Secrets in Kubernetes are not really secret. You should store all your cloud-related secrets in a vault anyway, so why not access this vault from your Kubernetes cluster. If you are using Azure, Azure KeyVault is the most logical place to store your secrets. This blogpost tells you how to access the KeyVault from an ASP.NET Core application running on AKS.
More and more people are using the Azure CLI to provision resources on Azure. Since my blogpost about the Azure CLI, I received so many reactions of people who are using the Azure CLI now. It’s readable, easy and is idempotent. Sometimes you want to use the more advanced syntax. This blog post is a collection of Azure CLI Commands and bash scripts that took me more time then I wanted and collect them so it doesn’t take you that much time (and me as well, next time 🙂 ). I will add to this blogpost if necessary.
The password of a Service Principal configured in Azure DevOps in a Service Connection is a secret and hidden. But it’s fairly easy to get the password of a Service Principal in Azure DevOps. It’s not a security bug or a backdoor. It’s a side effect and by design. It looks like leaving the keys in the keyhole. This blogpost tells you how to get the password. As soon as you can use Service Principal credentials, it’s possible to connect to Azure from any laptop, you don’t have to be using a laptop in the same domain as the company. An additional advantage is that you can use the tools you love and that make you productive.
Now Git, the Azure CLI, and Kubernetes Kubectl are used more and more, the bash prompt is one of the most productive ways to do your daily work. When using Windows, the usage of WSL (2) is a must-have when it comes to having a Linux shell to execute bash scripts. This works nice but with Oh-My-Zsh you can make the command-prompt look- and behave better so you can do your work more efficient.
Searching in Google for Azure related stuff results in a lot of links to local language specific content. For example in my case the url always contains nl-nl. Despite the language configuration in Chrome is English I always get results in Dutch. This is very annoying and can be solved using Chrome Extension Requestly.
I was a big fan of ARM templates: for many years I’m applying ARM templates on a large number of projects for all kinds of customers. I’ve written articles and blog posts about ARM templates. Have given many workshops and started collecting ARM templates used in enterprises ready for production. I’ve written the Best practices with ARM Templates article together with my colleague Peter Groenewegen, which is the most visited blog post of Xpirit and it’s also published by Microsoft. It’s clear I was a big fan of ARM templates. But times are changing.
New releases of Kubernetes follow each other in rapid succession. Azure must support the version of Kubernetes in order to also offer it with AKS.
I would like to know when a new version of Kubernetes will be supported in AKS. This can be checked manually with the Azure CLI. However, I do not want to do this manually every now and then. That’s why I automated the process that checks the latest version of Kubernetes in AKS. The process tweets a message when a new version has been released. In addition, the process also notifies via twitter when a new location in Azure supports AKS. The proces is automated by serverless resources in Azure: with an Azure Function and an Azure Logic app. The twitter account @azureaksupdates notifies about the latest version and latest locations of AKS.
AKS supports RBAC since its General Available.
After visiting the Dashboard of Kubernetes in AKS you will get warnings because the user visiting the dashboard does not have enough rights. This post tells you how to solve this. But let’s create a RBAC enabled cluster first.
Many applications hosted in a Docker container need a volume to store data on or to read from. The data can’t be stored in the Docker container itself because the data will be lost after a restart or when the container crashes. Persistent Storage has an independent lifecycle of a Pod. This blogposts shows the most used possibilities to use persistent storage using Kubernetes on Azure.
This blogpost was not possible without the help of Andreas Lindeboom, my Xebia colleague of XITA. Thanks!
In case of problems with a node of a Kubernetes cluster you probably want to read the logfiles on a Node of the Kubernetes Cluster, as described here. This Kubernetes cluster is created with Azure Container Service (ACS).