Joey Chen

Ex Support Engineer - Azure Kubernetes Service (AKS)

Joey Chenjoeycdev
2026-02-18

I tried to build something to stop people from using pictures for AI training, but I messed it up.

Joey Chenjoeycdev
2026-01-27

I know this is open source, but what should I comment on this simple typo?
No one has tried to fix it in over two years.

github.com/psyker-team/mist-v2

Joey Chenjoeycdev
2026-01-16

👉 New post: Impersonating as other users and auditing impersonation actions in AAD-enabled AKS 🚀

Impersonating users in AAD-enabled AKS allows admins to act on behalf of others, simplifying management. This helps teams simulate roles, troubleshoot permission issues, enhancing security.

This article covers:
- Impersonating users in AAD-enabled AKS, including non-ABAC.
- Using Log Analytics Workspace to check impersonation history.

🔗 Link: blog.joeyc.dev/posts/aks-imper

Joey Chenjoeycdev
2026-01-14

I am not sure what I am seeing.
While using RBAC and AAD (w/o ABAC) in AKS, granting permission to the group as mentioned in the tutorial does not work.
The only effective way to grant permission is to grant it to each individual user.

Update: I found why and this is so absurd. Check out: github.com/Azure/AKS/issues/55

Joey Chenjoeycdev
2026-01-09

Questionmark? Asking someone checking update in that update tracker?

Joey Chenjoeycdev
2026-01-08

Eventually, I add these fundamental features on my own.

github.com/saicaca/fuwari/pull

Joey Chenjoeycdev
2026-01-05

ChatGPT is thinking too much like a human, and it did not figure out where the wrong part is here.

Can you figure it out?

Joey Chenjoeycdev
2026-01-04

Hello, how's going, Microsoft Windows?

Is 10378 < 10359?

Joey Chenjoeycdev
2025-12-31

👉 New post: Create an unmanaged gateway controller in AKS with NGINX Gateway Fabric 🚀

This article shows you how to deploy the NGINX Gateway Fabric in an Azure Kubernetes Service cluster. Furthermore, an certificate will be configured using Kubernetes Secret, cert-manager or Azure Key Vault Provider for Secrets Store CSI Driver.

Some humorous details was discovered, included at the end of the article.

BTW, Happy New Year 💥

🔗 Link: blog.joeyc.dev/posts/aks-gatew

Joey Chenjoeycdev
2025-12-26

@praxiscode So, in the end, every time a customer comes, I choose to put everything inside a temporary VSC window (and the content will be deleted after shutting down the remote desktop), and then save all parts inside a bash file for each customer/case before leaving the shift.

Joey Chenjoeycdev
2025-12-26

@praxiscode Hmmmm, I don't store any yaml files locally, for real. Instead, I maintain a lot of "cat <<EOF | kubectl apply -f -" and combining them per project.

The reason I have this habit is that I was an Azure Kubernetes Support Engineer, and all my files can only be stored inside the storage account attached to Cloud Shell. I have to maintain everything in that CLI terminal, and it eventually becomes a mess. (cont.)

Joey Chenjoeycdev
2025-12-26

@praxiscode Yea, I realize that this is not something that can be maintained as is, so I rewrite it.
Not sure I was so insist on that - probably just don't want to leave files scattered everywhere.

Joey Chenjoeycdev
2025-12-26

No, what the hell am I writing?
LMAO.

Joey Chenjoeycdev
2025-12-25

Hello? Is anybody there?

"404 page not found"? What do you mean?

Joey Chenjoeycdev
2025-12-22

I am using Kubernetes too much.

Joey Chenjoeycdev
2025-12-19

Oh no, I am dreaming about fighting with a lot of Gateway APIs. I need to defend everywhere.
No, stop.

Joey Chenjoeycdev
2025-12-19

Very good example.

"The Certificate is invalid: spec.secretName: Required value"

Joey Chenjoeycdev
2025-12-19

All examples in the document are using "default" namespace, and you can't tell if HTTPRoute will be created within the Gateway namespace or Certificate namespace.

Joey Chenjoeycdev
2025-12-19

@claus Yea, a typo from 3 years ago.

Joey Chenjoeycdev
2025-12-19

@mpiscaer I guess they just don't want to maintain the version because all related pages are using v1.0.0 as the Gateway API download link.

For that non-existing version, I checked where that v1.5.1 is coming from. Well, it is a typo. They initially meant to say 'v0.5.1' and never fixed it again.

github.com/cert-manager/websit

For Gateway API, it is the replacement of Ingress API. Check out: github.com/kubernetes-sigs/gat

Client Info

Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst