Introduction In the dynamic realm of today's digital environment, safeguarding your applications and data holds utmost importance. This blog post is designed to lead you through the steps of establishing comprehensive security measures for an Azure Function App, Azure SQL database, and API Management. Our approach involves leveraging Azure Virtual Network (VNet) for robust network… Continue reading End-to-End Security: Function, Azure SQL, and API Management
Category: CI-CD
Azure DevOps security as Code
Accompanied source code can be found here. A while ago, I have written an application that could simplify managing Azure DevOps security. The idea was that one could define bunch of YAML file that describes numerous security aspect for an Azure DevOps project (for example, security for teams, build and release folders, repositories etc.) and… Continue reading Azure DevOps security as Code
Self-Hosted Azure DevOps pool on Azure Container Apps
A while ago, I have worked with few of our customers, helping to build elastic self-hosted pool for their Azure DevOps pipeline agents based on Azure Kubernetes Service. You can read all about that journey here - where I have created a Kubernetes Controller that observes the Job queue of Azure DevOps for incoming pipeline… Continue reading Self-Hosted Azure DevOps pool on Azure Container Apps
Demystifying Azure Container Apps & Dapr – Part 5
Read Part 1 here. Read Part 2 here. Read Part 3 here. Read Part 4 here. Today I will be using the traffic-splitting capability of Azure Container Apps. Azure Container Apps implements container app versioning by creating revisions. A revision is an immutable snapshot of a container app version. Revisions in Azure Container App The… Continue reading Demystifying Azure Container Apps & Dapr – Part 5
Demystifying Azure Container Apps & Dapr – Part 4
Read Part 1 here. Read Part 2 here. Read Part 3 here. Last time, I wrote the backend service (JobListener) which gets triggered by the Dapr pubsub whenever an image is uploaded into the designated blob container in the storage account. It then uses Computer Vision APIs to do the image recognition. Today we will… Continue reading Demystifying Azure Container Apps & Dapr – Part 4
Demystifying Azure Container Apps & Dapr – Part 2
Part 1 of this article is here. Last time, I created an empty Azure Container Apps Environment using Bicep. I also created some required components like Key vaults, Log analytics workspace, Application Insights and Computer vision. Application Architecture Today I want to make progress on that. As I have briefly explained before, I want to… Continue reading Demystifying Azure Container Apps & Dapr – Part 2
Demystifying Azure Container Apps & Dapr – Part 1
I have played with Dapr on Kubernetes (AKS to be specific) before and loved it for its ability to simplify distributed applications development with out of the box binding, service to service communications, secret abstractions, actors and observabilities. I have previously worked with LinkerD and Istio as service mesh and ran workload in production, but… Continue reading Demystifying Azure Container Apps & Dapr – Part 1
Empower Kubernetes developers with guardrails
Background A while ago, I wrote a post: Azure DevOps Multi-Stage pipelines for Enterprise AKS scenarios. The idea was having a platform team that enforces best practices, security and other compliance aspects to Kubernetes platform and allows one ore more workload-teams (i.e., product teams) build and deploy their workload into the cluster. The previous post suggested… Continue reading Empower Kubernetes developers with guardrails
Secure your pipelines by frequently rotating secrets
TL; DR: This article and accompanying source codes helps you setting up an automated secret or certificate rotations for Azure service principals and Azure DevOps service connections. Jump into the technical part here. Background If you are deploying applications on Azure from Azure DevOps service connections (or GitHub actions) you are most likely using a… Continue reading Secure your pipelines by frequently rotating secrets
Bridge to Kubernetes – be confident on shipping software
Bridge to Kubernetes is a successor of Azure Dev Space. Distributed software’s are comprised of more than one services (often referred as micro-services), they depend on each other (one service invoking APIs of another service) to deliver capabilities to end users. While separations of services bring flexibility in delivering features (or bug fixes) faster, it… Continue reading Bridge to Kubernetes – be confident on shipping software
Reverse Engineering 