Secrets in Kubernetes are not really secret. You should store all your cloud-related secrets in a vault anyway, so why not access this vault from your Kubernetes cluster. If you are using Azure, Azure KeyVault is the most logical place to store your secrets. This blogpost tells you how to access the KeyVault from an ASP.NET Core application running on AKS.
More and more people are using the Azure CLI to provision resources on Azure. Since my blogpost about the Azure CLI, I received so many reactions of people who are using the Azure CLI now. It’s readable, easy and is idempotent. Sometimes you want to use the more advanced syntax. This blog post is a collection of Azure CLI Commands and bash scripts that took me more time then I wanted and collect them so it doesn’t take you that much time (and me as well, next time 🙂 ). I will add to this blogpost if necessary.
The password of a Service Principal configured in Azure DevOps in a Service Connection is a secret and hidden. But it’s fairly easy to get the password of a Service Principal in Azure DevOps. It’s not a security bug or a backdoor. It’s a side effect and by design. It looks like leaving the keys in the keyhole. This blogpost tells you how to get the password. As soon as you can use Service Principal credentials, it’s possible to connect to Azure from any laptop, you don’t have to be using a laptop in the same domain as the company. An additional advantage is that you can use the tools you love and that make you productive.
Searching in Google for Azure related stuff results in a lot of links to local language specific content. For example in my case the url always contains nl-nl. Despite the language configuration in Chrome is English I always get results in Dutch. This is very annoying and can be solved using Chrome Extension Requestly.
New releases of Kubernetes follow each other in rapid succession. Azure must support the version of Kubernetes in order to also offer it with AKS.
I would like to know when a new version of Kubernetes will be supported in AKS. This can be checked manually with the Azure CLI. However, I do not want to do this manually every now and then. That’s why I automated the process that checks the latest version of Kubernetes in AKS. The process tweets a message when a new version has been released. In addition, the process also notifies via twitter when a new location in Azure supports AKS. The proces is automated by serverless resources in Azure: with an Azure Function and an Azure Logic app. The twitter account @azureaksupdates notifies about the latest version and latest locations of AKS.
Many applications hosted in a Docker container need a volume to store data on or to read from. The data can’t be stored in the Docker container itself because the data will be lost after a restart or when the container crashes. Persistent Storage has an independent lifecycle of a Pod. This blogposts shows the most used possibilities to use persistent storage using Kubernetes on Azure.
This blogpost was not possible without the help of Andreas Lindeboom, my Xebia colleague of XITA. Thanks!
In case of problems with a node of a Kubernetes cluster you probably want to read the logfiles on a Node of the Kubernetes Cluster, as described here. This Kubernetes cluster is created with Azure Container Service (ACS).
When using multiple Kubernetes clusters on Azure Container Service, I see people executing the az acs kubernetes get-credentials command every time they need to reconnect to a different cluster. This works, but is not needed. You can do it easier.
I was getting a bit tired of typing the kubectl command everytime. To solve this and only type k instead of kubectl, it’s possible to add an alias to Windows.
What if you can configure your infrastucture with a process that requests your SSL Certificates automatic. Not only this, but this process registeres the certificates in your infrastructure also. There is more. The process also requests new versions of certificates every 30 days so the certificate will not expire. All of this, complely automated. It’s even completely free! You or your traditional ops department won’t believe this is possible.
Enter the new world of infrastructure: Kube-Lego, ofcourse hosted on Kubernetes.
Now I hear you think: “This is to good to be true. It must be hard to configure”. The configuration is really easy actually, as you will see in this blogpost.