Tag: kubernetes
-
ABAC In Kubernetes
Attribute-based access control (ABAC) is a powerful feature in Kubernetes that allows administrators to define fine-grained permissions for users and groups. Unlike traditional role-based access control (RBAC), ABAC enables a more granular approach to specify what actions can and cannot be performed. However, implementing ABAC can become complex as modifications increase over time. This blog…
-
Mutability of FIPS on AKS
Introduction Your in compliance and tasked with identifying which microservice supported supports Federal Information Processing standards. Operations are dynamic and can change from supporting a business unit that might have this requirement, so what are you options if you have to revert and keep the cluster? Currently in Azure Kubernetes Service this has been capable…
-
Defender for Containers (CWPP)
If you’re managing production-grade workloads on a major cloud platform, it’s essential to assess your security framework, particularly as you shift towards microservices and orchestration. A key yet often overlooked solution in this space is Microsoft Defender for Containers. Part of the broader Microsoft Defender for Cloud, this tool provides critical visibility and protection for…
-
SpinKube WASM in Kubernetes
SpinKube is a new open-source project that is tailored to deploying WASM (WebAssembly) workloads on Kubernetes. SpinKube enhances the ability of scalability of WASM applications this tool allows integration with kubernetes primitives and use of conversion of application using the spin-plugin to make it effective conversion of YAML to interpret by the cluster and serve…
-
API Server VNET Integration
Connectivity in AKS If you’re running AKS in production you’ll likely encounter the private link scope and integration of leverage private DNS zones for putting the API server behind private IP’s rather than accessible on port 6443 or you should be doing this. But what about other options? Perhaps you’re spinning up a dev/test cluster…
-
Retina by Microsoft OSS
KubeCon 2024 in Europe has recently wrapped up this past week with some major announcements from various vendors one that stood out to me is the use of Retina. Microsoft released a open-source cloud-agnostic Kubernetes Network Observability platform this can provide a path to customizable telemetry. This telemetry has multiple options on where you’d like…
-
Exploring KEDA Scaling to Zero
Continuing experimentation on CNCF projects I’ve stumbled across one that is near and dear to the Microsoft Azure space since KEDA was introduced with some contributors from Microsoft and still has maintainers that are current as of this repo’s README.md. To understand further on what exactly KEDA is we start at the top of what…
-
KubeArmor Explored
KubeArmor is a cloud-native runtime security enforcement system that works with restricting behavior (this resides with execution, file access, and network operations) of pods, containers, and nodes (VM’s) at the system level. The way this tool works is by using Linux Security Modules which to no surprise are enamored in the Certified Kubernetes Security Specialist…
-
AKS Isitio Bring Your Own Certificate
Azure Kubernetes Service added the Istio-add-on to provide native function to the user without having to install an additional helm chart while this is managed by Microsoft a request for some of the areas from customers encompass areas that have more control over data protections. Natively the use of self-signed root certificates are generated and…
-
Azure ML on AKS with Trusted Access
Trusted Access which is in preview provides secure access to the Kubernetes API Server while granting services that are needed for operations without requiring a traditional (private-endpoint). This feature uses the system0assigned managed identity as a authentication mechanism as intermediary to access your AKS clusters. As always in any feature that is rolled out prior…