Daniel's Tech Blog

Cloud Computing, Cloud Native & Kubernetes

Tag: Security

  • Updating the base image of an VMSS aks-engine cluster

    In mid-February was a CVE for runc published and immediately patched on the major cloud provider platforms. -> https://seclists.org/oss-sec/2019/q1/119 -> https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/ -> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736 As an example if you were running an Azure Kubernetes Service cluster with Kubernetes version 1.12.4, you just needed to upgrade the cluster to version 1.12.5 to have all agent nodes patched…

  • Kubernetes network policies on Azure Kubernetes Service with Azure NPM

    Microsoft provides an own network policy module to implement Kubernetes network policies with the Azure CNI plugin for acs-engine and AKS called Azure NPM. -> https://github.com/Azure/azure-container-networking/tree/master/npm The Azure NPM is available since quite some time for acs-engine and natively integrated, but not yet for AKS. If you want to use Azure NPM on Azure Kubernetes…

  • Azure Kubernetes Service and Azure Active Directory integration

    Last week Microsoft announced the GA of Azure Kubernetes Service. Since then we can integrate Azure Active Directory with Azure Kubernetes Service. When enabling Azure Active Directory integration, AKS requires that RBAC is also enabled. A detailed configuration guide can be found in the Azure documentation. -> https://docs.microsoft.com/en-us/azure/aks/aad-integration Before you can make use of the…

  • Using ACS Engine to build private Kubernetes clusters with bring your own Virtual Network on Azure

    Looking at Azure Container Service (AKS) – Managed Kubernetes you may have recognized that AKS currently does not support bring your own VNET and private Kubernetes masters. If you need both capabilities and one of them today, you must use ACS Engine to create the necessary Azure Resource Manager templates for the Kubernetes cluster deployment.…

  • Deploying Application Security Groups with an Azure Resource Manager template

    This month Microsoft launched the public preview of the Application Security Groups, short ASG, in all Azure regions. -> https://azure.microsoft.com/en-us/updates/public-preview-for-asg/ ASGs are like a security group and makes it easier to define an Azure Network Security Group rule set. You can join Azure VMs or to be more specific the Azure VM’s NIC to an…

  • Link summary for guidance for mitigation and protection from Spectre and Meltdown on Windows Server, Hyper-V and Azure

    From a security perspective the new year has started with a big bang. If you have lost the traction where you get the necessary information for guidance for mitigation and protection from Spectre and Meltdown on Windows Server, Hyper-V, and Azure, then have a look at the following link summary. Windows Server in general: Windows…

WordPress Cookie Notice by Real Cookie Banner