Using Azure Private Link Service Integration on AKS

In some cases, you may want to create a private link for the services that you host on an AKS cluster. With private link, clients or services outside of the AKS cluster can communicate with your...
Read More ⟶

Migrate from Pod Identity to Workload Identity on AKS

I've been using AAD Pod Identity and managed identity for some of my workloads. Since AAD Workload Identity now supports user assigned managed identity, it's time to migrate my workloads from Pod...
Read More ⟶

Kubernetes Secrets vs. Azure Key Vault

Here is an opinionated comparison that I created. Hope it can help you make the decision when you have to choose one. Kubernetes SecretsAzure Key VaultHow secrets are storedStored in Etcd with...
Read More ⟶

The Essentials of Resource Management in Kubernetes

The resource requests and limits that we set for containers in a Pod spec are the key settings that we can use to influence how Kubernetes schedule the pod and manage the computational resources,...
Read More ⟶

Scaling with Application Gateway Ingress Controller

How Application Gateway Ingress Controller (AGIC) works is depicted in the following diagram on its document site. AGIC Architecture Rather than pointing the backend pool of App Gateway to a...
Read More ⟶

Enable Virtual Node on an Existing AKS Cluster

The virtual node can be enabled when you create a new AKS cluster. There are documents talking about how to do it with either the Azure CLI or Azure Portal. Since the virtual node is an AKS add-on, ...
Read More ⟶

Node Allocatable in AKS

Kubernetes' Node Allocatable feature allows the cluster to reserve the resources of node for system daemons of OS and Kubernetes itself. For example, when I ran kubectl describe node for a node in...
Read More ⟶