How can i implement the secret rotation policy on AKS?

Why are you using bash when 90% of us use powershell brother ?

Love your work man!

Thanks for sharing the detailed steps. I followed your video to add headers in app gateway but it's not showing up in the network tab.

Super 😊❤

First minute is actually wrong. Azure subnet route tables are automatically populated with systems routes, one of which is "Internet" "If you don't override Azure's default routes, Azure routes traffic for any address not specified by an address range within a virtual network to the Internet. There's one exception to this routing. If the destination address is for one of Azure's services, Azure routes the traffic directly to the service over Azure's backbone network" So traffic to internet destine for azure owned prefixes never leaves the az backbone. The service endpoints introduced an "optimized" route to reach azure services without having it traverse the traditional egress route to the internet. Ultimately this was introduced because people couldn't get their head around the fact that the traffic just didn't leave azure.

how to preserve the client ip with X-forwarding in App gateway?

This ssl is also recommended in prod?

Thank you sir. Very informative. Any suggestion how to rewrite the requests coming to AppGW containing some path, i.e. `/api/gen_2/service_endpoint` to remove the `/api/gen_2` part ?

Can we use azure vault to store certificate and use it with aks ingress for ssl termination?

Hi, just to say thank you for your videos, it's been great with learning, however none of your github links are working anymore and this is quite limiting in my learnings, can you update your links and provide them again?

good explanation. i am looking someone who can teach me complete aks with devops pipeline

i have done this but having errors as 1-Cannot find an open port. 2-No subscription found in the context. Please ensure that the credentials you provided are authorized to access an Azure subscription, then run Connect-AzAccount to login. 3- As warning - Port 8400 is taken with exception 'A socket operation encountered a dead network'; trying to connect to the next port. can you please support ?

Great video, much better than non-existent MS implementation guide for this product, I have 2 questions: 1. Are you aware of any method of putting backend server into maintenance mode for example when patching? It would be going up and down when patching so I don't want any connections going to that server. Looks like the only way now is just to remove it from the backend pool 2. Custom health probe for https. Looks like the only way to make it working is to use the FQDN of the load balancer as the host name. It's a bit counter intuitive to ask the load balancer how to find the backend servers but it works. Are you aware of any MS article explaining this?

Very nicely explained @shailender. Also, consider "Free automated SSL certificates in Azure Key Vault with ACME Certbot" for better life-cycle management.

Watch at 1.5x The content is good.

Simple, clear and precise explanation. Thanks for the Great video!

Beautiful

Hi Shailender, very good video and detail explanation. thanks for the session. i have one question instead of port forwarding to localhost i want access grafana and Prometheus using url. can you help me for this how can i setup this.

Wanted to know if we can achieve the same deployment to aks via creating a seperate release pipeline?? What would be the difference between this and with two diff ci and cd release pipeline? Which is used in companies?

i am planning to connect multiple instance to central keyvault in your demo you are added vm scaleset instead of that can i use azure service principal id or userAssignedIdentityID if yes can you please provide those steps

Good video. This pod is created just to check the secret right, for another application pods we dont need to do anything right. It will get connected with password?

Very good

Thank you very much. Can we add secure flag to cookies generated by app server. Because the app server is not configured to set the cookies with secure flag.

Very nice bro

Nice

Can we preserve client IP address in Azure firewall?

hi can you tell me how to do with Kubernetes manifest also.According to my understanding we can also use Azure Insights and from there we can install Prometeous and grafana right. From there how to analyse the Pods information. Integration i dont have any idea.

Azure app gateway has public ip but windows vm has private ip. Can you show how to use in that case?

Path base routing is not working bro

It's a wonderful video. I learnt about some security headers which I haven't even heard before. A Quality video. Thank you so much for sharing your knowledge.

when I enter the domain name given to the application gateway in the browser, the request is automatically redirected to the web app default URL. How this is possible?

Is there any feature here trace the API call indentify the root cause for high response times? .ex:like dynatrace will trace back API call where it was spending the time .

Is there a way to use the Certificate from a Key Vault in a different Subscription?

why didn't you use the default storage class? Can you please explain because I am not able to mount the volumes using the azure key vault using the default storage class.

only used egress policy then show from where traffic is block

Hi, fantastic tutorial. Could you please provide more videos showing Ubuntu virtual machine running Azure? Let's Encrypt and CertBot are being used by me on an Ubuntu 20.4 Virtual Machine to generate and automatically renew an SSL certificate. The process of issuing certificates is going well, however I'm having some trouble with the DNS URL generation for the Application Gateway. The https URL provided by Certbot states "Certificate is generated successfully" but the https link is still inactive and shows "Page not found". The same webpage is loaded when I hit the same URL with http. I mean the SSL certificate generated for Application Gateway's DNS is not working.

Awesome video !! Very helpful poc for job aspirants

Hi Shailender, very crisp explaination. Can we get container insights metrics for cpu and memory utilization using any script say python or powershell script? TIA

Is it possible to host 3 websites using 1azure application gateway? (I'm a student)

I have a simairl set up but I connect a webapp to a SQL db that is in a private vnet, I am using private vnet integration onto the webapp and connects via private DNS zone to the vnet. Is this secure? The webapp has to be public facing. Why is VNET better and must I have a public facing IP for the SQL db when the private vnet connection via web app integration works fine?

Very nice explanation

Can you share the start/stop runbook?

Well explained and really useful, thanks a lot for sharing it, great job :)

SUPER BRO

HI, one question, Does the Azure Load Balancer "kubernetes" created by ingress nginx automatically or created manually?

Very nice information on AG

how to start/stop multiple AKS clusters at once

Thank you for creating this, I googled a lot but couldn't figure out a way to export Let's encrypt as pfx. Didn't realize that the ACME client has that option.🙄. Is there a way to automatically renew this certificate? Without that this will be a headache.

Bull shit video 😂