Practical guides and insights on cloud infrastructure, DevOps, and modern engineering practices.
A hands-on demo using the AKS KEDA add-on and Azure Managed Prometheus to autoscale a Deployment on HTTP request rate. Covers the Prometheus scaler, ServiceMonitor scraping, Workload Identity authentication, and watching pods scale out and back in.
NGINX Ingress is retired. This guide walks through migrating AKS workloads to the App Routing add-on with Istio-based Gateway API, including GatewayClass, HTTPRoute, TLS from Key Vault, canary traffic splits, and header-based routing.
A complete walkthrough of the Argo CD cluster extension for AKS — what Argo CD is, the components behind it, and how to wire up App Routing ingress, TLS from Key Vault, and Microsoft Entra ID single sign-on with workload identity and group-based RBAC.
An AKS incident from our deployment pipeline: Azure Monitor addons moved to a cluster extension-based backend — and a sensible Azure Policy that blocked extensions suddenly broke our AKS provisioning with no warning.
A real incident from our AKS platform: resource locks on AKS-managed Azure disks silently broke the CSI driver during a node drain, leaving pods stuck without volumes. Here's what went wrong and what we should have done instead.
A practical walkthrough of wiring open-source Falco to Microsoft Sentinel for real-time Kubernetes runtime security: install, configure, ingest, and investigate threats — all with Infrastructure as Code.
