Blog

Limit exposure of web applications on Kubernetes using Traefik ingress controller with IP whitelist middleware configuration.

Running Kubernetes on bare metal can be challenging on several aspects. One of those is the use of load balancers. MetalLB is a bare metal load balancer that uses ARP to dynamically create new load balancers using dedicated internal IP addresses.

Hugo is a static website generator that I’ve used to setup this website which is running on an Azure Static Web App. The website is fully automated, including the provisioning of infrastructure on Azure. In this blog post I share how you can setup this yourself using Terraform, SWA CLI, and ofcourse, Hugo.

Application consent policies in Azure Active Directory can be used to delegate tenant-wide user and admin consent to other users, groups and applications. This blog post explains how to configure these policies using the Microsoft Graph REST API including a test case to show how a test user is able to grant admin consent to an application it owns.

Azure App Registrations are often used as system identities that have access to API’s. Microsoft Graph is one of these API’s that are often used and has application roles that are high privileged and can be abused by an attacker to escalate privileges.

Since May 24th, Azure Container Apps is General Available in Microsoft Azure. With Azure Container Apps you are able to run containers in Microsoft Azure without the need to setup an Azure Kubernetes Service (AKS) cluster, but with the benefits of Kubernetes features.

Hashicorp Terraform is an infrastructure of code tool that is cloud-agnostic and supports on-premises aswell. I’m using the Terraform CLI quite some time, but nowadays there is another option: Terraform Cloud. Terraform Cloud is the managed service offering of Hashicorp and is the easiest way to start with Terraform today. Let’s check it out!

I bought some NodeMCU ESP32-WROOM-32 development boards to monitor temperatures of my central heating system with 20+ underfloor heating groups. I want to know the temperature of each group to optimize the system. I use ESPEasy because it is more or less plug-and-play. In this blog post I share how you flash and install ESPEasy on your ESP32.

Developing on Windows was challenging before Microsoft introduced WSL 2. Running Linux Virtual Machines with SMB/CIFS shares mounted into Windows was the best solution I could come up before there were tools like Vagrant. But all these solutions have one common problem. They mounted a Windows volume in Linux or visa versa which resulted in (very) poor I/O performance. Fortunately, WSL 2 resolves all these issues by running Docker and IDE’s like Jetbrains IntelliJ, PyCharm and PHPStorm in WSL 2.

It’s easy to deploy Elasticsearch on Kubernetes. You get yourself a copy of the Elastic Helm Charts and you run helm install. Job well done… or not? The default Elasticsearch configuration doesn’t enable any encryption or security mechanism, that doesn’t sound really safe! In this blog post, I’ll explain how you secure your Elasticsearch instance by enabling encryption (SSL transport and HTTP over SSL) and native authentication.