When working with internal container deployments, there are many cases, where applications need to access an internal HTTPS service. If these services use internal certificates from an internal certificate authority (CA), the client (container/pod) needs to trust the certificate chain including the Sub/Issuing CA certificate and the Root CA certificate.
These certificates have to be added to the trusted ROOT CA store, which should not be done at runtime (hence not with a sidecar container or similar constructs). The solution to this problem would be to add them at build time. We will discover how this process can be simplified and automated by using Azure Container Registry (ACR) tasks.
Since the my first post about Azure Hybrid DNS, I ran into a few more scenarios that I want to share with you.
In this post, I will go over the scenario in which you can use Azure Private DNS Zones as a sub-domain of your locally hosted DNS Zones.
Azure private DNS is a great solution to simplify DNS resolution for cloud resources in Azure. However, chances are you have components in your infrastructure that do not natively integrate with Azure DNS zones. In this post, I will show you how you to enable your own DNS solution to resolve names from Azure private DNS zones with CoreDNS on Azure Kubernetes Service.
Read more...If you are using RedHat OpenShift on Azure as your container platform, you are most likely using Azure DNS to resolve names of your cluster nodes – at least when you deployed it using the ARM-Template provided by Microsoft with Azure as the OpenShift cloud provider instead of an “Bare-Metal” installation on Azure VMs without an cloud provider config.
Read more...
