Cloud-Native Security and Performance: Two…

Kubernetes in a production environment, and you need to apply a patch #Kubernetes #Security #Patching #Containers

Cloud-Native Security and Performance: Two…

You’re running Kubernetes in a production environment, and you need to apply a patch — perhaps to a commercial application, an open source component or even a container image. How long should it take to implement that patch in production? Thirty days? One day? One hour?


VMware Social Media Advocacy

Azure – Create Kubernetes Cluster with ACR Integration

How to create a Kubernetes Cluster with ACR Integration and Service Principal Authentication.

Create Kubernetes Cluster, Select the Kubernetes Services Blade> Cloud Shell

You will be prompted for storage if not already configured

Type “az” to use Azure CLI

Run script from Microsoft docs here

Create a new AKS cluster with ACR integration. If you haven’t got a service principal created, skip to the next section before creating the AKS cluster

# set this to the name of your Azure Container Registry. It must be globally unique

$MYACR=myContainerRegistry

# Run the following line to create an Azure Container Registry if you do not already have one

az acr create -n
$MYACR -g myContainerRegistryResourceGroup –sku basic

# Create an AKS cluster with ACR integration

az aks create -n myAKSCluster -g myResourceGroup –generate-ssh-keys –attach-acr
$MYACR

To configure Registry authentication service principals – MS doc guide to create Service Principal, (script is formatted for the Bash shell)

Create a service Principal

#!/bin/bash
# Modify for your environment.
# ACR_NAME: The name of your Azure Container Registry
# SERVICE_PRINCIPAL_NAME: Must be unique within your AD tenant
ACR_NAME=<container-registry-name>
SERVICE_PRINCIPAL_NAME=acr-service-principal
# Obtain the full registry ID for subsequent command args
ACR_REGISTRY_ID=$(az acr show --name
				$ACR_NAME --query id --output tsv)
# Create the service principal with rights scoped to the registry.
# Default permissions are for docker pull access. Modify the '--role'
# argument value as desired:
# acrpull:     pull only
# acrpush:     push and pull
# owner:       push, pull, and assign roles
SP_PASSWD=$(az
				ad
				sp create-for-rbac --name http://$SERVICE_PRINCIPAL_NAME --scopes $ACR_REGISTRY_ID --role acrpull --query password --output tsv)
SP_APP_ID=$(az
				ad
				sp
				show --id http://$SERVICE_PRINCIPAL_NAME --query appId --output tsv)
# Output the service principal's credentials; use these in your services and
# applications to authenticate to the container registry.
echo "Service principal ID: $SP_APP_ID"
echo "Service principal password: $SP_PASSWD"

The author does not verify any of the scripts are test and everything should be done in Dev only.

Introducing Kubernetes Academy Brought to You…

Introducing Kubernetes Academy Brought to You by VMware!

Introducing Kubernetes Academy Brought to You…

We’re excited to introduce Kubernetes Academy Brought to You by VMware—a free, product-agnostic Kubernetes and cloud native technology education platform. Kubernetes Academy provides an accessible learning path to advance your skill set, regardless of where you are on your Kubernetes journey.


VMware Social Media Advocacy

Azure and Containers

What is a container?
A container is a live and running copy of an image which may have been customised.
An image is a read only copy of an image before it was running as a container

How do you implement containers in Azure

Two options, containers we deploy ourselves and containers Microsoft manage
Container can be running on Windows 2016 or Linux OS
CPU and Ram assigned to each individual container

Containers Limited security risk?
Microsoft offers Hyper-V running containers for those concerned
Azure container covers this way.
Others offer shared application containers.

Notes around Docker?
A docker file is like a script to build the container which takes a source and makes an app on an image, which makes a container as its running.

Docker has other tools: Docker toolbox, Docker client and Kitematic (GUI client)

How to Install Docker for Windows

https://docs.docker.com/docker-for-windows/install/

Quick install guide :
1) Navigate to https://docs.docker.com/docker-for-windows/install/#download-docker-for-windows
2) 
On the Install Docker for Windows page, click Get Docker for Windows (Stable).
3) When prompted whether to run or save Docker for Windows Installer.exe, click Run.
4) Once the installation completed, click Close and log out.
<https://github.com/MicrosoftLearning/20533-ImplementingMicrosoftAzureInfrastructureSolutions/blob/master/Instructions/20533D_LAB_AK_07.md>

Note
When you make a mistake deploying a docker-machine .. Ie.. Forget to enter a region… But the machine builds and you enter an error state.
Start again by removing the docker-machine

Launch CMD as admin : docker-machine rm “machine name”

 

Kubernetes
Kubernetes a management tools to for Docker. An alternative Docker Swarm for large scale
Deploy Kubernetes cluster for Linux containers

From <https://docs.microsoft.com/en-us/azure/container-service/kubernetes/container-service-kubernetes-walkthrough>

https://docs.microsoft.com/en-us/azure/aks/intro-kubernetes

DCOS getting started with Kubernetes

https://kubernetes.io/docs/getting-started-guides/dcos/