Home - About me - Browse by categories

Secure an Azure Kubernetes cluster with Azure Active Directory and RBAC

Azure Kubernetes Services supports Kubernetes RBAC with Azure Active Directory integration, that allows to bind ClusterRole and Role to subjects like Azure Active Directory users and groups.

The version 1.19.0 of the AzureRM Terraform provider supports this integration.

This blog post describes how to script the deployment of an AKS cluster, using RBAC + Azure AD with Terraform and Azure CLI.

All the scripts are in this GitHub repository.

read more

How to: Azure Kubernetes Service + Custom VNET with Kubenet

You probably already know that it is possible to deploy an Azure Kubernetes Service cluster into an existing virtual network (VNET) to be able to control the network CIDR and consume other services on your private networks, like on-premises services through an Express Route for example.

If you read the network documentation of AKS you will see that there are two networking modes: Basic networking that controls the virtual network and uses Kubenet as network plugin or Advanced networking that lets you control the virtual network and uses Azure CNI network plugin.

In this post, I will explain how to use Advanced networking, to keep control on the virtual network, but continue to use Kubenet as a network plugin.

Thank you very much to my colleague St├ęphane Erbrech who has helped a lot to get this scenario working and review this post before publication

read more

Use Azure managed identities with Azure Kubernetes Services (AKS)

In this blog post, I will explain how you can use the aad-pod-identity project (currently in Beta) to get an Azure managed identity bound to a pod running in your Kubernetes cluster. I will illustrate this with a basic sample that consists in retrieving secrets from an Azure Keyvault in a Go application running in a Kubernetes pod.

read more

How to access Kubernetes dashboard on an Azure Kubernetes Service cluster with RBAC enabled

RBAC (Role Based Access Control) is enabled by default when you deploy a new Azure Kubernetes Service cluster, which is great. But if you are not use to that, you may have some trouble to access the Kubernetes dashboard using kubectl proxy or az aks browse command line tools (remember to never expose the dashboard over the Internet, even if RBAC is enabled!).

In this post, I will explain how you can simply configure RBAC on your cluster to solve authorization access issues.

read more

How to monitor your Python Flask web application using Azure Application Insights

I recently worked with a customer on hosting Python Flask web app and web jobs on Azure App Service. When it comes to monitoring, Azure Application Insights is really awesome because it allows to collect traces, requests and exceptions very easily and build analytics queries and dashboard for visualization out of the box.

Azure Application Insights comes with a Python SDK that supports direct integration with the Flask Framework. To help you to get started quickly, I have made this quick start sample available on GitHub.

The most important parts of this sample are described below.

Thanks to my colleague Clemens for the precious help.

read more