Authenticate to Azure Resources with Azure Managed Identities
baeke.info
by Geert Baeke
3w ago
In this post, we will take a look at managed identities in general and system-assigned managed identity in particular. Managed identities can be used by your code to authenticate to Azure AD resources from Azure compute resources that support it, like virtual machines and containers. But first, let’s look at the other option and why you should avoid it if you can: service principals. Service Principals If you have code that needs to authenticate to Azure AD-protected resources such as Azure Key Vault, you can always create a service principal. It’s the option that always works. It has some cav ..read more
Visit website
AKS Workload Identity Revisited
baeke.info
by Geert Baeke
2M ago
A while ago, I blogged about Workload Identity. Since then, Microsoft simplified the configuration steps and enabled Managed Identity, in addition to app registrations. But first, let’s take a step back. Why do you need something like workload identity in the first place? Take a look at the diagram below. Workloads (deployed in a container or not) often need to access Azure AD protected resources. In the diagram, the workload in the container wants to read secrets from Azure Key Vault. The recommended option is to use managed identity and grant that identity the required role in Azure Key Vau ..read more
Visit website
A quick look at Azure App Configuration and the Python Provider
baeke.info
by Geert Baeke
3M ago
When developing an application, it is highly likely that it needs to be configured with all sorts of settings. A simple list of key/value pairs is usually all you need. Some of the values can be read by anyone (e.g., a public URL) while some values should be treated as secrets (e.g., a connection string). Azure App Configuration is a service to centrally manage these settings in addition to feature flags. In this post, we will look at storing and retrieving application settings and keeping feature flags for another time. I will also say App Config instead of App Configuration to save some keys ..read more
Visit website
First steps with Crossplane
baeke.info
by Geert Baeke
6M ago
Image Source: crossplane.io Although Crossplane has been around for a while, I never got around to trying it. Crossplane has many capabilities. However, in this post, I will focus on the following aspects: Installing Crossplane on a Kubernetes cluster (AKS); you can install on a local cluster as well (e.g., k3s, kind, minikube, …) but then you would need Azure Arc for Kubernetes to install the microsoft.flux extension (I will be using GitOps with Flux via that extension) Adding and configuring providers for Azure and Kubernetes: providers allow you to deploy to Azure and Kubernetes (and much ..read more
Visit website
Learn to use the Dapr authorization middleware
baeke.info
by Geert Baeke
7M ago
Based on a customer conversation, I decided to look into the Dapr middleware components. More specifically, I wanted to understand how the OAuth 2.0 middleware works that enables the Authorization Code flow. In the Authorization Code flow, an authorization code is a temporary code that a client obtains after being redirected to an authorization URL (https://login.microsoftonline.com/{tenant}/oauth2/authorize) where you provide your credentials interactively (not useful for service-service non-interactive scenarios). That code is then handed to your app which exchanges it for an access token. W ..read more
Visit website
Publish your AKS Ingress Controller over Azure Private Link
baeke.info
by Geert Baeke
8M ago
In a previous article, I wrote about the AKS Azure Cloud Provider and its support for Azure Private Link. In summary, the functionality allows for the following: creation of a Kubernetes service of type LoadBalancer via an annotation on the service, the Azure Cloud Provider creates an internal load balancer (ILB) instead of a public one via extra annotations on the service, the Azure Cloud Provider creates an Azure Private Link Service for the Internal Load Balancer () In the article, I used Azure Front Door as an example to securely publish the Kubernetes service to the Internet via private ..read more
Visit website
Azure Kubernetes Service and Azure Private Link Integration
baeke.info
by Geert Baeke
8M ago
If you have done any work with Azure, you have probably come across terms such as Azure Private Link Service (PLS) and Private Endpoints (PEs). To quickly illustrate what Azure PLS is, let’s look at a diagram from the Microsoft documentation for Azure SQL database: PLS with Azure SQL Above, Azure SQL Database uses Azure Private Link Service (PLS) to provide connectivity to the database from inside a virtual network that you control. Without a private link, you would need to connect to Azure SQL via a public IP address over the Internet. In order to connect privately, a private endpoint connect ..read more
Visit website
Draft 2 and Ingress with Web Application Routing
baeke.info
by Geert Baeke
8M ago
If you read the previous article on Draft 2, we went from source code to deployed application in a few steps: az aks draft create: creates a Dockerfile and Kubernetes manifests (deployment and service manifests) az aks draft setup-gh: setup GitHub OIDC az aks draft generate-workflow: create a GitHub workflow that builds and pushes the container image and deploys the application to Kubernetes If you answer the questions from the commands above correctly, you should be up and running fairly quickly! The manifests default to a Kubernetes service that uses the type LoadBalancer to configure an ..read more
Visit website
Trying out Draft 2 on AKS
baeke.info
by Geert Baeke
8M ago
Sadly no post about good Belgian beer . Draft 2 is an open-source project that aims to make things easier for developers that build Kubernetes applications. It can improve the inner dev loop, where the developers code and test their apps, in the following ways: Automate the creation of a Dockerfile Automate the creation of Kubernetes manifests, Helm charts, or Kustomize configs Generate a GitHub Action workflow to build and deploy the application when you push changes I have worked with Draft 1 in the past, and it worked quite well. Now Microsoft has integrated Draft 2 in the Azure CLI to m ..read more
Visit website
Quick Guide to Flux v2 on AKS
baeke.info
by Geert Baeke
8M ago
Now that the Flux v2 extension for Azure Kubernetes Service and Azure Arc is generally available, let’s do a quick guide on the topic. A Quick Guide, at least on this site , is a look at the topic from a command-line perspective for easy reproduction and evaluation. This Quick Guide is also on GitHub. Requirements You need the following to run the commands: An Azure subscription with a deployed AKS cluster; a single node will do Azure CLI and logged in to the subscription with owner access All commands run in bash, in my case in WSL 2.0 on Windows 11 kubectl and a working kube config (use az ..read more
Visit website

Follow baeke.info on Feedspot

Continue with Google
OR