Whitelist Ingress Access into AKS Clusters
If you read my last post on setting up ExternalDNS and CertManager on AKS you may have noticed that ingress to published services is open to Internet traffic. In this post I’ll look at two simple ways to lock down services so that only specific addresses have ingress access. First we’ll cover how to setup a network security group on the agent pool subnet to limit access and then we’ll take a look at some features of NGINX that offer a bit more flexibility to who has access to what. We’ll also look at some changes we’ll need to make to cert-manager once ingress is locked down.
Automate DNS and SSL Certificates on AKS
In a recent project I was asked to configure Kubernetes so that it could create and manage DNS records automatically. This automatic management comes via Ingress objects created in Kubernetes. Hostnames specified in ingress objects automatically get DNS records created. This is exactly what the Kubernete’s project ExternalDNS does. Unfortuately, even though there is a section for configuring it on Azure, it wasn’t straightforward to get working. This post walks through getting it up and running and also demonstrates its usage in Azure Government.
Creating Jekyll Category Pages on GitHub
In this Post we’ll look at how to create some simple Category pages using Jekyll on GitHub Pages with GitHub’s default set of plugins. GitHub Pages supports a limited subset of Jekyll plugins and unfortunately this list doesn’t contain plugins like jekyll-category-pages or jekyll-archives which would make building category pages easier. We can, however, get category pages on GitHub with just a little added effort so keep reading.
Adding Auditd Logs to Azure Log Analytics
In my last post entitled Forwarding Syslog to Azure Log Analytics we setup our Linux VMs to send Syslog data for centralized collection to Azure Log Analytics. This allowed us to capture all our Syslog data as well as setup alerts for anomalous behavior in our logs. In this post we want to take it a step further and add auditd to our Linux VMs and setup some very specific auditing rules around file access and modifications and send those to Log Analytics as well.
Forwarding Syslog to Azure Log Analytics
I was recently tasked with coming up with a solution that enabled several different types of information related to Azure VMs to be collected and reported on. Types of information included application logs, operating system logs and Azure activity logs. Readers of this blog may not know that Azure has a product called Log Analytics that is similar to Splunk (except for the cost) that can capture and report on just about any kind of logs you can imagine. In this post we’ll take a look at what goes into getting syslog information into Log Analytics and then running some basic queries against those logs.
IO Performance in Azure Explained
I recently had a customer ask several questions about what IOPS and max throughput mean and how they could increase throughput so that their backup restore process in Azure would take less time. In this post we’ll look at how we can estimate our max throughput and IOPS based on VM size and disk configuration. Additionally, we’ll also look at ways to improve performance without increasing costs.
Migrating a non-HyperV VM to Azure
Let’s have some fun in this post moving a virtual machine from VirtualBox on MacOS to Azure. This can be a little tricky because not only do you have to prep the VM as you normally would for Azure but you also have to package up the HyperV modules so you can be used at boot time once moved. Personally, I would recommend Infrastructre as Code (IaC) and configuration management software typically for this kind of thing, however, sometimes that’s not an option so in this post we’ll look at moving a VM from MacOS (no HyperV) to Azure (HyperV) and what it takes to get there.