UpdateThere is a follow up post with some updates, you can read here. Introduction If you are using Azure Pipelines, then you surely have used Microsoft-hosted agent. With Microsoft-hosted agents, maintenance and upgrades are taken care of for you. However, there are times when self-hosted agents are needed (i.e. customized images, network connectivity requirements etc.).… Continue reading Elastic self-hosted pool for Azure DevOps (on Kubernetes)
Azure App Service with Front-door – how to fix outbound URLs?
https://docs.microsoft.com/en-us/azure/frontdoor/quickstart-create-front-doorThis article shows how to rewrite IIS URLs (outbound) with URL rewrite module to configure legacy asp.net web apps hosted on Azure App Service but safeguarded with a WAF (Front-door/Application Gateway). Setting up Azure Front-door or Azure Application Gateway are fairly straight forward process and well documented in Microsoft Azure Docs. That is beyond the… Continue reading Azure App Service with Front-door – how to fix outbound URLs?
Bridge to Kubernetes – be confident on shipping software
Bridge to Kubernetes is a successor of Azure Dev Space. Distributed software’s are comprised of more than one services (often referred as micro-services), they depend on each other (one service invoking APIs of another service) to deliver capabilities to end users. While separations of services bring flexibility in delivering features (or bug fixes) faster, it… Continue reading Bridge to Kubernetes – be confident on shipping software
How to use ADFS/SAML2.0 as Identity provider with Azure AD B2C
Azure Active Directory B2C (Azure AD B2C) provides support for the SAML 2.0 identity provider. With this capability, you can create a technical profile in Azure AD B2C to federate with SAML-based identity provider, such as ADFS. Thus, allow users to sign in with their existing enterprise identities. Microsoft has good docs on this topic,… Continue reading How to use ADFS/SAML2.0 as Identity provider with Azure AD B2C
Azure Resource Governance with Template Specs & Biceps
All the example codes are available in GitHub. Background Governance of cloud estates is challenging for businesses. It’s crucial to enforce security policies, workload redundancies, uniformity (such as naming conventions), simplify deployments with packaged artifacts (i.e., ARM templates), Azure role-based access control (Azure RBAC) across the enterprise. Generally, the idea is, a centralized team (sometimes… Continue reading Azure Resource Governance with Template Specs & Biceps
Azure DevOps Security & Permissions REST API
I have written an updated version of this application; you can read here. Every Few months I notice the following Saga repeats. I face a challenge where I need to programmatically manage security aspects of Azure DevOps resources (like Repository, Pipeline, Environment etc.). I do lookup the Azure DevOps REST API documentation, realize that the… Continue reading Azure DevOps Security & Permissions REST API
Manage Kubernetes running anywhere via Azure Arc
Azure Arc (currently in preview) allows attach and configure Kubernetes Clusters running anywhere (inside or outside of Azure). Once connected the clusters shows up in Azure portal and allows applying tags, policies like other resources. This brings simplicity and uniformity managing both cloud and on-premises resources in a single management pane (Azure Portal). Azure Arc… Continue reading Manage Kubernetes running anywhere via Azure Arc
Restricting Unverified Kubernetes Content with Docker Content Trust
Docker Content Trust (DCT) provides the ability to use digital signatures for data sent to and received from remote Docker registries. These signatures allow client-side or runtime verification of the integrity and publisher of specific image tags. Image source: Docker Content Trust Through DCT, image publishers can sign their images and image consumers can ensure… Continue reading Restricting Unverified Kubernetes Content with Docker Content Trust
Azure DevOps Multi-Stage pipelines for Enterprise AKS scenarios
Background Multi-Stage Azure pipelines enables writing the build (continuous integration) and deploy (continuous delivery) in Pipeline-as-Code (YAML) that gets stored into a version control (Git repository). However, deploying in multiple environments (test, acceptance, production etc.) needs approvals/control gates. Often different stakeholders (product owners/Operations folks) are involved into that process of approvals. In addition to that,… Continue reading Azure DevOps Multi-Stage pipelines for Enterprise AKS scenarios
Azure AD Pod Identity – password-less app-containers in AKS
Background I like Azure Managed Identity since its advent. The concept behind Managed Identity is clever, and it adds observable value to any DevOps team. All concerns with password configurations in multiple places, life cycle management of secrets, certificates, and rotation policies suddenly irrelevant (OK, most of the cases).Leveraging managed identity for application hosted in… Continue reading Azure AD Pod Identity – password-less app-containers in AKS
Reverse Engineering 