Posts

Azure Kubernetes Service (AKS) and Managed Identities

Image
In this blog I will be exploring the use of Azure Manged Identities in Azure Kubernetes Service (AKS).  We will then discuss how we can use managed identities according to security best practice. We will look at how we configure the managed identities for the AKS cluster so it can in turn manage other Azure resources.  We will explore how we can configure managed identities for our services/applications that are running on AKS so pods can reach out to other Azure services. Managed Identities Why are we using managed identities? The alternative is to use Service Principal accounts (SPNs). The issues with SPNs is you have a client secret which you have to manage and keep secure. Your cluster apps and services will need to access the SPNs you have created so this means potentially saving it in a few places so it is available to CI/CD pipelines. The secret attached to an SPN rotates so you need to ensure it is valid to ensure your cluster and services continue to run. Managed identi

Working with WSL and AKS

Image
Introduction I find I am working with  Azure Kubernetes Service (AKS) more and more recently and I thought I would share a few tips and snippets of code I have found useful. For reasons I will explain shortly I have started using the Windows Subsystem for Linux (WSL) as my main way of managing AKS.  If you are starting out with AKS I hope you will find some of these hints and tips useful. AKS is a fully managed Kubernetes service from Azure, if you want to find out more about AKS check out the material and video from Microsoft here  .  For the purpose of this document I am assuming you are familiar with AKS and have at least started to play around with it.   Commands There are some key commands you will need when working with AKS and kubectl you can find some of these on the first link below.  While working with AKS you will  be using other tools like Docker for creating and managing your container images.,  I have provided some key starter commands for this on the second link. Helm

Next-gen Cloud Operations

Image
Moving from a traditional Operations Role to a Cloud/DevOps Engineer Role If you are in an infrastructure or operations role and want to make the move to a new role perhaps Cloud/DevOps engineer or an SRE role ,  maybe your company is making changes which means your role is evolving then this article may help to identify some of the skills you need to make this move.   As you read about some of these tools and skills you need to learn you will see many that you may feel fit with a developer role not a operations engineer but keep reading and embrace the code.  Start Small Version Control Cloud Platform Infrastructure as code  CI/CD Pipelines Code Editing   Find a Buddy Embrace new tools Conclusion It is worth noting that you have a lots of valuable and important knowledge you will bring with you to any new role. All the areas we cared about before, as shown in the operabilty diagram below, we still care about now, you may be managing similar solutions and some new ones just with som

Terraform Functions - Part 4 - Advanced count and conditional expressions

Image
In the final part of this blog series we will bring together the  Terraform  count and conditional expression functions in a more complex deployment to expand on what we learnt in part 2 and part 3 .  We will deploy a Virtual Machine, using the conditional expression function to determine whether we should or shouldn't deploy a Public IP (PIP).  We use the count function to deploy multiple VMs, in part 2 of the blog series we used count to deploy a WebApp which was quite straightforward.  When deploying a VM we have related resources including NIC, PIPs and disks and we have to ensure we deploy the correct number of these and attach them to each VM resource. In part 1 we cover an overview of the blog series and some pre-requisites you will need to get started when working through the deployment steps in this blog series, if you haven't seen this information please review this  here  before you get started with the steps below.  This include the code you will need to follow a