Blog: Controlling AI Spend w/ AppNet+agentgateway#5698
Blog: Controlling AI Spend w/ AppNet+agentgateway#5698therealmitchconnors wants to merge 3 commits intoAzure:masterfrom
Conversation
|
Note to self: need to update parameters to point to AppNet control plane, not OSS istio... |
There was a problem hiding this comment.
Pull request overview
This PR adds a new Docusaurus blog post describing a platform-layer pattern to control shared AI quota/spend by combining Azure Kubernetes Application Network (AppNet) identity (mTLS) with agentgateway token-based rate limiting.
Changes:
- Adds a new blog post under
website/blog/2026-04-09-appnet-agentgateway/. - Documents an architecture and example manifests for per-application token rate limiting.
- Includes an example validation flow showing success (200) and throttling (429).
| # Control AI spend with per-application token rate limiting using Application Network and agentgateway | ||
|
|
There was a problem hiding this comment.
This post includes an explicit H1 (# ...) even though the blog layout already renders the title from front matter. Other posts in website/blog/ don’t include a redundant H1, and keeping both typically results in duplicate top-level headings.
| # Control AI spend with per-application token rate limiting using Application Network and agentgateway |
| This article describes a **platform-oriented approach** to controlling AI spend using **Azure Kubernetes Application Network** and **agentgateway**. By leveraging **workload identity already present in the network**, you can enforce **per-application, token-based rate limiting** without issuing API keys to every application. | ||
|
|
||
| **Azure Kubernetes Application Network** (AppNet, currently in Public Preview) is Azure's fully-managed L7 network for AKS, providing Security, Observability, and Control for your L7 network out-of-the-box. You can learn more about AppNet here, but in this article, we're focusing on AppNet's secure, automatic mTLS Authentication. | ||
|
|
There was a problem hiding this comment.
Consider adding an image near the top of the post with descriptive alt text (many posts include a header/hero image to improve scanability and social sharing previews).
|  |
| application-network: | ||
| label: Application Network | ||
| permalink: /application-network | ||
| description: Azure Kubernetes Application Network for secure, zero-trust connectivity between AKS workloads and clusters. |
There was a problem hiding this comment.
website/blog/tags.yml appears to be kept in alphabetical order by tag key (e.g., acstor, add-ons, …, app-routing, …). The new application-network tag is appended near the end, which breaks that ordering and makes future merges/searching harder. Please move application-network to the correct alphabetical position (near app-routing).
| application-network: | |
| label: Application Network | |
| permalink: /application-network | |
| description: Azure Kubernetes Application Network for secure, zero-trust connectivity between AKS workloads and clusters. |
| @@ -0,0 +1,210 @@ | |||
| --- | |||
| title: Control AI spend with per-application token rate limiting using Application Network and agentgateway | |||
| description: Use Application Network identity and agentgateway to enforce per-application, token-based rate limiting for shared AI services | |||
There was a problem hiding this comment.
The description: value is much shorter than the repo’s blog guidance (SEO description typically 150–160 characters) and is currently unquoted unlike many other recent posts. Consider expanding it to ~150–160 characters (keeping keywords like "Application Network" and "token rate limiting") and quoting it for consistency.
| description: Use Application Network identity and agentgateway to enforce per-application, token-based rate limiting for shared AI services | |
| description: "Use Application Network identity and agentgateway to enforce per-application token rate limiting and control shared AI service spend on AKS." |
| This article describes a **platform-oriented approach** to controlling AI spend using **Azure Kubernetes Application Network** and **agentgateway**. By leveraging **workload identity already present in the network**, you can enforce **per-application, token-based rate limiting** without issuing API keys to every application. | ||
|
|
||
| <!-- truncate --> | ||
|
|
There was a problem hiding this comment.
After <!-- truncate -->, posts in this repo typically include a hero image with descriptive alt text (for accessibility and consistent listing previews). This post jumps directly into body text without any image. Please add a hero image (for example ) immediately after the truncate marker, with meaningful alt text.
|  |
| Now that we've configured our rate limiter, let's send some completion requests to Azure Foundry to see it in action (full test instructions available (here)[https://gist.github.com/therealmitchconnors/b2776cea7a72e25f805b0228eef986cc#file-details-md]): | ||
|
|
There was a problem hiding this comment.
Markdown link syntax is incorrect here: (here)[https://…] won't render as a link. Please switch to standard Markdown link format [here](https://…).
|
|
||
| ## Conclusion | ||
|
|
||
| By adopting this platform-oriented approach, we gain centralized control over AI spending, eliminate secrets distribution, and improve operational efficiency. Applications gain transparent rate limiting without code changes, while platform teams reduce overhead and enforce fair resource allocation across the organization. This is just one of the many ways you can benefit from Application Network, built on Istio's Ambient Mode, with readily available open source tools like agentgateway. To learn more chec kout (AppNet Docs)[https://learn.microsoft.com/en-us/azure/application-network/overview] and (agentgateway docs)[https://agentgateway.dev]. No newline at end of file |
There was a problem hiding this comment.
The concluding links use incorrect Markdown link syntax (Text)[url], so they won’t render. Also, the Microsoft Learn URL is locale-specific (/en-us/); this repo typically uses non-locale Learn links. Please update to standard [text](url) links and switch to https://learn.microsoft.com/azure/application-network/overview.
| By adopting this platform-oriented approach, we gain centralized control over AI spending, eliminate secrets distribution, and improve operational efficiency. Applications gain transparent rate limiting without code changes, while platform teams reduce overhead and enforce fair resource allocation across the organization. This is just one of the many ways you can benefit from Application Network, built on Istio's Ambient Mode, with readily available open source tools like agentgateway. To learn more chec kout (AppNet Docs)[https://learn.microsoft.com/en-us/azure/application-network/overview] and (agentgateway docs)[https://agentgateway.dev]. | |
| By adopting this platform-oriented approach, we gain centralized control over AI spending, eliminate secrets distribution, and improve operational efficiency. Applications gain transparent rate limiting without code changes, while platform teams reduce overhead and enforce fair resource allocation across the organization. This is just one of the many ways you can benefit from Application Network, built on Istio's Ambient Mode, with readily available open source tools like agentgateway. To learn more, see [Application Network documentation](https://learn.microsoft.com/azure/application-network/overview) and [agentgateway documentation](https://agentgateway.dev). |
|
|
||
| ## Conclusion | ||
|
|
||
| By adopting this platform-oriented approach, we gain centralized control over AI spending, eliminate secrets distribution, and improve operational efficiency. Applications gain transparent rate limiting without code changes, while platform teams reduce overhead and enforce fair resource allocation across the organization. This is just one of the many ways you can benefit from Application Network, built on Istio's Ambient Mode, with readily available open source tools like agentgateway. To learn more chec kout (AppNet Docs)[https://learn.microsoft.com/en-us/azure/application-network/overview] and (agentgateway docs)[https://agentgateway.dev]. No newline at end of file |
There was a problem hiding this comment.
Typo: "chec kout" should be "check out".
| By adopting this platform-oriented approach, we gain centralized control over AI spending, eliminate secrets distribution, and improve operational efficiency. Applications gain transparent rate limiting without code changes, while platform teams reduce overhead and enforce fair resource allocation across the organization. This is just one of the many ways you can benefit from Application Network, built on Istio's Ambient Mode, with readily available open source tools like agentgateway. To learn more chec kout (AppNet Docs)[https://learn.microsoft.com/en-us/azure/application-network/overview] and (agentgateway docs)[https://agentgateway.dev]. | |
| By adopting this platform-oriented approach, we gain centralized control over AI spending, eliminate secrets distribution, and improve operational efficiency. Applications gain transparent rate limiting without code changes, while platform teams reduce overhead and enforce fair resource allocation across the organization. This is just one of the many ways you can benefit from Application Network, built on Istio's Ambient Mode, with readily available open source tools like agentgateway. To learn more, check out the [Application Network documentation](https://learn.microsoft.com/azure/application-network/overview) and [agentgateway documentation](https://agentgateway.dev). |
This is the blog equivalent of the Azure booth demo at Kubeon EU 26. Highlights capabilities of the newly launched AppNet, and a "better together" story with agentgateway. Ideally timed around release of agentgateway 1.1 around April 8.