AzureDevOps · docker · ServicePrincipal

Azure DevOps Container agents without PAT

Azure DevOps now supports Service principals and Managed identities for authentication. This is currently (at the time of writing) in Public Preview. This is quite an interesting feature and addresses many concerns related to personal access tokens (PATs). I have a self-hosted container agent runs on Docker which needs PAT to spin up. With the new development… Continue reading Azure DevOps Container agents without PAT

.NET · .net-core · AzureDevOps · C# · CI-CD · Command · docker · IAC · Infrastructure As Code

Azure DevOps security as Code

Accompanied source code can be found here. A while ago, I have written an application that could simplify managing Azure DevOps security. The idea was that one could define bunch of YAML file that describes numerous security aspect for an Azure DevOps project (for example, security for teams, build and release folders, repositories etc.) and… Continue reading Azure DevOps security as Code

.NET · Architecture · containerd · docker · OCI · runc · WASI · WASM

Exploring WASM, WASI with .net7 & Docker

Web Assembly aka WASM is currently gaining a lot of attention into the container community - for legit reasons! WASM is a web-optimized code format that significantly improve web application performances running on browsers. However, it is gaining more and more attention in the container world lately, because of its sandbox/isolation hence - safety, near-native… Continue reading Exploring WASM, WASI with .net7 & Docker

.net-core · AKS · Architecture · Azure · AzureDevOps · C# · docker · Kubernetes · Pipeline

Elastic self-hosted pool for Azure DevOps (on Kubernetes)

UpdateThere is a follow up post with some updates, you can read here. Introduction If you are using Azure Pipelines, then you surely have used Microsoft-hosted agent. With Microsoft-hosted agents, maintenance and upgrades are taken care of for you. However, there are times when self-hosted agents are needed (i.e. customized images, network connectivity requirements etc.).… Continue reading Elastic self-hosted pool for Azure DevOps (on Kubernetes)

.NET · .net-core · AKS · Automation · Azure · AzureDevOps · C# · CI-CD · docker · Kubernetes

Bridge to Kubernetes – be confident on shipping software

Bridge to Kubernetes is a successor of Azure Dev Space. Distributed software’s are comprised of more than one services (often referred as micro-services), they depend on each other (one service invoking APIs of another service) to deliver capabilities to end users. While separations of services bring flexibility in delivering features (or bug fixes) faster, it… Continue reading Bridge to Kubernetes – be confident on shipping software

Azure · docker · Kubernetes

Manage Kubernetes running anywhere via Azure Arc

Azure Arc (currently in preview) allows attach and configure Kubernetes Clusters running anywhere (inside or outside of Azure). Once connected the clusters shows up in Azure portal and allows applying tags, policies like other resources. This brings simplicity and uniformity managing both cloud and on-premises resources in a single management pane (Azure Portal). Azure Arc… Continue reading Manage Kubernetes running anywhere via Azure Arc

.net-core · AKS · Architecture · C# · Certificate · certificates · docker · Kubernetes · OpenSSL · REST · Security · ssl

Restricting Unverified Kubernetes Content with Docker Content Trust

Docker Content Trust (DCT) provides the ability to use digital signatures for data sent to and received from remote Docker registries. These signatures allow client-side or runtime verification of the integrity and publisher of specific image tags. Image source: Docker Content Trust Through DCT, image publishers can sign their images and image consumers can ensure… Continue reading Restricting Unverified Kubernetes Content with Docker Content Trust

.net-core · Cluster · compliance · docker · Go · Infrastructure As Code · Kubernetes · SQL-Container

Azure AD Pod Identity – password-less app-containers in AKS

Background I like Azure Managed Identity since its advent. The concept behind Managed Identity is clever, and it adds observable value to any DevOps team. All concerns with password configurations in multiple places, life cycle management of secrets, certificates, and rotation policies suddenly irrelevant (OK, most of the cases).Leveraging managed identity for application hosted in… Continue reading Azure AD Pod Identity – password-less app-containers in AKS

Architecture · Automation · Azure · azure-web-app · azure-web-apps · Command · docker · IAC · Infrastructure As Code

Azure AD App via ARM Template Deployment Scripts

Background ARM templates offer a great way to define resources and deploy them. However, ARM templates didn’t have any support to invoke or run scripts. If we wanted to carry out some operations as part of the deployment (Azure AD app registrations, Certificate generations, copy data to/from another system etc.) we had to create pre… Continue reading Azure AD App via ARM Template Deployment Scripts

Automation · CI-CD · Command · docker · Go · Infrastructure As Code · terraform

Terraforming Azure DevOps

Background In many organizations, specially in large enterprises there’s a need to automate Azure DevOps projects and Teams members. Manually managing large number of Azure DevOps projects, Teams for these projects and users to the teams, on-boarding and off-boarding team members are not trivial. Besides managing the users sometimes, we just need to have an… Continue reading Terraforming Azure DevOps