH to the AKS Engine master for two reasons. First,…

  • Using an AKS Engine cluster with Azure Active Directory integration

    As you might already know you can run an Azure Kubernetes Service cluster with Azure Active Directory integration for fine-grained RBAC role definitions. I have written a blog post about that awhile ago, if you need further information. -> https://www.danielstechblog.io/azure-kubernetes-service-and-azure-active-directory-integration/ Same as with AKS you can have AKS Engine clusters with AAD integration as well.…

  • Updating the base image of an VMSS aks-engine cluster

    In mid-February was a CVE for runc published and immediately patched on the major cloud provider platforms. -> https://seclists.org/oss-sec/2019/q1/119 -> https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/ -> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736 As an example if you were running an Azure Kubernetes Service cluster with Kubernetes version 1.12.4, you just needed to upgrade the cluster to version 1.12.5 to have all agent nodes patched…

  • Kubernetes network policies on Azure Kubernetes Service with Azure NPM

    Microsoft provides an own network policy module to implement Kubernetes network policies with the Azure CNI plugin for acs-engine and AKS called Azure NPM. -> https://github.com/Azure/azure-container-networking/tree/master/npm The Azure NPM is available since quite some time for acs-engine and natively integrated, but not yet for AKS. If you want to use Azure NPM on Azure Kubernetes…

WordPress Cookie Notice by Real Cookie Banner