Automatic Azure Kubernetes Service (AKS) node Image updates

Reading Time: 3 minutes If you have been following along with my blog, you may have come across some previous posts about updating Azure Kubernetes Service (AKS).  One (https://pixelrobots.co.uk/2019/05/apply-os-updates-to-aks-nodes-without-an-upgrade/) talked about kured (KUbernetes REboot Daemon) by weaveworks  https://github.com/weaveworks/kured. The issue with this method is it only supported Linux Kubernetes nodes. So, your windows Kubernetes Read more…

Disable local user account (–admin) in Azure Kubernetes Service

Reading Time: 4 minutes Did you know that even when you have enabled Azure AD integration with your AKS cluster, a subscription Owner and Contributor can still access you AKS cluster with the -admin switch? In fact, anyone who is a member of the Azure Kubernetes Service Cluster Admin Role (https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#azure-kubernetes-service-cluster-admin-role) can. You were Read more…

Azure Kubernetes Service (AKS) node Image upgrade – Preview

Reading Time: 4 minutes You may have read my previous blog post on applying OS updates to your Azure Kubernetes Cluster (AKS) without doing a cluster upgrade https://pixelrobots.co.uk/2019/05/apply-os-updates-to-aks-nodes-without-an-upgrade/. This method used kured (KUbernetes REboot Daemon) by weaveworks  https://github.com/weaveworks/kured. This method installed some Kubernetes resources onto your cluster. This new method, which is still in Read more…

Use Trivy and Azure DevOps to scan container images for Vulnerabilities

Reading Time: 5 minutes So, in this short article, I am going to walk you through how I am scanning for vulnerabilities in my container images during the CI pipeline using Azure DevOps. For this, I am using Trivy https://github.com/aquasecurity/trivy by AQUA https://www.aquasec.com/. It’s an open-source simple and comprehensive vulnerability scanner for containers. Perfect Read more…