Secure Access to Azure Services using Workload Identity for Azure AKS

Although Azure Kubernetes Service (AKS) allows you to deploy containerized workloads in a managed Kubernetes environment, developers still need to deal with the challenge of securely managing access to Azure resources (e.g. Key Vault or Azure Storage). Traditionally, secrets like API keys or service account credentials are used to authenticate and authorize workloads, but this approach presents security risks and operational overhead.

In Azure for AKS clusters, developers have access to something similar called Workload Identity. It is a modern, secure, and scalable way to manage access without the hassle of managing secrets. In this blog post, we'll dive deep into what Workload Identity is, how it works in AKS, and why it's a game-changer for Kubernetes clusters on Azure.

App Accessing Azure Service

Note

In a related blog, we will see how users can achieve something similar in Amazon EKS clusters using EKS Pod Identity.

User Access Reports for Kubernetes

Access reviews are required and mandated by regulations such as SOX, HIPAA, GLBA, PCI, NYDFS, and SOC-2. Access reviews are critical to help organizations maintain a strong risk management posture and uphold compliance. These reviews are typically conducted on a periodic basis (e.g. monthly, quarterly or annually) depending on the organization's policies and tolerance to risk.

Providing auditors with periodic access to user access reports for Kubernetes is a critical task for any typical platform team. This becomes onerous and burdensome especially for organizations that operate 10s or 100s of Kubernetes clusters that are used by 100s of app developers and SREs. Doing this via manual processes is impractical.

General Process

In this blog, we will look at why user access reports are critical for organizations and how Rafay's customers implement this with very high levels of automation.

EC2 versus Fargate for Amazon EKS: A Cost Comparison

When it comes to running workloads on Amazon Web Services (AWS), two popular choices are Amazon Elastic Compute Cloud (EC2) and AWS Fargate. Both have their merits, but understanding their cost implications is crucial for making an informed decision.

In this blog, we'll dive into a cost comparison of EC2 and Fargate configurations within an Amazon Elastic Kubernetes Service (EKS) cluster.

Kubernetes v1.30 for Rafay MKS

Our upcoming release scheduled for June to our Preview environment adds support for a number of new features and enhancements. We will write about these in separate blogs. This blog is focused on support for Kubernetes v1.30 with Rafay MKS (i.e. upstream Kubernetes for bare metal and VM based environments).

Both new cluster provisioning and in-place upgrades of existing clusters are supported. As with most Kubernetes releases, this version also deprecates and removes a number of features. To ensure there is zero impact to our customers, we have made sure that every feature in the Rafay Kubernetes Operations Platform has been validated on this Kubernetes version. This will be promoted from Preview to Production in a few days and will be made available to all customers.

Kubernetes v1.30 Release

Introduction to Jupyter Notebooks

Jupyter Notebook is open-source software created and maintained by the Jupyter community. A Jupyter notebook allows for the creation and sharing of documents with code and rich text elements. It works with over 40 programming languages including Python, R, and Ruby making it versatile and flexible for data scientists. In this introductory blog to Jupyter notebooks, we will look at "why it exists" and "what it looks like".

Jupyter Logo

Choosing between Amazon ECS and EKS

We frequently get asked by users that are currently on AWS whether they should be using Amazon ECS or EKS to deploy and operate their containerized applications. Since this is such a common question and the answers are somewhat nuanced, we wanted to share our thoughts and recommendations for the benefit of all users.

Resize and Right Size Applications on Kubernetes

It is a well understood fact on Kubernetes that there is a significant amount of "wastage" of expensive cloud/infrastructure because of over provisioned applications. In this blog, we will look at how app developers and platform teams can save their organizations millions of dollars by right sizing their applications using a free, open-source tool called resize that we recently developed for our customers.

Important

Note that this is just one tool in a comprehensive Cost Control solution that Rafay provides our customers. Please contact us if you are interested in this.

CPU Request and Limit

Introducing Rafay's Generative AI based Copilot

A few days back, as part of our early March 2024 release, we opened up Rafay's Generative AI based Copilot to our customers. For the folks that are active readers of our product blogs, you will recognize that this is the result of a GenAI focused Hackathon we ran in late 2023. You can read more about our learnings from the Hackathon in 2023.

Just like Batman works way better with Robin as his copilot, we are seeing our customers benefiting immensely by using the Rafay Copilot that is integrated right in the console. In this blog, we will use a few examples to showcase the value of the Rafay copilot.

Batman and Robin