Post Overview

  • Azure App Services with Private Link

    Azure App Services with Private Link

    In one of my videos on my YouTube channel, I discuss Azure App Services with Private Link. The video describes how it works and provides an example of deploying the infrastructure with Bicep. The Bicep templates are on GitHub. If you want to jump straight to the video, here it is: In the rest of… Read more

  • A quick look at azure/kubelogin

    I have talked about and demonstrated the use of kubelogin in previous posts and videos. Because I often get questions about logging on to Azure Kubernetes Services (AKS) integrated with Azure AD (AAD) in a non-interactive fashion, I decided to write this separate post about it. What is kubelogin? Kubelogin is a client-go credential plugin… Read more

  • Building a GitHub Action with Docker

    Building a GitHub Action with Docker

    While I was investigating Kyverno, I wanted to check my Kubernetes deployments for compliance with Kyverno policies. The Kyverno CLI can be used to do that with the following command: kyverno apply ./policies –resource=./deploy/deployment.yaml To do this easily from a GitHub workflow, I created an action called gbaeke/kyverno-cli. The action uses a Docker container. It… Read more

  • Using Kyverno for Kubernetes Policies

    Using Kyverno for Kubernetes Policies

    In an earlier blogpost, I wrote about Kubernetes Policies on Azure Kubernetes Service with the Azure Policy add-on. The add-on installs Gatekeeper v3 on AKS, which relies on Open Policy Agent to define your policies. Open Policy Agent is a general cloud-native solution for policy-based control, which goes beyond Kubernetes. Defining custom policies for OPA… Read more

  • Distroless or scratch for Go apps?

    Distroless or scratch for Go apps?

    Business photo created by aopsan – http://www.freepik.com When I create docker images for a Go application, I often use the scratch image. Scratch is an empty image, so it is ideal for statically linked binaries that do not require libc. Go, Rust and other languages can compile to such binaries. Because I like the pattern… Read more

  • Azure Policy for Kubernetes: Contraints and ConstraintTemplates

    Azure Policy for Kubernetes: Contraints and ConstraintTemplates

    In one on my videos on my YouTube channel, I talked about Kubernetes authentication and used the image below: To secure access to the Kubernetes API server, you need to be authenticated and properly authorized to do what you need to do. The third mechanism to secure access is admission control. Simply put, admission control… Read more