Deploying Azure Policy using Terraform Module

While working on Azure, you might come across a requirement that says the resources being deployed should be in accordance with the organization’s policies. Suppose you might want to grant a particular or a set of permissions on the resource group or on the management group so that the owner of it should be restricted like denying deploying of resources by enforcing resource tagging, region enforcement, allowing approved Virtual machines (VM) images, and many more. 

In this blog, we will try to resolve these issues by applying Azure policies. 

First, let’s get familiar with the azure policy.

The azure policy is a service that has been designed to help you enforce different rules and to act based on the rule’s effect on your Azure resources. You can use it to create, assign and manage policies. Azure policy evaluates your resources for non-compliance with assigned policies and performs the assigned effect. 

Continue reading “Deploying Azure Policy using Terraform Module”

Kubernetes CSI: Container Storage Interface – Part 1

There are different application categories in the general application world, but we usually define them in two major types, i.e., stateless and stateful applications.

To have a clearer perspective, we can say that API-based applications are generally stateless, and databases are stateful. In simple words or definition, a stateless application is an application that doesn’t save or persists the client data. On the other hand, a stateful application saves data about each client and uses it for other requests.

In the older days, when we didn’t have a concept of containers and container orchestrators, there was a common way to manage both types of applications: server. For example- API and database-based applications get hosted on servers but with different configurations depending on the resource requirements.

Continue reading “Kubernetes CSI: Container Storage Interface – Part 1”

Introduction to Azure Security

DevOps Security or DevSecOps is a set of practices and tools that bring together software development (Dev), IT operations (Ops), and security (Sec) to increase an organization’s ability to deliver applications and services securely. DevOps presents new risks that create security challenges that cannot typically be addressed by conventional security management solutions and practices. One of the prominent security challenges in DevOps environments is privileged access management. DevOps processes require human and machine privileged credentials which are quite powerful and highly susceptible to
cyber-attacks. So strong security practices should be inserted throughout the application lifecycle to reduce vulnerabilities, improve security posture and mitigate risk.

Continue reading “Introduction to Azure Security”

Terraform CI-CD With Azure DevOps

Let’s consider a scenario in which you are deploying your infrastructure using a Terraform code (infrastructure-as-code) which is stored in a remote git repository. Now working in an organization you need to make sure that all your deployments are always tracked without an exception, an add-on to that whether your Terraform code is following your security and compliance policies or not. Or maybe what is the monthly cost that you can expect with that infra and whether it lies under your budget or not. You may also want to take note that all your resources are being created in the same region… etc… etc.

Sounds magical right !!! We all know that these concerns are very important when you’re looking for a highly consistent, fully tracked, and automated approach. That’s why in this article we are going to look for a simple step-by-step way to automate and streamline our Terraform code using Azure DevOps (ADO).

Soo… Let’s Get Started !!!

Continue reading “Terraform CI-CD With Azure DevOps”

Azure HA Kubernetes Monitoring using Prometheus and Thanos

Introduction

Long since Prometheus took on the role of monitoring the systems, it has been the undisputed open-source leader for monitoring and alerting in Kubernetes systems, it has become a go-to solution. While Prometheus does some general instructions for achieving high availability but it has limitations when it comes to data retention, historical data retrieval, and multi-tenancy. This is where Thanos comes into play. In this blog post, we will discuss how to integrate Thanos with Prometheus in Kubernetes environments and why one should choose a particular approach. So let’s get started.

Continue reading “Azure HA Kubernetes Monitoring using Prometheus and Thanos”