Hello — I’m Jendrik. I work as a DevOps engineer with a systems-administration background and have about ten years of experience in cloud and on‑prem infrastructure, Infrastructure-as‑Code (IaC), and automation.
My focus areas include Azure, Kubernetes, Terraform, CI/CD pipelines, and improving the developer experience through pragmatic automation. In my posts I share practical recipes, tools, and approaches that help teams deliver more reliably and faster.
Technically, I enjoy working with .NET, PowerShell, Hugo, and common CI/CD tools; I’m always focused on repeatable deployments, clean builds, and pragmatic operational automation.
If you have topic suggestions or want to discuss collaboration, feel free to contact me via the project page or by e‑mail.
Network segmentation is a fundamental security control for modern Kubernetes environments. AKS supports multiple networking models such as kubenet, Azure CNI, and overlay CNIs. The networking model matters, but the decisive factor for enforcing isolation and compliance is the consistent application of network policies.
This article describes how network policies work in AKS, the available engines, practical examples, and recommended practices for enforcing a zero-trust posture within a cluster.
Selecting the right network model is arguably one of the most critical architectural decisions you will make when deploying a Kubernetes cluster on Azure Kubernetes Service (AKS). This choice ripples through nearly every aspect of your cluster’s lifecycle, influencing how pods communicate, how efficiently you use your IP address space, which Azure services integrate seamlessly with your workloads, and ultimately, how well your infrastructure scales to meet future demands. It affects scalability, security posture, operational cost, performance characteristics, available integration options, and your long-term operational flexibility.
