Skip to main content

Posts

Showing posts from 2017

Get NodeAuthorization working in Kubernetes with acs-engine

Node Authorization in k8s I'm starting to get into the container world and I'm loving it. Recently we helped a client build out and deploy a micro-services application in Kubernetes. We created the cluster in Azure using the open source project acs-engine. After we got the cluster set up, our client asked for some updates to the cluster for security reasons. One of those updates was to enable Node Authorization.

What is Node Authorization? Node Authorization locks down each Node in the cluster to only be able to do actions on itself. If this is not turned on, its possible for a malicious pod to take actions on any other node, including reading secrets, deleting pods, etc. There is an excellent post by Antoine Cotten that explains this very well ( as well as RBAC, which is a different subject altogether).
How do I set it up? Based on the current documentation, it looks like setting up Node Authorization should be easy. Basically follow these steps Turn on TLS Boot StrappingEdit…

Executing .ps1 files in a DockerFile

This week I was trying to containerize an existing java application. Part of "installing" the application  on the container required executing an PowerShell script in the container during the Image build. Based on the documentation here I thought i could add the following command to my dockerfile and it would work:

RUN install.ps1

However, when I went to build the image, it just hung on that step. I tried several other variations of the run command including:

RUN ["Powershell", ".\install.ps1"]
which resulted in the following error: '["Powershell"' is not recognized as an internal or external command,operable program or batch file.

RUN ["Powershell.exe", ".\install.ps1"] which returned the same error as above.

I was about to give up and move the PowerShell commands from the .ps1 file directly into the dockerfile itself as described here, but I had an "A HA!" moment and decided to give a simpler approach a tr…

IOT security made easy with Azure IOT Suite

There has been quite a lot of talk about security concerns as it relates to IOT devices and security. Businesses want to make sure that they are not opening themselves up to a ton of risk as they expand their data streams and to increase productivity. Thankfully Azure IOT suite makes securely connecting your IOT devices to the cloud quick and easy.

Before we get too far, its important to explain exactly what IOT security means:

IOT Security In its simplest form, IOT security is broken down into zones and trust boundaries. Typically the zones are defined as follows:
Devices – IOT devices that capture and send dataField Gateway – Devices that can aggregate data to and from devicesCloud Gateways – Endpoint that receives / sends data and commands to Field Gateways or directly do devicesServices – The services that “do work” on the data that is received from the IOT devices (via the gateways) Trust boundaries are where data moves between zones. During this movement across boundaries the dat…