When working with internal container deployments, there are many cases, where applications need to access an internal HTTPS service. If these services use internal certificates from an internal certificate authority (CA), the client (container/pod) needs to trust the certificate chain including the Sub/Issuing CA certificate and the Root CA certificate.
These certificates have to be added to the trusted ROOT CA store, which should not be done at runtime (hence not with a sidecar container or similar constructs). The solution to this problem would be to add them at build time. We will discover how this process can be simplified and automated by using Azure Container Registry (ACR) tasks.

Read more...

This topic is not new and quite frankly, it is hard to believe this is still not integrated yet, but at some point, during your cloud journey, you probably want to send monitoring alerts to a certain Teams channel. Even though this is functionality is available for plenty of other services, Azure Monitor still lacks this.

Read more...

HashiCorp Vault - Raft Storage Snapshot Recovery

in DevOps by Ingo Deißenroth
943 words · 5 min to read

HashiCorp introcuded with Vault version 1.2 a new integrated Storage backend. It went into general availability with version 1.4 in April 2020. In November HashiCorp released Vault version 1.6 which includes further enhancements of the Raft storage backend. I took this opportunity to show how to create and restore Raft storage backend snapshots and share this with the community.

Read more...

Azure Image Builder Series - Introduction

in Azure by Ingo Deißenroth
1.4k words · 8 min to read

Azure Image Builder is a virtual machine image provisioning service on Microsoft Azure based on HashiCorp Packer. It has been designed to integrate natively with Microsoft Azure to allow customers to easily create and maintain virtual machine images for consistent deployments. This post is the first of a series to introduce the Azure Image Builder and its benefits by means of showing real-world examples.

Read more...

The Secret Management Solution HashiCorp Vault allows the Integration of a variety of Identity Providers. Although currently no direct Implementation for Human Users of Azure AD exists, the JWT/OIDC Auth Method provides a way to enable authentication and authorization for Azure AD Users to HashiCorp Vault. This post shows how to configure HashiCorp Vault to enable User Login with Azure AD Credentials as well as assigning Permissions/Policies based on their Group Memberships.

Read more...

The Alert policies in O365 are an often overlooked or underestimated security feature for indicators of compromise (IOC). They enable especially administrators for smaller tenants to supervise their environments on a critical level in terms of security events. As part of a multilevel defense the O365 Alerts add a lot value, as they are easy to setup and part of every O365 and therefore free of additional costs.

Read more...

Azure Hybrid DNS Architecture

in Azure by Christoph Burmeister
2.8k words · 17 min to read

Azure private DNS is a great solution to simplify DNS resolution for cloud resources in Azure. However, chances are you have components in your infrastructure that do not natively integrate with Azure DNS zones. In this post, I will show you how you to enable your own DNS solution to resolve names from Azure private DNS zones with CoreDNS on Azure Kubernetes Service.

Read more...
Author's picture

IT Insights Blog

Knowledge Delivered


author.job