Update: 2021年08月14日 Reduce commands, gist for 4+ commands, fixes
So now you have your distributed application, monolith, or microservices packaged as a container and deployed to Kubernetes. Congratulations!
But now you need to have security, such as encrypted traffic and network firewalls, and for all of these secured services, you…
Updated: 2021–08–30 multi-line code to gist as hard to copy from Medium
In previous articles in this series, I covered how to publish end points for applications that are deployed on Kubernetes, ultimately detailing how to use Ingress resources with automation support for TLS certificates and updating DNS records. …
Security is an essential and a core part of operations and thus keeping secrets secured is vital. Unfortunately, for many an organization, this is often not a priority.
The lack of zeal toward managing secrets is likely related toward the complexity involved. Managing configuration artifacts have well established patterns using…
Recently, I wanted to do some work with Azure Kubernetes Service, but unfortunately, the command line tools with Azure CLI yields a traceback when doing anything with AKS. This is not the first time this has happened. …
External DNS is a Kubernetes addon that will automate updating DNS records when you deploy a Kubernetes application using an external load balancer (ingress or service).
This article demonstrates how to set all of this up using Terraform (terraform). …
This article covers provisioning a basic high-availability Kubernetes cluster with AKS (Amazon Kubernetes Service) using Terraform with the azurerm provider.
Previously, I covered how to do this using a shell script wrapper around Azure CLI. For this article, all cloud resources (Azure and Kubernetes) will be created with terraform.
This article covers configuring an AKS cluster with the Azure CNI network plugin.
The default network plugin that comes with a vanilla Kubernetes cluster, including AKS, is the kubenet:
Kubenet is a very basic, simple network plugin, on Linux only. It does not, of itself, implement more advanced features like…
The Azure AD Pod Identity allows you to configure access to cloud resources like DNS, Key Vault, ACR, or Blob Storage to Kubernetes pods.
In a previous article, I covered how use a managed identity, associated with the default node pool (VMSS) to allow access to an Azure DNS zone…
Last Updated: 2021年9月4日 Illustrations and code snippets to gists
The two most often neglected domains of cloud operations are security and o11y (observability). …
Network policies in Kubernetes are essentially firewalls for pods. By default, pods are accessible from anywhere with no protections. If you like to to use network policies, you’ll need to install a network plugin that supports this feature. …
