containers

As per official documentation “Azure AD Workload Identity for Kubernetes integrates with the capabilities native to Kubernetes to federate with external identity providers”. In other words, workload identity for Kubernetes is about establishing a trust relationship between some service accounts, whose tokens are issued by the Kubernetes cluster identity provider, and service principals in Microsoft Entra ID (a.k.a. Azure AD). After a one-time setup of the cluster, all you need to do is to establish some “federated credentials” on the Entra ID side by configuring an app to trust an external identity provider....

The source code you find in this repository is evaluating healthiness of the system based on the exceptions raised by the SubscriptionClient of Azure Service Bus C# SDK. These exceptions can be transient, therefore retryable, or not. For the C# SDK, the default RetryExponential policy, inherits from the abstract class RetryPolicy. If an exception is transient, it will be retried following the defined policy, otherwise it will be immediately thrown....

Virtual Network service endpoints allow you to secure some critical Azure services to only specific virtual networks. There is a limitation, though: you can’t use endpoints for traffic from your premises to Azure services. Right now, if you want to allow traffic from on-premises, you must also allow public IP addresses from your on-premises. In this article you will find out how to allow your communications to securely go through your VPN by using Envoy as a proxy....

When you use Microsoft-hosted Linux agents, you can create Linux container images for the x64 architecture only (no ARM, no x86). In order to create IoT Edge modules for other architectures (i.e. ARM), you can use a machine emulator such as QEMU. Here there is how. First of all, let’s create a Azure DevOps Pipeline based on the following YAML schema: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 trigger: - master pool: vmImage: 'ubuntu-latest' steps: #Exporting the module version from module....

Mounting Azure File Shares on AKS using the Azure Files volume type doesn’t enable support for symlinks. You can fix this with a very simple tweak. Based on the discoveries of the great Lawrence Gripper, I recently discovered that a CIFS mount in Ubuntu is not enabling by default the support for symlinks. Therefore, in order to mount an share with the symlink support you have to create a PersistentVolume like this:...

Any organization should plan to rotate keys. The bad news is that no one is doing that, the good news is that it is really simple to securely refresh storage keys and use temporary shared access signatures in a Kubernetes cluster using Key Vault and Azure Functions. There are a lot of security benefits in key rotation. Imagine that your master key has been compromised or imagine that an unauthorized employee had access to that key....

The API Server is one of the fundamental component of a Kubernetes cluster. All operations and communications between components, and external user commands are REST API calls that the API Server handles. Let’s try to understand how to authenticate and authorize the Kubernetes API with Azure Active Directory and Kubernetes RBAC. The aim of this post is to explain you how to: Deploy an AAD integrated Kubernetes Cluster Create a Secret and ServiceAccount, Role and RoleBinding in order to access only that secret Run a Node....

If you are using IIS as a Web Server to host your ASP.NET Website, you are doing it inside a Windows Server Core based container and you are reading this article, maybe you want to use HTTPS to allow secure connections to it. Use HTTPS within an ASP.NET container Assuming you are using the microsoft/aspnet base image and you have your pfx ready, in order to achieve your goal, you have to follow three simple steps:...