Richard Hagen comments

Results 101 comments of


                                            Richard Hagen

[Feature]: Allow whitelist of subjects for machine-to-machine authentication

We built this as an alternative for anyone else needing this: https://github.com/equinor/radix-oauth-guard :) Would be happy to contribute a PR to oauth2-proxy if its wanted 👍

Azure storage with federated workload identity

Tried this tonight, but getting a panic from ADAL(!?) The workload identity token is added to the pod with the usual AZURE_ env variables... ``` panic: runtime error: invalid memory...

Azure storage with federated workload identity

Thanks, I added `azure.workload.identity/client-id` annotation manually to the service account, and it stopped panicking! (And when creating the bucket names in the correct storage account, everything worked great! 🙏 )

Add exception: Least privileged Linux capabilities should be enforced for containers [Medium]

We should keep chroot enabled on ingress-nginx: https://kubernetes.io/blog/2022/04/28/ingress-nginx-1-2-0/

An application build (buildah) will not have access to other repositories in the Registry

Use ADAC for ACR when available for limited access pr application https://github.com/Azure/acr/issues/380

Can we replace Dynatrace availability monitoring with Grafana and Prometheus

Can we just publish this dashboard? https://grafana.ext-mon.radix.equinor.com/d/aba9fa58-56a6-439f-ad70-27f301e95c62/radix-uptime?orgId=1&from=now-30d&to=now ![Image](https://github.com/equinor/radix-platform/assets/5749715/1d52791f-60c1-4e31-b213-f246a3f7727f)

Solution for backup of Container Registry

Response from microsoft: Use Management Policies to avoid accidental deletion Added CanNotDelete lock to avoid accidental deletion

Enable Cilium for AKS (Advanced Container Networking)

https://learn.microsoft.com/en-us/azure/aks/azure-cni-powered-by-cilium Started `cililum-26` with these network options: ``` AKS_NETWORK_OPTIONS=( --network-plugin "azure" --network-plugin-mode overlay --network-dataplane cilium ) ``` # Setup Advanced Networking with managed Cilium, but bring your own Grafana/Prometheus https://learn.microsoft.com/en-us/azure/aks/advanced-network-observability-bring-your-own-cli?tabs=non-cilium...

Enable Cilium for AKS (Advanced Container Networking)

To upgrade existing Calico cluster to Cilium: - Remove Calico and network policies - Upgrade network mode to overlay - Install cilium

Find performance metrics and cost for AMD vs. ARM (Microsoft)

https://www.augmentedmind.de/2024/01/28/benchmark-azure-vm-in-kubernetes/ https://learn.microsoft.com/en-us/azure/virtual-machines/windows/compute-benchmark-scores https://learn.microsoft.com/en-us/azure/virtual-machines/epsv5-epdsv5-series https://learn.microsoft.com/en-us/azure/virtual-machines/eav4-easv4-series https://learn.microsoft.com/en-us/azure/virtual-machines/easv5-eadsv5-series **ARM**: ARMv8 Neoverse-N1: e8pdsv5eph: $395 **AMD**: AMD EPYC 7452 32-Core Processor: e8av4eph: $432 **AMD**: AMD EPYC 7763 64-Core (Zen 3): e8adsv5eph: $388 ![Image](https://github.com/equinor/radix-platform/assets/5749715/407c879e-02b4-4f60-bb29-5edbce2524d5) # AMD:...