Catégorie : Kubernetes (Page 17 of 37)

Hi,

Azure Kubernetes Service (AKS) now supports a new Azure policy to ensure OS and data disks are encrypted via customer managed keys. This feature enhances security by supporting the creation of a policy to audit the usage of customer managed keys on OS and data disks, or denying the creation of resources not using customer managed keys on OS and data disks.

AKS CMK Deny Policy: https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/AKS_CMK_Deny.json

Maxime.

Hi!

Azure Kubernetes Service (AKS) now supports planned maintenance windows. This allows you to specify planned maintenance windows so you can control when weekly releases or proactive maintenance events may be performed in your clusters and minimize interruptions during hours when you need your clusters to be available.

When using Planned Maintenance, the following restrictions apply:

• AKS reserves the right to break these windows for unplanned/reactive maintenance operations that are urgent or critical.
• Currently, performing maintenance operations are considered best-effort only and are not guaranteed to occur within a specified window.
• Updates cannot be blocked for more than seven days.

Allow maintenance on every Monday at 1:00am to 2:00am

az aks maintenanceconfiguration add -g MyResourceGroup --cluster-name myAKSCluster --name default --weekday Monday --start-hour 1

Update an existing maintenance window

az aks maintenanceconfiguration update -g MyResourceGroup --cluster-name myAKSCluster --name default --weekday Monday --start-hour 1

List all maintenance windows in an existing cluster

az aks maintenanceconfiguration list -g MyResourceGroup --cluster-name myAKSCluster

Show a specific maintenance configuration window in an AKS cluster

az aks maintenanceconfiguration show -g MyResourceGroup --cluster-name myAKSCluster --name default

Delete a certain maintenance configuration window in an existing AKS Cluster

az aks maintenanceconfiguration delete -g MyResourceGroup --cluster-name myAKSCluster --name default

Maxime.

Hi!

In a previous article, I show you how you can deploy a OPA Gatekeeper solution in your AKS cluster. We saw together how we can monitor the number of OPA gatekeeper violation in a second article.

In this article I will show how you can deploy a dashboard to monitor your OPA Gatekeeper violations. I will recommend you to use the solution Gatekeeper Policy Manager (GPM) created by Sighupio.

It’s very easy to deploy this solution, please clone the following repository and run this command to deploy the solution:

kubectl apply -k .

Once you’ve deployed the application, if you haven’t set up an ingress, you can access the web-UI using port-forward:

kubectl -n gatekeeper-system port-forward  svc/gatekeeper-policy-manager 8080:80

For a production usage of this solution, I recommend you to configure the OIDC authentication.

Maxime.