azure-policy
examples
Our great sponsors
azure-policy | examples | |
---|---|---|
9 | 9 | |
1,427 | 6,022 | |
1.8% | 1.0% | |
8.1 | 3.5 | |
8 days ago | 18 days ago | |
Open Policy Agent | Shell | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
azure-policy
- VMSS Azure Policy Compliance
-
Automation as key to cloud adoption success
Reference: https://github.com/Azure/azure-policy
-
Favorite cloud provider governance tips and tricks?
I just came across this post over in the Azure subreddit and it gave me a good idea on one way to deal with rogue Azure subscriptions - just have them default into a Management Group where a policy is in-place that basically denies use of any and all services.
-
How can we stop random users in our on-prem AD from creating new Azure subscriptions?
Oooo, that's a nice trick for the use of the root management group which usually has best practice to leave empty. I like that a lot! Could maybe pair that with the "deny all resource types" policy sample, and then even if someone does create a new subscription it's pretty much 100% neutered until someone pulls it out of the root management group and places it somewhere else.
-
Architecture on Decommission huge list of old Azure servers
Found a 2018 Github article - https://github.com/Azure/azure-policy/issues/102
-
Public assets
MS Repo https://github.com/Azure/azure-policy/tree/master/built-in-policies/policyDefinitions
-
How can I resolve this Security center recommendation: "Replace a process level token"
I can see here that is expecting azure-policy/AzureWindowsBaseline.mof at master · Azure/azure-policy · GitHub: "LOCAL SERVICE, NETWORK SERVICE". However, that would exclude the web app pools.
-
Iron Dome = 'Security Policies' at scale for your Multi-Cloud accounts
Azure shared with us a GitHub repository contains built-in samples of Azure Policies that can be used as reference for creating and assigning policies to your subscriptions and resource groups.
-
Compliance with policy or blueprints?
The only real way you'll be able to do this is via an Azure Policy, alongside a deny effect - where your policy would restrict based on the type field, with the values passed in via an array parameter (example)
examples
-
SBOM with Checkov
$ git clone https://github.com/dwmkerr/terraform-consul-cluster.git $ git clone https://github.com/splunk/splunk-aws-cloudformation.git $ git clone https://github.com/webdevops/Dockerfile.git $ git clone https://github.com/softprops/serverless-aws-rust-http.git $ git clone https://github.com/kubernetes/examples.git $ git clone https://github.com/prometheus-community/helm-charts.git
-
Which block storage solution to self host ?
Then for the initators (k8s pods), just reference the builtin iSCSI CSI driver in your deployment's [volume config](https://github.com/kubernetes/examples/blob/master/volumes/iscsi/iscsi.yaml).
-
Automation as key to cloud adoption success
Reference: https://github.com/kubernetes/examples
-
MountVolume.SetUp failed for volume "nfs" : mount failed: exit status 32
I am setting up a kubernetes lab using one node only and learning to setup kubernetes nfs. I am following kubernetes nfs example step by step from the following link: https://github.com/kubernetes/examples/tree/master/staging/volumes/nfs
- I just passed the CKA!! Here are some tips (2022)
-
Any example kubernetes applications I can reference?
It doesn't seem like there are a lot of good open source k8's projects. One I could find was the kubernetes/examples repo.
-
GlusterFS for Kubernetes Volume Storage: Ability to mount directories in volumes?
Kubernetes has a decent example of using GlusterFS for Volume storage: fun documentation link
-
Full Stack Kubernetes with Kong Ingress Controller
Now let's deploy something that will return some results. Kubernetes has multiple example applications available in a Github repo. We are going to deploy the Guestbook App with these commands:
-
Microk8s + iSCSI not mounting
Following this example Kubernetes iSCSI Example, I created a new raw LUN and deployed the below pod manifest:
What are some alternatives?
OPA (Open Policy Agent) - Open Policy Agent (OPA) is an open source, general-purpose policy engine.
microservices-demo - Deployment scripts & config for Sock Shop
balanced-employee-ip-agreement - GitHub's employee intellectual property agreement, open sourced and reusable
aws-cdk-examples - Example projects using the AWS CDK
shellharden - The corrective bash syntax highlighter
azure-pipelines-yaml - Azure Pipelines YAML examples, templates, and community interaction
opal - Fork of https://github.com/permitio/opal
Dockerfile - :package: Dockerfiles from WebDevOps for PHP, Apache and Nginx
Community-Policy - This repo is for Microsoft Azure customers and Microsoft teams to collaborate in making custom policies.
microservices-demo - Sample cloud-first application with 10 microservices showcasing Kubernetes, Istio, and gRPC.
Certified-Kubernetes-Security-Specialist - Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.
AKS - Azure Kubernetes Service