Hello — I’m Jendrik. I work as a DevOps engineer with a systems-administration background and have about ten years of experience in cloud and on‑prem infrastructure, Infrastructure-as‑Code (IaC), and automation.
My focus areas include Azure, Kubernetes, Terraform, CI/CD pipelines, and improving the developer experience through pragmatic automation. In my posts I share practical recipes, tools, and approaches that help teams deliver more reliably and faster.
Technically, I enjoy working with .NET, PowerShell, Hugo, and common CI/CD tools; I’m always focused on repeatable deployments, clean builds, and pragmatic operational automation.
If you have topic suggestions or want to discuss collaboration, feel free to contact me via the project page or by e‑mail.
AKS costs are brutally simple: node sizing, pod density, workload sprawl, and reserved capacity. If you don’t have visibility and governance, your cloud bill will punch you in the face—usually when it’s too late to react without pain. I’ve watched teams scramble to cut costs after the invoice lands, breaking production in the process. This guide is for practitioners who want to avoid that mess. No theory, no vendor fluff: just what actually works to keep AKS costs under control without sacrificing reliability.
Stateful workloads in Kubernetes require understanding PersistentVolume architecture, Azure storage trade-offs, and backup strategies. This article covers PVC/PV patterns, Azure Disk vs Files performance profiles, Velero backup configurations, and multi-cluster replication patterns based on production experience.
AKS cluster upgrades involve node replacement and pod eviction, which can cause service disruption without proper controls. This article explains cordon and drain mechanics, Pod Disruption Budget configuration, and multi-node-pool rollout strategies with validation-driven automation for reliable zero-downtime upgrades.
Traditional AKS authentication relied on service principals and mounted secrets. Workload Identity Federation eliminates credential lifecycle problems, but introduces new failure modes. This article covers the operational realities: where credentials still leak, how RBAC layers compound across Kubernetes and Azure, and validation patterns that prevent identity failures in production.
Network segmentation is a fundamental security control for modern Kubernetes environments. AKS supports multiple networking models such as kubenet, Azure CNI, and overlay CNIs. The networking model matters, but the decisive factor for enforcing isolation and compliance is the consistent application of network policies.
This article describes how network policies work in AKS, the available engines, practical examples, and recommended practices for enforcing a zero-trust posture within a cluster.
