I see there are some nodes (those ones aks-usermoose-*.
) that has this taint:
"taints": [
{
"effect": "NoSchedule",
"key": "kubernetes.azure.com/scalesetpriority",
"value": "spot"
}
],
I see there are some nodes (those ones aks-usermoose-*.
) that has this taint:
"taints": [
{
"effect": "NoSchedule",
"key": "kubernetes.azure.com/scalesetpriority",
"value": "spot"
}
],
admissionWebhooks: | |
namespaceSelector: {} | |
objectSelector: {} | |
affinity: {} | |
collector: | |
containerLogs: | |
exporters: | |
awscloudwatchlogs: | |
log_group_name: /aws/ADOT/logs | |
log_stream_name: test |
{ | |
"$id": "http://example.com/example.json", | |
"$schema": "https://json-schema.org/draft/2019-09/schema", | |
"additionalProperties": false, | |
"description": "Configurable parameters of the adot Operator Addon", | |
"examples": [ | |
{ | |
"admissionWebhooks": { | |
"namespaceSelector": {}, | |
"objectSelector": {} |
##################################################### | |
# Function deploys an appengine artifact | |
# Globals: | |
# None | |
# Arguments: | |
# 1:PACKAGE | |
# 2:VERSION | |
# 3:ENVIRONMENT | |
# 4:SHADOW | |
# Returns: |
python -m pytest tests/test_health_check.py
============================================================== test session starts ===============================================================
platform linux -- Python 3.10.6, pytest-7.2.0, pluggy-1.0.0
rootdir: /home/bgarcial/projects/nd064_course_1/exercises/python-helloworld
plugins: flask-1.2.0
collected 2 items
tests/test_health_check.py E. [100%]
loki-install: | |
sh ./variables.sh | |
sh ./setup-loki-fluentbit.sh |
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
name: {{ include "postfacto.fullname" . }} | |
labels: | |
{{- include "postfacto.labels" . | nindent 4 }} | |
spec: | |
replicas: {{ .Values.replicaCount }} | |
selector: | |
matchLabels: |
When running, we are getting the json response from AAD and the JWT to validate the assertion done.
> go run geting_auth.go
{
"success":true,
"resource":{
"name":"Garcia Loaiza",
"surname":"Bernardo",
"logins":
# FROM maven:3.6.3-openjdk-15-alpine | |
FROM openjdk:14-alpine | |
MAINTAINER example.com | |
RUN mkdir -p /opt/demo-0.0.1/lib | |
# Setting application source code working directory | |
WORKDIR /opt/demo-0.0.1/ | |
RUN pwd | |
COPY /opt/demo-0.0.1/target/demo-0.0.1-SNAPSHOT.jar /opt/demo-0.0.1/lib/demo-0.0.1-SNAPSHOT.jar | |
# ADD target/demo-0.0.1-SNAPSHOT.jar /opt/demo-0.0.1/lib/ | |
RUN sh -c 'touch demo-0.0.1-SNAPSHOT.jar' |
This is a basic test case where we can work with kubernetes secrets where we will evaluate the reasons behind the base64
encoding approach implemented by default by Kubernetes is not a security measure since it is not an encryption process.
This is why a python approach is addressed to protect the secrets at the runtime execution from Azure DevOps avoiding to hardcode the base64
representation (which can be easily decoded) on the repository projects.
This approach solution was used for a Kong database approach deployment, and along the way we have created an architecture deployment from azure cli, and checking how to get TLS encryption for a simple http hello world service using an opensource CA like Let'sEncrypt by using the Kong Ingress Controller functionality inside Kubernetes. Having said this, we realised about the possibilities that Kong as a cloud native solution offers via their plugin architectural approach
In this small ca