Reading Time: 4 minutesSo, you want to secure access to the kubernetes API server on your AKS cluster? Lucky for you that’s what this blog post is about. But first, why would you want to? The answer to that has to be security. By default, the Kubernetes API to manage your cluster is Read more
Reading Time: 5 minutesSo, in this short article, I am going to walk you through how I am scanning for vulnerabilities in my container images during the CI pipeline using Azure DevOps. For this, I am using Trivy https://github.com/aquasecurity/trivy by AQUA https://www.aquasec.com/. It’s an open-source simple and comprehensive vulnerability scanner for containers. Perfect Read more
Reading Time: 2 minutesYou may not know, but by default, AKS clusters are created with a service principal and that service principal has a one-year expiration time. Luckily there is an easy solution to update the credentials and this blog post is going to show you how to do it! Note: You will Read more
Reading Time: 3 minutesAzure Bastion has been out in preview for a few weeks now. So I thought now that the dust has settled I will share my thoughts about it. I was going to do a blog post on how to set it up, but the Microsoft docs and a lot of Read more
Reading Time: 4 minutesAt one of my meetups, I talked about Azure Security and how you can monitor your Active Directory’s security events cheaply using Azure Security Centre and Azure Log Analytics. There are a few prerequisites to this which I have pointed out below. I have not gone into the details about Read more
Reading Time: 3 minutesMicrosoft protects our AKS clusters by applying OS security and/or kernel updates automatically to the nodes in our cluster. You will find some of the updates will need a reboot to complete. As part of this patching, Microsoft does not reboot our nodes. You could do an AKS upgrade, this Read more
Reading Time: 4 minutesIn this article, I am going to show you how to Install Secure DevOps Kit for Azure (AzSK), do a scan against as subscription and then fix an issue using the recommendation. What is AzSK? Below is an overview of what AzSK is from their website. https://azsk.azurewebsites.net/README.html#overview The “Secure DevOps Read more
Reading Time: 3 minutesRecently at work I have been playing with Azure virtual machine scale sets (VMSS). On 03/04/2019 encryption of VMSS finally went GA! Using PowerShell and the Azure CLI you can now encrypt virtual machine scale sets. Prerequisites To be able to encrypt a VMSS you need to have a Key Read more
Reading Time: 2 minutesIt’s always good to keep an eye on your Azure subscriptions and what Role Based Access Control assignments you have. Doing this via the portal is a pain as you can have assignments at the subscription level, resource group level and resource level. Microsoft does have a tool to audit Read more
Reading Time: < 1 minuteYou may have read a previous blog post of mine https://pixelrobots.co.uk/2018/06/azure-subscription-selector/ regarding Azure Subscription selection. This post builds on that and takes it to a new level. The old Azure subscription selector used out-grid for you to select a subscription. This new one presents you with a menu inside the Read more