PAUL'S BLOG

Learn. Build. Share. Repeat.

Strengthening the Secure Supply Chain

2024-03-17 12 min read Kubernetes Security GitOps Tutorial
This post will walk you through a demo I presented at the SCaLE21X conference. The session is titled, Strengthening the Secure Supply Chain with Project Copacetic, Eraser, and FluxCD and this step-by-step guide will enable you do it on your own. Prerequisites To begin, you will need to have the following: Docker Desktop to run a Kubernetes cluster locally Git to clone the demo repository GitHub account We will also be using the following tools: Continue reading

Bootstrap your GitOps-enabled AKS cluster with Terraform: A code sample using the Flux v2 K8s Extension

2023-09-28 6 min read GitOps Kubernetes Developer Tutorial
In my previous posts, we learned how to get started with GitOps on AKS using the K8s extension for AKS. Then, we took a look at the Flux CLI and explored how it can be used to bootstrap your cluster and generate FluxCD manifests so that we can use GitOps to implement GitOps 🤯, and implemented Flux’s image update automation capability. From there, we built on the concept of image update automation, and showed you how you can use Flagger to automate canary deployments. Continue reading

Progressive Delivery on AKS: A Step-by-Step Guide using Flagger with Istio and FluxCD

2023-09-26 13 min read GitOps Kubernetes Developer Tutorial
In my previous post, we setup an Azure Kubernetes Service (AKS) cluster to automatically update images based on new image tags in a container registry. As soon as a new image was pushed to the registry the image was immediately updated. But what if you don’t want an agent automatically pushing out new images without some sort of testing? 🤔 In this article, we’ll build upon Flux’s image update automation capability and add Flagger to implement a canary release strategy. Continue reading

Automating Image Updates with FluxCD on AKS

2023-09-22 13 min read GitOps Kubernetes Developer Tutorial
In my previous post, we walked through the setup of FluxCD on AKS via AKS extensions. In this article, we’ll go a bit deeper and take a look at how you can use FluxCD to automate image updates in your AKS cluster. The goal here is to streamline the process of updating your application deployments in your cluster. Here is our intended workflow: Modify application code, then commit and push the change to the repo. Continue reading

Git going with GitOps on AKS: A Step-by-Step Guide using FluxCD AKS Extension

2023-09-20 12 min read GitOps Kubernetes Developer Tutorial
In reading through @StevenMurawski’s blog post titled, What Really is GitOps? we learned that GitOps is a way to do Continuous Delivery of our applications on Kubernetes. In this post, I will jump right into how you can “git” going with GitOps by enabling the FluxCD AKS Extension on your Azure Kubernetes Service (AKS) and using a tool called Kustomize to help with Kubernetes configuration management. We’ll deploy my new favorite demo app, AKS Store Demo to our AKS cluster and then make some changes to the application and see how FluxCD handles them. Continue reading

Does Workload Identity on AKS work across tenants?

2023-08-25 11 min read Tutorial Identity Azure AKS
Introduction An interesting use case for Workload Identity came up recently. I was asked if a Pod in an AKS cluster that was deployed in one tenant can access Azure resources within another tenant. I’ve configured Workload Identity on AKS many times, and I thought “in theory” it should “just work”, but I never tested it across tenants. So I decided to give it a try. TL;DR: Yes, it does work. Continue reading

Streamline Network Observability on AKS: A Step-by-Step Guide to enable the AKS add-on with Terraform

2023-07-10 11 min read Tutorial
Have you ever had to troubleshoot network issues in your Kubernetes clusters? If so, you know how challenging it can be to identify and resolve problems. To troubleshoot network issues you probably had to use a combination of tools like kubectl, tcpdump, wireshark, and netstat. The list goes on and on… While these tools are great for debugging and capturing network logs and traces, they don’t provide a holistic view of your cluster’s network traffic. Continue reading
Older posts