OpenShift on Azure - Custom DNS
If you are using RedHat OpenShift on Azure as your container platform, you are most likely using Azure DNS to resolve names of your cluster nodes – at least when you deployed it using the ARM-Template provided by Microsoft with Azure as the OpenShift cloud provider instead of an “Bare-Metal” installation on Azure VMs without an cloud provider config.
All the pods running on your compute nodes will have the same DNS servers as the host, because it’s the default inheritance in Kubernetes.
Servers on Azure receive their IP configuration from the Azure DHCP-service. This results in configurations on the server - on Linux, the file /etc/resolve.conf gets filled with the custom DNS servers configured in your VNET.
If you run the command:
hostname -f
you will get the hostname and the Azure internal DNS-Name, something like:
This means, your pods will not be able to use the DNS-suffix of your local domain to resolve DNS-names, Assuming you want to use your local domain for DNS, you need to modify the file
sudo vi /etc/sysconfig/network-scripts/ifcfg-eth0
and add the property DOMAIN=yourdomain.local
After restarting the server, your server has the wanted fqdn
hostname -f
Of course you should apply these changes using Ansible to all nodes in your cluster and you must update the inventory file because now your hosts need to use the new fqdn.
Office 365 low hanging security fruits - Mail tagging
This part is focused once again on mail traffic and its attack vectors. Specifically, I wanted to tag all incoming mails in Office 365 Exchange, which are not coming from trusted domains. This is really easy to implement with Exchange Online rules and doesn't even require any kind of powershell knowlegde, so every O365 should have implemented this policy in their environment.
Post Azure Monitor Alerts in Microsoft Teams Channel
This topic is not new and quite frankly, it is hard to believe this is still not integrated yet, but at some point, during your cloud journey, you probably want to send monitoring alerts to a certain Teams channel. Even though this is functionality is available for plenty of other services, Azure Monitor still lacks this.