Hello — I’m Jendrik. I work as a DevOps engineer with a systems-administration background and have about ten years of experience in cloud and on‑prem infrastructure, Infrastructure-as‑Code (IaC), and automation.
My focus areas include Azure, Kubernetes, Terraform, CI/CD pipelines, and improving the developer experience through pragmatic automation. In my posts I share practical recipes, tools, and approaches that help teams deliver more reliably and faster.
Technically, I enjoy working with .NET, PowerShell, Hugo, and common CI/CD tools; I’m always focused on repeatable deployments, clean builds, and pragmatic operational automation.
If you have topic suggestions or want to discuss collaboration, feel free to contact me via the project page or by e‑mail.
Your cluster will fail. The question is not if, but when, and whether you can recover before customers notice. Most organizations discover their backup strategy does not work during an actual outage, when recovery time matters most and manual heroics cannot save you.
If you run Azure Kubernetes Service (AKS) in production, you need a recovery plan that engineers can execute half asleep at 2 AM. We will go through what to back up, how Velero works in day-to-day operations, when Azure Backup for AKS is enough, and how to design realistic failover with measurable Recovery Time Objective (RTO) and Recovery Point Objective (RPO).
The goal is simple: repeatable recovery procedures you have already tested, not a document that looks good in Confluence but fails during an incident.
Securing Azure Container Registry for AKS needs more than a single control. This guide walks through a production-ready sequence: vulnerability scanning, image signing, RBAC, private endpoints, policy enforcement, and geo-replication. You get practical Terraform, Kubernetes, and pipeline patterns, plus clear trade-offs for real-world operations.
Running more than one AKS cluster changes networking from a setup task into an operating model. This guide covers practical connectivity patterns, hub-spoke routing, cross-cluster DNS, ingress options, and decision criteria that help teams scale safely without adding complexity too early.
CNI Overlay masks pod IPs behind node IPs through SNAT, breaking traditional observability. Network logs show nodes, application logs show pods. Without Container Insights, correlation IDs, and distributed tracing, you’re debugging blind. SNAT port exhaustion mimics network failures, and timestamp-based correlation is fragile. The cost of proper monitoring is trivial compared to debugging outbound connectivity at 3 AM without visibility.
AKS costs are brutally simple: node sizing, pod density, workload sprawl, and reserved capacity. If you don’t have visibility and governance, your cloud bill will punch you in the face—usually when it’s too late to react without pain. I’ve watched teams scramble to cut costs after the invoice lands, breaking production in the process. This guide is for practitioners who want to avoid that mess. No theory, no vendor fluff: just what actually works to keep AKS costs under control without sacrificing reliability.
