Daniel's Tech Blog

Cloud Computing, Cloud Native & Kubernetes

Tag: Security

  • Cloud Native Club – Kubernetes Policies

    Last week I had the pleasure of being the guest of the fifth episode of the Cloud Native Club run by my former colleague Robin-Manuel Thiel. We talked about the topic Kubernetes policies covering the Open Policy Agent, Gatekeeper and Azure Policy for Kubernetes. The Cloud Native Club format is in German and hence no…

  • Evaluating Gatekeeper policies with the Rego Playground

    Writing and evaluating Gatekeeper policies can be hard sometimes. Especially the testing part of a newly created policy. There are different approaches to tackle this like having a dedicated test Kubernetes cluster for it. An alternative we used was a script starting a single node KinD cluster on Docker for Mac and installing Gatekeeper onto…

  • Azure Kubernetes Service – Azure RBAC for Kubernetes authorization

    At this year’s Ignite conference Microsoft announced the next major step of integrating Azure functionality into AKS: Azure RBAC for Kubernetes authorization. -> https://docs.microsoft.com/en-us/azure/aks/manage-azure-rbac Azure RBAC for Kubernetes authorization lets you assign built-in or custom roles onto the Azure Kubernetes Service object in Azure. So, you do not have to create Kubernetes roles and role…

  • Azure Policy for Azure Kubernetes Service

    In June I already covered Azure Policy for Kubernetes in a blog post. -> https://www.danielstechblog.io/using-azure-policy-for-kubernetes/ Back then Azure Policy for AKS was in public preview. At this year’s Microsoft Ignite Azure Policy for AKS went GA. -> https://azure.microsoft.com/en-us/updates/ga-policy-addon-for-azure-kubernetes-service/ There have been some significant changes between the public preview and the GA version. First, let us…

  • Trigger an on-demand Azure Policy compliance evaluation scan

    Azure Policy evaluates resource compliance automatically every 24 hours for already assigned policies or initiatives. New policy or initiative assignments start the evaluation after the assignment has been applied to the defined scope which might take up to 30 minutes. What might be a hidden gem to some of you is the case that you…

  • Using distroless images in Istio on Azure Kubernetes Service

    Looking at Docker Hub Istio provides the option using distroless images since version 1.3.0. As it is always a good idea on a Kubernetes cluster to reduce the attack surface, especially when running a managed Kubernetes cluster like Azure Kubernetes Service, using distroless images is one option of it. Per default Istio does not use…

WordPress Cookie Notice by Real Cookie Banner