AKS | Node image upgrades

[English Below]

Bonjour,

Dans cet article nous allons voir ensemble comment mettre à jour l’images de vos nodes. Pour cela nous allons utiliser la fonctionnalité nodes images AKS qui est encore en pré-version au moment où j’écris cet article.

# Register the preview feature 

az feature register --namespace "Microsoft.ContainerService" --name "NodeImageUpgradePreview"

# Verify the feature is registered

az feature list -o table --query "[?contains(name, 'Microsoft.ContainerService/NodeImageUpgradePreview')].{Name:name,State:properties.state}"

# Install the aks-preview extension 

az extension add --name aks-preview # Update the extension to make sure you have the latest version installed az extension update --name aks-preview

# Mettre à jour l'ensemble de vos nodes pour l'ensemble des node pools de votre cluster

az aks upgrade \ --resource-group myResourceGroup \ --name myAKSCluster \ --node-image-only

kubectl get nodes -o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.metadata.labels.kubernetes.azure.com\/node-image-version}{"\n"}{end}'

az aks show \ --resource-group myResourceGroup \ --name myAKSCluster
-----------------------------------------------------
# Mettre à jour un node pool spécifique
az aks nodepool upgrade \ --resource-group myResourceGroup \ --cluster-name myAKSCluster \ --name mynodepool \ --node-image-only

kubectl get nodes -o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.metadata.labels.kubernetes.azure.com\/node-image-version}{"\n"}{end}'

az aks nodepool show \ --resource-group myResourceGroup \ --cluster-name myAKSCluster \ --name mynodepool

Maxime.

Hi,

In this article, I would like to share with you how we can upgrade all nodes in all node pool of your AKS cluster or you can upgrade a specific node pool.

# Register the preview feature 

az feature register --namespace "Microsoft.ContainerService" --name "NodeImageUpgradePreview"

# Verify the feature is registered 

az feature list -o table --query "[?contains(name, 'Microsoft.ContainerService/NodeImageUpgradePreview')].{Name:name,State:properties.state}"

# Install the aks-preview extension 

az extension add --name aks-preview # Update the extension to make sure you have the latest version installed az extension update --name aks-preview

# Upgrade all nodes in all node pools

az aks upgrade --resource-group myResourceGroup --name myAKSCluster --node-image-only

kubectl get nodes -o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.metadata.labels.kubernetes.azure.com\/node-image-version}{"\n"}{end}'

az aks show --resource-group myResourceGroup --name myAKSCluster
----------------------------------------------------------
# Upgrade a specific node pool
az aks nodepool upgrade --resource-group myResourceGroup --cluster-name myAKSCluster --name mynodepool --node-image-only

kubectl get nodes -o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.metadata.labels.kubernetes.azure.com\/node-image-version}{"\n"}{end}'

az aks nodepool show --resource-group myResourceGroup --cluster-name myAKSCluster --name mynodepool

Maxime.

AKS | Supports Gen2 VMs

[English Below]

Bonjour,

Dans cet article, je vais vous présenter comment créer un cluster AKS en utilisant des machines virtuelles de type gen2.

L’avantage d’utiliser des machines de types Gen2 est de pouvoir bénécifier de fonctionnalités de sécurité comme:

Pour cela, je vous invite à saisir les commandes suivantes depuis Azure Cloud Shell par exemple (https://shell.azure.com)

az feature register --name "Gen2VMPreview" --namespace "Microsoft.ContainerService"    

# wait for the feature to register
az feature show --name Gen2VMPreview --namespace "Microsoft.ContainerService"

# Re-register the AKS namespace by performing the below
az provider register --namespace 'Microsoft.ContainerService'

# Finally create the cluster
az aks create -n aks -g aks -s Standard_D2s_v3 --aks-custom-headers usegen2vm=true

Maxime.


Hello,

In this article, I would like to share with you how you can create an AKS cluster with gen2 virtual machines.

With Azure Gen2 Virtual Machines, you can use advance security features like:

From Azure Cloud Shell (https://shell.azure.com), please use this commands:

az feature register --name "Gen2VMPreview" --namespace "Microsoft.ContainerService"    

# wait for the feature to register
az feature show --name Gen2VMPreview --namespace "Microsoft.ContainerService"

# Re-register the AKS namespace by performing the below
az provider register --namespace 'Microsoft.ContainerService'

# Finally create the cluster
az aks create -n aks -g aks -s Standard_D2s_v3 --aks-custom-headers usegen2vm=true

Maxime.

Azure Security Training Day

[English Below]

Bonjour,

Le Mardi 23 Juin, j’aurai le plaisir de faire parti du panel d’experts invités lors du « Azure Security Training Day ».

The need for stronger cloud security has never been greater. During this free one-day event, you will learn about the latest Azure security tools and best practices to better understand the breadth of security controls available to help protect your workloads.

Deep dive into Azure Sentinel, Azure Security Center, and Azure Network Security and learn how to mitigate threats; increase your security posture; and secure your apps, data, and network across cloud and hybrid environments. You will also have the opportunity to connect with Azure security experts and peers to ask questions, exchange ideas, and build your network.

Au programme:

SessionSpeaker
WelcomeKevin Magee, Chief Security & Compliance Officer, Microsoft Canada
Azure Security Strategy + Top best security practices for Azure todayScott Woodgate, Senior Director, Azure Marketing, Microsoft
Microsoft and customer security panelsStuart Dankevy, Enterprise Security Executive, Cybersecurity Solutions Group, Microsoft
Featuring: RBC Royal Bank and Government of Canada
Modernize your SIEM in the cloud with Azure SentinelAdwait (AJ) Joshi, Director of Product Marketing for Azure Security, Microsoft
Azure Confidential ComputingGraham Bury, Principal Program Manager, Confidential Compute, Microsoft
Richard Curran, Security Officer , Datacenter Corporate Group Sales, Intel Corporation
Call to ActionKevin Magee, Chief Security & Compliance Officer, Microsoft Canada

Pour vous inscrire: https://info.microsoft.com/CA-AzureSec-WBNR-FY20-06Jun-23-AzureSecurityTrainingDay-SRDEM21240_COVID19_LP01Registration-ForminBody.html

Maxime.


Hello,

I will have the pleasure to be member of the expert panel during the Azure Security Training Day (June 23, 2020)

The need for stronger cloud security has never been greater. During this free one-day event, you will learn about the latest Azure security tools and best practices to better understand the breadth of security controls available to help protect your workloads.

Deep dive into Azure Sentinel, Azure Security Center, and Azure Network Security and learn how to mitigate threats; increase your security posture; and secure your apps, data, and network across cloud and hybrid environments. You will also have the opportunity to connect with Azure security experts and peers to ask questions, exchange ideas, and build your network.

Agenda:

SessionSpeaker
WelcomeKevin Magee, Chief Security & Compliance Officer, Microsoft Canada
Azure Security Strategy + Top best security practices for Azure todayScott Woodgate, Senior Director, Azure Marketing, Microsoft
Microsoft and customer security panelsStuart Dankevy, Enterprise Security Executive, Cybersecurity Solutions Group, Microsoft
Featuring: RBC Royal Bank and Government of Canada
Modernize your SIEM in the cloud with Azure SentinelAdwait (AJ) Joshi, Director of Product Marketing for Azure Security, Microsoft
Azure Confidential ComputingGraham Bury, Principal Program Manager, Confidential Compute, Microsoft
Richard Curran, Security Officer , Datacenter Corporate Group Sales, Intel Corporation
Call to ActionKevin Magee, Chief Security & Compliance Officer, Microsoft Canada

Register: https://info.microsoft.com/CA-AzureSec-WBNR-FY20-06Jun-23-AzureSecurityTrainingDay-SRDEM21240_COVID19_LP01Registration-ForminBody.html

Maxime.