Post Overview

  • Azure Policy: Kubernetes pod security baseline explained

    Azure Policy: Kubernetes pod security baseline explained

    When you deploy Azure Kubernetes Service (AKS) in an enterprise context, you will probably be asked about policies that can be applied to AKS for compliance and security. In this post, we will discuss Azure Policy for Kubernetes briefly and then proceed to explaining a group of policies that implement baseline security settings. Azure Policy… Read more

  • Deploying Helm Charts with Azure DevOps pipelines

    Deploying Helm Charts with Azure DevOps pipelines

    I recently uploaded a video to my YouTube channel about this topic: In this post, I will provide some more information about the pipelines. Again, many thanks to this post on which the solution is based. The YAML pipelines can be found in my go-template repository. The application is basically a starter template to create… Read more

  • Kubernetes Canary Deployments with GitHub Actions

    Kubernetes Canary Deployments with GitHub Actions

    In the previous post, we looked at some of the GitHub Actions you can use with Microsoft Azure. One of those actions is the azure/k8s-deploy action which is currently at v1.4 (January 2021). To use that action, include the following snippet in your workflow: The above snippet uses baked manifests from an earlier azure/k8s-bake action… Read more

  • A look at GitHub Actions for Azure and AKS deployments

    A look at GitHub Actions for Azure and AKS deployments

    In the past, I wrote about using Azure DevOps to deploy an AKS cluster and bootstrap it with Flux v2, a GitOps solution. In an older post, I also described bootstrapping the cluster with Helm deployments from the pipeline. In this post, we will take a look at doing the above with GitHub Actions. Along… Read more

  • AKS Pod Identity with the Azure SDK for Go

    In an earlier post, I wrote about the use of AKS Pod Identity (Preview) in combination with the Azure SDK for Python. Although that works fine, there are some issues with that solution: the container image is around 1GB, which is quite large (it is based on tiangolo/uvicorn-gunicorn-fastapi:python3.7) as expected, the image contains many vulnerabilities… Read more

  • Managed Identity on Azure Arc Servers

    When you install the Azure Arc agent on any physical or virtual server, either Windows or Linux, the machine suddenly starts living in a cloud world: it appears in the Azure Portal you can apply resource tags you can check for security and regulatory compliance with Azure Policy you can enable Update management and much,… Read more