Azure

Configuring Kubernetes ingress with a wildcard DNS certificate, single TLS secret and applications in multiple namespaces

Scenario An organisation wanted to deploy each application into a separate Kubernetes namespace. Each application will be available at a subdomain of example.com, via a wildcard DNS entry of *.example.com pointing to the ingress controller’s service IP address. A single wildcard TLS certificate ( *.example.com ) will be used to protect all applications using the ingress controller. It was desired that only a single TLS secret should exist on the cluster to facilitate certificate renewal. Challenges Kubernetes secrets are only accessible from the namespace in which they are created. We discussed having a single namespace with all ingress resources and…
Read more

Enforcing Network Policies using kube-router on AKS

Corporate security policy often requires the flow of traffic to be restricted between between Kubernetes pods. This is similar to how switch access control lists restrict traffic between physical servers. This functionality Kubernetes the traffic flow is configured using network policies. There are a number of projects that support network policy enforcement. The majority require a specific network plugin to be deployed. As the Azure Kubernetes Service is a managed service we do not have the flexibility to choose the network plug in that is deployed. The default is kubenet, or if using advanced networking AKS uses the Azure CNI…
Read more

Deploying a Kubernetes service on Azure with a specific IP addresses

Deploying a Kubernetes service on Azure with a specific IP addresses Each time a Kubernetes service is created within an ACS or AKS cluster a static Azure IP address is assigned. If an IP address exists in the resource group that is not assigned to a service this will be used, otherwise a new address is requested. This means if a service is deleted and recreated it is not guaranteed to get the same IP address. Should you wish to configure the service to always receive the same IP address the load balancer can be provisioned to use a specific…
Read more

Creating a Docker artifact for Windows Server in Azure DevTest Labs

Over the past 12 months I have been working with customers on hackfests. We often work with organizations that have highly secured workstations and networks. This proves to be a problem as during the hackfest we need to be using the latest releases of software, often preview releases, and also need full access Microsoft Azure. In a recent scenario we needed to work with Visual Studio 2017 and Windows Server containers. The hackfest participants laptops were running Windows 7, an older version of Visual Studio and had limited outbound internet access. To ensure participants could work with the latest technologies…
Read more

Retrieving and using Azure Container Registry credentials in an Azure Resource Manager Template

I recently created a set of Azure Resource Manager (ARM) templates ( https://github.com/marrobi/RancherOnAzure/ ) to simplify the deployment of Rancher ( http://rancher.com/rancher/ ) to Azure. Rancher is an Open Source container management platform –  https://github.com/rancher/rancher. Rancher offers the facility to connect a container registry ( https://docs.rancher.com/rancher/v1.6/en/environments/registries/ ) so that images can be pulled for deployment. As part of my deployment I wanted to provide users with an Azure Container Registry (ACR) instance already connected to Rancher. My Rancher templates consist of a top level template with a number of nested child templates. ACR would be a child template. My challenge…
Read more

Using Infrastructure as Code to provision a Docker container on Azure

Over the past 12 months I have spent many weeks working with customers migrating Linux based workloads to Azure. When we turn up on a customer site we often need to get OSS projects up and running on Azure as quickly as possible. The projects are usually a component of a larger solution that we need to build around as the week progresses. Requirements Need to get the project up and running to enable developers to start coding, Need to deploy multiple instances of the component so that they can be used in parallel, Need to be able to easily…
Read more

Using Docker Machine to provision a VM running Docker on Azure

Using Docker Machine to provision a VM running Docker on Azure Docker Machine facilitates the creation and management of virtual hosts running Docker engine https://docs.docker.com/machine/overview/ . This could be a host running within a VM on your local machine, via technologies such as Hyper-V or in a public cloud such as Microsoft Azure. Docker Machine uses drivers to enable deployment to different platforms During this post we will provision a VM running Docker on Microsoft Azure and deploying containers to the VM. We will use the Azure driver for Docker Machine which is documented here https://docs.docker.com/machine/drivers/azure/ . Docker Machine facilitates…
Read more

DevOps Days London Hackathon Prep – Stepping out of my comfort zone.

DevOps Days London is fast approaching. The main conference runs from Tuesday 19th – Wednesday 20th April 2016, however, on Thursday 21st April there is a one day Hackathon which Microsoft is supporting. From the DevOps Days London website:  "This isn’t a traditional Hackathon, we are looking to test the principles of DevOps against the clock and at the same time attempt to build a production quality Minimum Viable Product (MVP) that could facilitate the giving of small (micro) donations to a variety of charities so easy it becomes a way of life. The concept is to create a facility…
Read more

Build 2016: Day 1 Keynote – At a glance

I’ve been looking forward to hearing the announcements that will be made at Build, especially it is the first Build since I’ve been a Microsoft employee. Unfortunately I’m not in San Francisco this week so this blog post was written from my living room while watching the keynote. I have outlined the key themes without going to go into a great deal of detail as many of the topics discussed are outside my area of expertise and there have been many more comprehensive blog posts written already about each specific area (I don’t believe in reinventing the wheel). Windows 10 Anniversary Update…
Read more

Introduction to Azure Resource Manager Templates for the IT Pro

The Problem Conflict between software development teams and IT operations is familiar to many of us. As IT professionals we are often faced with support tickets for applications that are: Sluggish Don’t install Randomly stop working This could happen randomly, or more commonly occurs after an application update. Have you ever escalated an issue to the application developers or vendor and had a reply the lines of “You have installed it incorrectly” or “Your hardware is incorrectly configured? It a situation that I have been in a number of times in the past and the resolution to the conflict is often a…
Read more