Author Archive: Marcus
Techdiction > Articles by: Marcus
Marcus
17th June 2018
Scenario An organisation wanted to deploy each application into a separate Kubernetes namespace. Each application will be available at a subdomain of example.com, via a wildcard DNS entry of *.example.com pointing to the ingress controller’s service IP address. A single wildcard TLS certificate ( *.example.com ) will be used to protect all applications using the ingress controller. It was desired that only a single TLS secret should exist on the cluster to facilitate certificate renewal. Challenges Kubernetes secrets are only accessible from the namespace in which they are created. We discussed having a single namespace with all ingress resources and…
Read more
Marcus
2nd June 2018
Corporate security policy often requires the flow of traffic to be restricted between between Kubernetes pods. This is similar to how switch access control lists restrict traffic between physical servers. This functionality Kubernetes the traffic flow is configured using network policies. There are a number of projects that support network policy enforcement. The majority require a specific network plugin to be deployed. As the Azure Kubernetes Service is a managed service we do not have the flexibility to choose the network plug in that is deployed. The default is kubenet, or if using advanced networking AKS uses the Azure CNI…
Read more
Marcus
22nd November 2017
Deploying a Kubernetes service on Azure with a specific IP addresses Each time a Kubernetes service is created within an ACS or AKS cluster a static Azure IP address is assigned. If an IP address exists in the resource group that is not assigned to a service this will be used, otherwise a new address is requested. This means if a service is deleted and recreated it is not guaranteed to get the same IP address. Should you wish to configure the service to always receive the same IP address the load balancer can be provisioned to use a specific…
Read more
Marcus
24th August 2017
Infrastructure of Code is key to achieving consistent deployment of infrastructure in the cloud. Amazon Web Services enable infrastructure as code using CloudFormation templates ( https://aws.amazon.com/cloudformation/ ). In AWS’s own words: “AWS CloudFormation gives developers and systems administrators an easy way to create and manage a collection of related AWS resources, provisioning and updating them in an orderly and predictable fashion.” On Microsoft Azure we use Azure Resource Manager templates, commonly referred to as ARM templates. I can easily amend the above phrase to describe ARM templates: “Microsoft Azure Resource Manager templates give developers and systems administrators an easy way…
Read more
Marcus
29th June 2017
Over the past 12 months I have been working with customers on hackfests. We often work with organizations that have highly secured workstations and networks. This proves to be a problem as during the hackfest we need to be using the latest releases of software, often preview releases, and also need full access Microsoft Azure. In a recent scenario we needed to work with Visual Studio 2017 and Windows Server containers. The hackfest participants laptops were running Windows 7, an older version of Visual Studio and had limited outbound internet access. To ensure participants could work with the latest technologies…
Read more
Marcus
22nd June 2017
I recently created a set of Azure Resource Manager (ARM) templates ( https://github.com/marrobi/RancherOnAzure/ ) to simplify the deployment of Rancher ( http://rancher.com/rancher/ ) to Azure. Rancher is an Open Source container management platform – https://github.com/rancher/rancher. Rancher offers the facility to connect a container registry ( https://docs.rancher.com/rancher/v1.6/en/environments/registries/ ) so that images can be pulled for deployment. As part of my deployment I wanted to provide users with an Azure Container Registry (ACR) instance already connected to Rancher. My Rancher templates consist of a top level template with a number of nested child templates. ACR would be a child template. My challenge…
Read more
Marcus
12th June 2017
Over the past 12 months I have spent many weeks working with customers migrating Linux based workloads to Azure. When we turn up on a customer site we often need to get OSS projects up and running on Azure as quickly as possible. The projects are usually a component of a larger solution that we need to build around as the week progresses. Requirements Need to get the project up and running to enable developers to start coding, Need to deploy multiple instances of the component so that they can be used in parallel, Need to be able to easily…
Read more
Marcus
21st September 2016
Using Docker Machine to provision a VM running Docker on Azure Docker Machine facilitates the creation and management of virtual hosts running Docker engine https://docs.docker.com/machine/overview/ . This could be a host running within a VM on your local machine, via technologies such as Hyper-V or in a public cloud such as Microsoft Azure. Docker Machine uses drivers to enable deployment to different platforms During this post we will provision a VM running Docker on Microsoft Azure and deploying containers to the VM. We will use the Azure driver for Docker Machine which is documented here https://docs.docker.com/machine/drivers/azure/ . Docker Machine facilitates…
Read more
Marcus
5th September 2016
On Tuesday 13th September 2016 I am hosting the DevOps day of TechDays Online. Live stream available here: https://channel9.msdn.com/Events/TechDaysOnline/UK-TechDays-Online-September-2016 The agenda for the day is as follows: 9.30am: Steve Thair – DevOps is the answer! What was the question again? DevOps is without doubt one of the hottest topics in IT right now, and everyone from vendors, senior management and IT professionals are rushing headlong to “Doing DevOps”. Somewhere along the way the message that DevOps is only a means to an end, and not an end in itself, is getting lost. In this presentation Steve from DevOpsGuys will talk about the…
Read more
Marcus
29th July 2016
I've been working with Docker and containers over the past few weeks. Today I wanted to configure a Nano server image as a container host. The process is well documented here: https://msdn.microsoft.com/en-us/virtualization/windowscontainers/deployment/deployment_nano My host machine is running Windows 10 and I have Windows Server 2016 TP5 Nano running in a Hyper-V VM. When running the command: Install-NanoServerPackage -Name Microsoft-NanoServer-Containers-Package I received the following error: Install-NanoServerPackage : Culture: en-GB is not supported + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Install-NanoServerPackage The reason being my host machine, hence the PowerShell remoting session's culture is set to en-GB…
Read more