I was chatting with a customer last week about the Azure Container Registry. One of the questions that came up was image scanning. There is an integration between the Azure Container Registry and Azure Defender that will perform image scanning. The goal of this blog post is to explore these capabilities and have a look […]
Category: Security
Key Vault CSI driver integrated with AAD-managed pod identities
Tomorrow I’m joining the 425 show on Twitch for a discussion on AAD-managed pod identities and how to integrate them with Key Vault. This blog post is both a sneak preview of what we’ll be discussing tomorrow as well as a review of the episode if you want to study things more in-depth after it […]
Trying out the preview of Azure Active Directory pod-managed identities in Azure Kubernetes Service
Using managed identities in Azure is recommended when you’re connecting to other Azure services (and even your own services if you’re implementing authentication). In the Kubernetes world, Microsoft has maintained an open-source project called AAD-pod-identity. Recently, a managed and supported version of AAD pod identity for AKS was released in public preview. In this post, […]
Setting up a Private Link service as a service provider
Azure Private Link allows you to connect to public services over a private connection. I have already written about using Private Link with blob and the Azure Kubernetes Service. You can also use Private Link to expose your own custom services, and act as a service provider. This means you would build a service in […]
Accessing Key Vault Secrets in Kubernetes using the Key Vault CSI driver
Note: There’s a new post available combining CSI driver + AAD pod identity. When you store secrets in a Kubernetes cluster, by default those are stored in the etcd database within the master nodes. The same is true for secrets stored in an AKS cluster on Azure. The best practice for storing secrets is to […]