Okay so far the other 2 articles cover

  1. The basics — Deploying a Spring Boot Microservice on AKS using Terraform and Azure DevOps
  2. Identity & Governance — Using Azure AD Pod Managed Identities to access Azure resources without having to manage credentials and to use Azure Policy for observing governance at scale

In the third part, we focus on Networking and look into the following aspects:

a) Enabling Private Link for PAAS Services like Key Vault & SQL database
b) Restricting Egress traffic from the AKS cluster using Azure Firewall
c) Choose the right type of LoadBalancer for your Ingress Traffic
d) Securing…


In the first article, we created a very simple Spring Boot App, dockerized it and deployed that to an Azure AD managed AKS cluster using Terraform and Azure Devops. In this article, we continue and make our setup more secure by

  1. Using Managed Identities to access Azure Key Vault which contains secret connection strings, instead of using base 64 encoded Kubernetes Secrets and use Azure AD Pod Identity to enable Managed Identities for Pods.
  2. Enable Azure Policy for our AKS cluster and enforcing some basic governance such as not allowing privileged containers to run, enforcing container CPU and memory resource…

Azure offers different ways to build & run your microservices ranging from Service Fabric to Azure Kubernetes Service to App Services to Azure Spring Cloud to even running Docker Enterprise and Apache Mesos in IAAS mode on Azure — the choice of compute depends on a lot of factors not excluding the affinity and knowledge of these services, the market hype (especially in case of Kubernetes), compatibility of the existing technology stack and the effort to migrate to the new service. Without trying to compare these compute options in Azure, in this article we focus on running your microservices “securely”…


Calling it Part2, but this is indeed the third post in our series of running Kafka on AKS, or any flavor of Kubernetes:

  1. Blog Post One— Running Kafka on Kubernetes
  2. Blog Post Two— Monitoring Kafka via Prometheus & Grafana.

The rationale behind calling it Part 2 is that you would only need the context & concepts of the first one, where we deployed a basic Kafka Cluster on AKS, created some Topics & Users and test the setup with Producer & Consumer CLI commands. Building on those, this blog post would focus on:

  1. Exposing the brokers outside Kubernetes Cluster securely.

Apache Kafka has seen great adoption across different verticals & industries and has indeed become the de-facto choice when it comes to data streaming, building real-time big data pipelines or even communicating asynchronously b/w your trendy microservices.

In this article, we compare and have a quick look at the various options you have to run your Kafka Cluster in Azure — please keep in mind this is my personal opinion based on my personal experience & does not reflect the opinion of my employer, Microsoft in this case.

Kafka — in Cloud ?

TL;DR — For the impatient check out the table below for a…


I don’t really want to re-iterate and focus on the fact that Microsoft loves Linux (whether it is about shipping a full linux kernel in Windows10 or supporting Linux Workloads on Azure or open sourcing PowerShell, VS Code or contributing to open source for that matter) You may think what this has got to know with Java & Azure Functions — nothing much really! But sometimes I get to hear that Azure does not support Java workloads as other clouds do, and I hope this post helps debunk that myth to some extent.

Microsoft does really love Linux !

In this post, we will explore how…


There is an abundance of tips & tricks for clearing the coveted CKAD exam by CNCF — so why I’m going to the trouble of writing one more ? Because I seriously believe it will not waste your time !

First & foremost, do not forget to read the official tips & tricks and a quick read of the CKAD handbook will tell you a lot of important things like

  • Ctrl+C & Ctrl+V will not work in the terminal window for the exam. Rather use Ctrl+Insert & Shift+Insert for Windows and different keystrokes for other operating systems — this is…

This is the second blog is our series of “Running Kafka on Kubernetes” — for context and initial setup, readers are encouraged the read the first entry to be able to setup Apache Kafka on Azure Kubernetes Service with enabled end-to-end encryption.

“Everything fails, all the time !” — Werner Vogels, Amazon CTO

While the probability of failure has decreased, but what Werner said in 2008 still holds true to a great extent, no matter whether you run your application in a on-prem environment or use any public cloud, the virtual machine running your software will eventually fail. And this…


Yes, Kubernetes was not designed for Stateful workloads. Yes StatefulSets and PersistentVolumes can be hard to reason about. Also when Kesley HighTower cautions against running stateful applications on kubernetes, it makes us wonder if this is worth trying.

https://twitter.com/kelseyhightower/status/963419099144495104

On the other hand, Confluent — the awesome company behind Kafka — is running Confluent Cloud by deploying Kafka on Kubernetes using Operators.

There have been several tech talks in past few KubeCons where people from different companies share their experiences with running Kafka on Kubernetes. If you have time, do check them out. …

Agraj Mangal

Cloud Solution Architect @ Microsoft | Full Stack Dev | Big Data Enthusiast | Ex-Adobe | Cloud-Native Citizen | https://agrajmangal.in/blog/ | Opinions my own

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store