I tried to build something to stop people from using pictures for AI training, but I messed it up.
Joey Chen
Ex Support Engineer - Azure Kubernetes Service (AKS)
Pronouns
she/her
I know this is open source, but what should I comment on this simple typo?
No one has tried to fix it in over two years.
👉 New post: Impersonating as other users and auditing impersonation actions in AAD-enabled AKS 🚀
Impersonating users in AAD-enabled AKS allows admins to act on behalf of others, simplifying management. This helps teams simulate roles, troubleshoot permission issues, enhancing security.
This article covers:
- Impersonating users in AAD-enabled AKS, including non-ABAC.
- Using Log Analytics Workspace to check impersonation history.
🔗 Link: https://blog.joeyc.dev/posts/aks-impersonation-audit-aad/
I am not sure what I am seeing.
While using RBAC and AAD (w/o ABAC) in AKS, granting permission to the group as mentioned in the tutorial does not work.
The only effective way to grant permission is to grant it to each individual user.
Update: I found why and this is so absurd. Check out: https://github.com/Azure/AKS/issues/5552
Questionmark? Asking someone checking update in that update tracker?
Eventually, I add these fundamental features on my own.
ChatGPT is thinking too much like a human, and it did not figure out where the wrong part is here.
Can you figure it out?
👉 New post: Create an unmanaged gateway controller in AKS with NGINX Gateway Fabric 🚀
This article shows you how to deploy the NGINX Gateway Fabric in an Azure Kubernetes Service cluster. Furthermore, an certificate will be configured using Kubernetes Secret, cert-manager or Azure Key Vault Provider for Secrets Store CSI Driver.
Some humorous details was discovered, included at the end of the article.
BTW, Happy New Year 💥
@praxiscode So, in the end, every time a customer comes, I choose to put everything inside a temporary VSC window (and the content will be deleted after shutting down the remote desktop), and then save all parts inside a bash file for each customer/case before leaving the shift.
@praxiscode Hmmmm, I don't store any yaml files locally, for real. Instead, I maintain a lot of "cat <<EOF | kubectl apply -f -" and combining them per project.
The reason I have this habit is that I was an Azure Kubernetes Support Engineer, and all my files can only be stored inside the storage account attached to Cloud Shell. I have to maintain everything in that CLI terminal, and it eventually becomes a mess. (cont.)
@praxiscode Yea, I realize that this is not something that can be maintained as is, so I rewrite it.
Not sure I was so insist on that - probably just don't want to leave files scattered everywhere.
Oh no, I am dreaming about fighting with a lot of Gateway APIs. I need to defend everywhere.
No, stop.
Very good example.
"The Certificate is invalid: spec.secretName: Required value"
All examples in the document are using "default" namespace, and you can't tell if HTTPRoute will be created within the Gateway namespace or Certificate namespace.
@mpiscaer I guess they just don't want to maintain the version because all related pages are using v1.0.0 as the Gateway API download link.
For that non-existing version, I checked where that v1.5.1 is coming from. Well, it is a typo. They initially meant to say 'v0.5.1' and never fixed it again.
https://github.com/cert-manager/website/commit/4120956bf706c4cc8ec55d05b54570527455cd2c
For Gateway API, it is the replacement of Ingress API. Check out: https://github.com/kubernetes-sigs/gateway-api
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst