When it comes to using Service Principal in Azure, I always advise using Managed System Identity (MSI). MSI is simpler and safer. MSI handles certificate rotations. We never see the certificate. Remember this: the safest secret is the secret you never see. But in cases we can’t use MSI, we are going to give a … More Authenticating an Azure service principal
Azure Data Lake Storage (ADLS) Generation 2 has been around for a few months now. That new generation of Azure Data Lake Storage integrates with Azure Storage. This makes it a service available in every Azure region. It also makes it easier to access as it is built on foundation well known to Azure users. … More How to use Azure Data Lake Storage REST API
AKS has a nice integration with Azure monitor. Out of the box there are a couple of dashboards for common metrics. What if you need to go beyond those metrics? This is what we’re going to do in this article. I’m going to show how to get the CPU usage per container. Along the way … More Monitoring metrics in AKS
ARM templates are a powerful way to deploy Azure resources. It’s a declarative language which express the target state. It can therefore be used to create or update resources. An ARM template is a JSON file. Once a target is big enough it becomes convenient to split the ARM template into multiple files. This can … More Deploying an ARM template hierarchy
Use case: I have a central thingy that needs to talk to a service protected by a service endpoints (e.g. storage account, Azure SQL DB, Azure Maria DB, etc.). That service is also accessible to another compute in other Virtual Networks. Is that possible? Just to make it a little more concrete, let’s give an … More Multiple Service Endpoints to multiple services
Kubernetes doesn’t know what resources (i.e. CPU & memory) your container needs. That is why you must give it some hints. If you run way under capacity and / or fairly similar pods, you do not need to do that. But if you start approaching the maximum capacity of your cluster or if you have … More Requests vs Limits in Kubernetes
[Update 05-04-2019: Erratum on the original article. Logic Apps is actually able to perform public IP filering.] Azure API Management acts as a front door to your APIs. Typically, we do not want users / apps to be able to access the underlying APIs directly since that would bypass the API Management policies, e.g. throttling, … More API Management exclusive access to Azure Function
