This actually should not be a part 2 as it is not related to part 1 but actually a different way of setting AKS to get AKV’s resources. I name it as part 2 because I would people to go through either method.

Step-by-Step Guidance

# get the AKS associated service principal
az aks show -g <resource group name> -n <AKS name> | grep identityProfile -A 5
# note down the object ID of the service principal

Pod and Service Communication

To understand how external client gets to access services provided by Pods, we would need to create a simple NGINX Deployment with 3 replicas. Then expose it with native Load Balancer Service.

# create a NGINX Deployment with 2 replicas
- kubectl create deployment my-nginx --image=nginx --replicas=2
# check Pods to see each Pod's IP address and located Nodes
- kubectl get pods -o wide
# expose the Deployment with Load Balancer Service
- kubectl expose deployment my-nginx --type=LoadBalancer --port=80 --name=my-nginx-service

If you are like me, who has not much foundation on Docker and learn every cloud native after K8swas introduced, you might have the same urge to figure out how the networking works within the cluster.

In this series, I would try to touch on

  • Pod Intra-Node/Inter-Node Communication
  • Pod Service Communication
  • Pod Ingress Communication
  • Azure Container Network Interface (CNI)
  • CoreDNS

There are always new concepts and solutions coming out in K8s development every year, but I believe these should cover for the most part of K8s networking for now.

For the majority of this series, the environment would…

I have come across a request that administrators would like to know more details around their Azure resource whenever they are having specific situations, such as high inbound network, high CPU usage etc. However, with the default Azure Log Alert, we could only get very basic information depending on the condition we set. If we would like to get more, we would need to set up something else. In this article, we could try to see how to achieve this via Azure log alert webhook.

Step-by-Step Guidance

Recently, I came across a need of pushing Azure service health events to other platforms, could be any 3rd party monitoring services. Since this is not supported natively, I thought about using Azure function app to periodically query the needed information. On top of that, users could write other codes/scripts to push the needed information to their services. At the end of day, users would need to have solution, so they could monitor all sorts of service events in one platform instead of going through Azure portal and Azure status site.

If you do not know what service health events…

Here comes the 3rd part of the Azure Cosmos DB learning journey. In this part, we would be taking a look at Gremlin API, which essentially is Graph API. What is the biggest outstanding characteristic of Gremlin/Graph API? Definitely the fact that instead of using relational database common column to associate 2 or more tables to find the right record, Graph database would be using 1-to-many relationships to get the right record.

photo credit: Graph database vs Relational database | by Tarun Manrai | Dev Genius | Medium

Some good use cases for Graph database.

Dynamic systems where the data topology is difficult to predict

Dynamic requirements that evolve with the business

Problems where the relationships…

If you have not yet checked the previous parts of this series, please go ahead and check Part1, Part2, Part3, Part4, Part5, Part6, Part7 and Part8.

This article would provide some exam hacks I used while taking the CKS certification exam.

Source: Resources Allowed: All LF Certification Programs — T&C DOC (

Azure Policy allows users to have Azure resources in compliance state. If you would like to know more about what Azure Policy is and how it works, please click into the hyperlink in the previous sentence. One of the common policies enterprises use is enforce every Azure resource to have tags. In this article, we would enforce Azure resources within certain Resource Group to have tags.

Azure Policy

Head to Azure portal, click on “All services” and search for “policy”.

Inside Policy tab, click on “Definitions” then search “tag” and you would find a built-in policy named “Require a tag…

The title of this article is awfully long, but the purpose for having both secrets store CSI and AKV provider in AKS environment is really simple, letting AKS to get AKV’s resource, including secrets, certificates and keys, as native resource. In order to achieve that, we would have to implement pod identity or Azure active directory service principal (AAD SP) as the object that has sufficient permissions. We would use AAD SP for the following content.

Step-By-Step Guidance

  1. Create an AKS resource: Create a resource group then an AKS cluster
  2. Create an AKV resource
az keyvault create -g <resource group name> -n…

I happened to be researching how to use REST API for getting the custom metrics on AKS. The image below would show more what I am talking about here. This is not just normal metrics we could consume under Azure Monitor default REST API endpoints. These are actually metrics under Azure Monitor custom metric namespaces and it would require users to hit the right REST API endpoints for getting the data needed.

Create Azure Active Directory (AAD) service principal (SP)

We would need to create an AAD SP as it would be the representative for consuming all sorts of Azure…


Learning new things about Kubernetes every day. Hopefully, the learning notes could help people on the same journey!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store