Background A while ago, I wrote a post: Azure DevOps Multi-Stage pipelines for Enterprise AKS scenarios. The idea was having a platform team that enforces best practices, security and other compliance aspects to Kubernetes platform and allows one ore more workload-teams (i.e., product teams) build and deploy their workload into the cluster. The previous post suggested… Continue reading Empower Kubernetes developers with guardrails
Category: Azure
Multi-Tenant Daemons with Microsoft Identity platform
Background I have recently speaking to a customer about the following scenario. Customer has an API that supposed to be consumed by some **trusted** daemon applications built and managed by their partners. It's not the interactive users (no signed in users via an web application) who will be using the API, rather some background process… Continue reading Multi-Tenant Daemons with Microsoft Identity platform
Secure your pipelines by frequently rotating secrets
TL; DR: This article and accompanying source codes helps you setting up an automated secret or certificate rotations for Azure service principals and Azure DevOps service connections. Jump into the technical part here. Background If you are deploying applications on Azure from Azure DevOps service connections (or GitHub actions) you are most likely using a… Continue reading Secure your pipelines by frequently rotating secrets
Elastic self-hosted pool for Azure DevOps (on Kubernetes)
UpdateThere is a follow up post with some updates, you can read here. Introduction If you are using Azure Pipelines, then you surely have used Microsoft-hosted agent. With Microsoft-hosted agents, maintenance and upgrades are taken care of for you. However, there are times when self-hosted agents are needed (i.e. customized images, network connectivity requirements etc.).… Continue reading Elastic self-hosted pool for Azure DevOps (on Kubernetes)
Bridge to Kubernetes – be confident on shipping software
Bridge to Kubernetes is a successor of Azure Dev Space. Distributed software’s are comprised of more than one services (often referred as micro-services), they depend on each other (one service invoking APIs of another service) to deliver capabilities to end users. While separations of services bring flexibility in delivering features (or bug fixes) faster, it… Continue reading Bridge to Kubernetes – be confident on shipping software
How to use ADFS/SAML2.0 as Identity provider with Azure AD B2C
Azure Active Directory B2C (Azure AD B2C) provides support for the SAML 2.0 identity provider. With this capability, you can create a technical profile in Azure AD B2C to federate with SAML-based identity provider, such as ADFS. Thus, allow users to sign in with their existing enterprise identities. Microsoft has good docs on this topic,… Continue reading How to use ADFS/SAML2.0 as Identity provider with Azure AD B2C
Azure Resource Governance with Template Specs & Biceps
All the example codes are available in GitHub. Background Governance of cloud estates is challenging for businesses. It’s crucial to enforce security policies, workload redundancies, uniformity (such as naming conventions), simplify deployments with packaged artifacts (i.e., ARM templates), Azure role-based access control (Azure RBAC) across the enterprise. Generally, the idea is, a centralized team (sometimes… Continue reading Azure Resource Governance with Template Specs & Biceps
Azure DevOps Security & Permissions REST API
I have written an updated version of this application; you can read here. Every Few months I notice the following Saga repeats. I face a challenge where I need to programmatically manage security aspects of Azure DevOps resources (like Repository, Pipeline, Environment etc.). I do lookup the Azure DevOps REST API documentation, realize that the… Continue reading Azure DevOps Security & Permissions REST API
Manage Kubernetes running anywhere via Azure Arc
Azure Arc (currently in preview) allows attach and configure Kubernetes Clusters running anywhere (inside or outside of Azure). Once connected the clusters shows up in Azure portal and allows applying tags, policies like other resources. This brings simplicity and uniformity managing both cloud and on-premises resources in a single management pane (Azure Portal). Azure Arc… Continue reading Manage Kubernetes running anywhere via Azure Arc
Azure DevOps Multi-Stage pipelines for Enterprise AKS scenarios
Background Multi-Stage Azure pipelines enables writing the build (continuous integration) and deploy (continuous delivery) in Pipeline-as-Code (YAML) that gets stored into a version control (Git repository). However, deploying in multiple environments (test, acceptance, production etc.) needs approvals/control gates. Often different stakeholders (product owners/Operations folks) are involved into that process of approvals. In addition to that,… Continue reading Azure DevOps Multi-Stage pipelines for Enterprise AKS scenarios
Reverse Engineering 