Azure Kubernetes Services (AKS)  pod restarts can be obtained from the KubePodInventory of the connected log analytics workspace. This data can be depicted in a graph in grafana as described in the post "Pod Restart Counts Grafana Chart with Azure Monitor for AKS". Let's explore how to use same information to create an alert using Grafana to notify when pod restarts are happening in apps in a given kubernetes namespace.  The expectation is to fire alerts from Grafana as shwon below. Note that the alerts can target to send emails, slack notficaition etc. which is not discussed i ..read more

 kubectl logs command helps us to inspect logs of pods in AKS/kubernetes and useful to diagnose issues. However, when there is too much logs it is harder to read through and find out errors easily. Further, filtering out logs for a given timestamp may be useful at times to identify the issues. In this post let's explore usage of grep with kubectl logs command to filter logs.  Let's take first example to filter for a timestamp in keda operator pod logs. Here -i says to ignore case in logs. kubectl logs keda-operator-79d756dd66-69gsc -n keda | grep -i '2025-03-04T07:20:24' If it ..read more

 We have discussed "Setting Up Azure Workload Identity for Containers in Azure Kubernetes Services" previously. We can use Azure CLI  to interact with Azure resources in a container which is using base docker image "mcr.microsoft.com/azure-cli:latest-amd64". Instead of using specific credential information directly in the Azure CLI script in the container, we can use the workload identity to do an az login in a container where workload identity is enabled. Let's look at how to do that in this post. When we enable workload identity we get the below environment variables for the conta ..read more

 We have discussed  usage of dynamic blocks conditionally in terraform in the post "Use Dynamic Block Conditionally in Terraform". Sometimes we need to use dynamic with nested blocks. In this post look at such an example of using dynamic block with network rules for Azure event hubs. We are going to setup a nested dynamic block as shown below. To understand it fully let's inspect what is the change done above. Before the change the code was simple as shown below. It was allowing two virtual networks to each event hub. resource "azurerm_eventhub_namespace" "instanceeventhub" { &nbs ..read more

 Azure file shares can be used as mounted persisted volume in AKS clusters to provide necessary storage to pods in AKS. Azure file shares are enabled with soft delete for files by default. However, when the pod mounted storage is used as temporary storage for processing, there is no need to keep the capability of soft deletion. Let's look at how we can disable soft delete for file share storage when deploying the file share with terraform. Expected outcome is a file share with soft deletion disabled as shown below. There is no access to the properties to set this in azurerm_storag ..read more

 While trying to execute terraform plan locally after an az login we sometimes envounter below error. │ Error: populating Resource Provider cache: listing Resource Providers: loading results: authorizing request: running Azure CLI: exit status 1: ERROR: Account has previously been signed out of this application.. Status: Response_Status.Status_AccountUnusable, Error code: 0, Tag: 540940121 │ Please explicitly log in with:│ az login --scope https://management.azure.com/.default │ with provider["registry.terraform.io/hashicorp/azurerm"],│   on main.tf line 17, in provider "azure ..read more

 Setting up an Azure File Share capacity alert is useful to know when you reach at least 80% of allocated quota for the file share. This will give the teams ample time to increase the allocation to avoid out of space issues. If we are using standard tier for storage account then we need to use one storage account for each file share, to get the correct alert. Sending the alert to slack channel is a useful way to get properly alerted to take action on time. Let's use an example learn how to setup alerts for multiple Azure file shares uing terraform. Expectation is to get the alerts to slac ..read more

 Dynamic block allows to create nested multi level block structures in terraform code. Conditional usage of such blocks are really useful in many scenarios. For example, when we create Azure Cosmos DB, if we want to have read regions only in production environment, but only have one region setup for dev and QA environments we can, leverage the capabilities in Dynamic block of terraform. Let's explore with an example. We need to get a read geo_location cerated for the Cosmos DB as shown in the commented code below in westus region. But we only need this additional region when the env is p ..read more

 We have dicussed "Deploy Nginx Ingress Conroller with Private IP (Limited Access to vNET) to AKS with Terraform, Helm and Azure DevOps Pipelines" in the previous post. Once deployed it takes few seconds to fewminutes to get the Nginx ingress controller with private IP ready in AKS. Let's explore how to automate AKS Nginx ingress controller validation inAzure pipelines in this post. The pipeline execution should print waiting for ready until the Nginx ingress controller is ready. We can setup a task runnable in Linux build agent as below with a script to validate the Nginx ingress setu ..read more

 We generally use Azue container registry to store our application docker images when we use AKS as the ochestrator for our applications. However, piling up of previous releases images, as well as images used for developer teting in Azure container registry increase costs. Therefore it is important to have a periodic cleanup mechanism setup to remove all unused images form the registry. Let's look at a strategy we can use to cleanup Azure container registry. As the first step when we build and push images, we have to ensure we are having a tag that can be later identified to cleanup the ..read more