Restricting Unverified Kubernetes Content with Docker Content Trust

Docker Content Trust (DCT) provides the ability to use digital signatures for data sent to and received from remote Docker registries. These signatures allow client-side or runtime verification of the integrity and publisher of specific image tags. Image source: Docker Content Trust Through DCT, image publishers can sign their images and image consumers can ensure … Continue reading Restricting Unverified Kubernetes Content with Docker Content Trust

Azure DevOps Multi-Stage pipelines for Enterprise AKS scenarios

Background Multi-Stage Azure pipelines enables writing the build (continuous integration) and deploy (continuous delivery) in Pipeline-as-Code (YAML) that gets stored into a version control (Git repository). However, deploying in multiple environments (test, acceptance, production etc.) needs approvals/control gates. Often different stakeholders (product owners/Operations folks) are involved into that process of approvals. In addition to that, … Continue reading Azure DevOps Multi-Stage pipelines for Enterprise AKS scenarios

Azure AD Pod Identity – password-less app-containers in AKS

Background I like Azure Managed Identity since its advent. The concept behind Managed Identity is clever, and it adds observable value to any DevOps team. All concerns with password configurations in multiple places, life cycle management of secrets, certificates, and rotation policies suddenly irrelevant (OK, most of the cases).Leveraging managed identity for application hosted in … Continue reading Azure AD Pod Identity – password-less app-containers in AKS

Key Vault as backing store of Azure Functions

If you have used Azure function, you probably are aware that Azure Functions leverages a Storage Account underneath to support the file storage (where the function app code resides as Azure File share) and also as a backing store to keep Functions Keys (the secrets that are used in Function invocations). Figure: Storage Account containers … Continue reading Key Vault as backing store of Azure Functions

Access Control management via REST API – Azure Data Lake Gen 2

Background A while ago, I have built an web-based self-service portal that facilitated multiple teams in the organisation, setting up their Access Control (ACLs) for corresponding data lake folders. The portal application was targeting Azure Data Lake Gen 1. Recently I wanted to achieve the same but on Azure Data Lake Gen 2. At the … Continue reading Access Control management via REST API – Azure Data Lake Gen 2

Inter-process communication on Windows Containers

Background Legacy monolith applications that are built to run on single beefy server can take advantage of containers to simplify the deployment model and also potentially opens possibility to re-architect piece by piece without triggering a complete rewrite. I ran into a scenario where I am considering wrap up a large monolith (with many threads … Continue reading Inter-process communication on Windows Containers