azure-policy VS examples

Reference: https://github.com/Azure/azure-policy

I just came across this post over in the Azure subreddit and it gave me a good idea on one way to deal with rogue Azure subscriptions - just have them default into a Management Group where a policy is in-place that basically denies use of any and all services.

Oooo, that's a nice trick for the use of the root management group which usually has best practice to leave empty. I like that a lot! Could maybe pair that with the "deny all resource types" policy sample, and then even if someone does create a new subscription it's pretty much 100% neutered until someone pulls it out of the root management group and places it somewhere else.

Found a 2018 Github article - https://github.com/Azure/azure-policy/issues/102

MS Repo https://github.com/Azure/azure-policy/tree/master/built-in-policies/policyDefinitions

I can see here that is expecting azure-policy/AzureWindowsBaseline.mof at master · Azure/azure-policy · GitHub: "LOCAL SERVICE, NETWORK SERVICE". However, that would exclude the web app pools.

Azure shared with us a GitHub repository contains built-in samples of Azure Policies that can be used as reference for creating and assigning policies to your subscriptions and resource groups.

The only real way you'll be able to do this is via an Azure Policy, alongside a deny effect - where your policy would restrict based on the type field, with the values passed in via an array parameter (example)

$ git clone https://github.com/dwmkerr/terraform-consul-cluster.git $ git clone https://github.com/splunk/splunk-aws-cloudformation.git $ git clone https://github.com/webdevops/Dockerfile.git $ git clone https://github.com/softprops/serverless-aws-rust-http.git $ git clone https://github.com/kubernetes/examples.git $ git clone https://github.com/prometheus-community/helm-charts.git

Then for the initators (k8s pods), just reference the builtin iSCSI CSI driver in your deployment's [volume config](https://github.com/kubernetes/examples/blob/master/volumes/iscsi/iscsi.yaml).

Reference: https://github.com/kubernetes/examples

I am setting up a kubernetes lab using one node only and learning to setup kubernetes nfs. I am following kubernetes nfs example step by step from the following link: https://github.com/kubernetes/examples/tree/master/staging/volumes/nfs

It doesn't seem like there are a lot of good open source k8's projects. One I could find was the kubernetes/examples repo.

Kubernetes has a decent example of using GlusterFS for Volume storage: fun documentation link

Now let's deploy something that will return some results. Kubernetes has multiple example applications available in a Github repo. We are going to deploy the Guestbook App with these commands:

Following this example Kubernetes iSCSI Example, I created a new raw LUN and deployed the below pod manifest: