Post Overview

  • A quick look at azure/kubelogin

    I have talked about and demonstrated the use of kubelogin in previous posts and videos. Because I often get questions about logging on to Azure Kubernetes Services (AKS) integrated with Azure AD (AAD) in a non-interactive fashion, I decided to write this separate post about it. What is kubelogin? Kubelogin is a client-go credential plugin Read more

  • Building a GitHub Action with Docker

    Building a GitHub Action with Docker

    While I was investigating Kyverno, I wanted to check my Kubernetes deployments for compliance with Kyverno policies. The Kyverno CLI can be used to do that with the following command: kyverno apply ./policies –resource=./deploy/deployment.yaml To do this easily from a GitHub workflow, I created an action called gbaeke/kyverno-cli. The action uses a Docker container. It Read more

  • Using Kyverno for Kubernetes Policies

    Using Kyverno for Kubernetes Policies

    In an earlier blogpost, I wrote about Kubernetes Policies on Azure Kubernetes Service with the Azure Policy add-on. The add-on installs Gatekeeper v3 on AKS, which relies on Open Policy Agent to define your policies. Open Policy Agent is a general cloud-native solution for policy-based control, which goes beyond Kubernetes. Defining custom policies for OPA Read more

  • Distroless or scratch for Go apps?

    Distroless or scratch for Go apps?

    Business photo created by aopsan – http://www.freepik.com When I create docker images for a Go application, I often use the scratch image. Scratch is an empty image, so it is ideal for statically linked binaries that do not require libc. Go, Rust and other languages can compile to such binaries. Because I like the pattern Read more

  • Azure Policy for Kubernetes: Contraints and ConstraintTemplates

    Azure Policy for Kubernetes: Contraints and ConstraintTemplates

    In one on my videos on my YouTube channel, I talked about Kubernetes authentication and used the image below: To secure access to the Kubernetes API server, you need to be authenticated and properly authorized to do what you need to do. The third mechanism to secure access is admission control. Simply put, admission control Read more

  • Azure Kubernetes Service authentication with Azure AD

    Azure Kubernetes Service authentication with Azure AD

    If you have ever installed Kubernetes on your own hardware or you have worked with Kubernetes on the desktop with a tool like kind, you probably know that you need a config file that tells the Kubernetes CLI (kubectl) how to talk to the Kubernetes API server. It contains the address of the API server, Read more