Paul's Blog

A collection of notes and stuff I find interesting

Does Workload Identity on AKS work across tenants?

2023-08-25 11 min read Tutorial Identity Azure AKS
Introduction An interesting use case for Workload Identity came up recently. I was asked if a Pod in an AKS cluster that was deployed in one tenant can access Azure resources within another tenant. I’ve configured Workload Identity on AKS many times, and I thought “in theory” it should “just work”, but I never tested it across tenants. So I decided to give it a try. TL;DR: Yes, it does work. Continue reading

Streamline Network Observability on AKS: A Step-by-Step Guide to enable the AKS add-on with Terraform

2023-07-10 11 min read Tutorial
Have you ever had to troubleshoot network issues in your Kubernetes clusters? If so, you know how challenging it can be to identify and resolve problems. To troubleshoot network issues you probably had to use a combination of tools like kubectl, tcpdump, wireshark, and netstat. The list goes on and on… While these tools are great for debugging and capturing network logs and traces, they don’t provide a holistic view of your cluster’s network traffic. Continue reading

Purging Deleted Azure Key Vaults

2023-02-27 1 min read Code snippets
Do you constantly provision and delete Azure Key Vaults? If so, you may have noticed attempts to recreate a recently deleted key vault will result in the following error: The vault name is already in use. This is because Azure Key Vaults are kept in a deleted state and not automatically purged. You must manually purge these key vaults to be able to reuse the name. To confirm the key vault in question is in “deleted” state, you can run the following: Continue reading

Web Application Routing on AKS

2022-11-16 5 min read Architecture
Exposing your web applications on Azure Kubernetes Service (AKS) has gotten a little bit easier. In this post, I will cover the new Web Application Routing feature for AKS and discuss reasons why you may want to implement it within your cluster. Exposing your app You have a lot of options when it comes to exposing your application Pods to the world. If you’re using a managed-Kubernetes service in the cloud, you could deploy a Service and set the type to LoadBalancer and your cloud provider will provision one with a public IP. Continue reading

Deploying ARM64 workloads to AKS

2022-11-02 6 min read Tutorial
You might have heard by now that Azure has partnered with Ampere to bring ARM-based processors for virtual machines on Azure. This is super exciting as it gives you an opportunity to deploy workloads on highly performant and power efficient virtual machines and these characteristics ultimately result in excellent price-performance (lower costs 🥳) So… are you ready to deploy your workloads to ARM64 node pools on AKS? I sure wasn’t when attempting to deploy the azure-voting-app-redis application to my cluster. Continue reading

Sharing Bicep Modules with Azure Container Registry

2022-10-11 14 min read Tutorial
One of the things I do as a Cloud Native Advocate at Microsoft is build end-to-end lab scenarios in the repo. Most of the demo scenarios we aim to cover is in and around the container space and a majority of the labs uses Azure Bicep to declaratively provision Azure infrastructure. As more labs get spun up, there is a potential for redundant Bicep code. You might have already guessed, there’s a need for re-usable code to spin up AKS clusters. Continue reading

Securely connect to your Azure Linux Virtual Machine with Tailscale SSH

2022-08-12 13 min read Tutorial
Being on the Cloud Advocate team at Microsoft, we’re always looking to empower every developer to achieve more on Azure. One way of doing this is by bringing you hands-on content to deliver end-to-end scenarios using cloud-native and open source technologies. My colleague on the Cloud Native team, Aaron Wislang has been cooking up a bunch of labs in our Azure Open Source Labs repo and one area we’ve been collaborating on is within the Azure Linux VM space. Continue reading
Older posts