Posts

In professional environments, Azure databases (PostgreSQL, MySQL, SQL Server…) are often exposed exclusively via a Private Endpoint: they are only reachable within the Azure private network, with no public IP. The result: from your development workstation, it is impossible to connect directly using a client like DBeaver or psql. However, the AKS cluster (Azure Kubernetes Service) running in the same VNet does have access. This guide explains how to leverage that fact to create a secure tunnel to the database, without modifying any network rules or opening a single public port. ...

This blog started with Jekyll, the static site generator historically associated with GitHub Pages. After a few months of use, I decided to migrate to Hugo. Here’s why, and how it works. Jekyll vs Hugo: why switch? Jekyll is a solid tool, but it carries a few constraints that become painful over time. Jekyll Hugo Language Ruby Go (single binary) Installation Ruby + Bundler + gems One single binary Build speed Slow (seconds to minutes) Very fast (milliseconds) Dependencies Many (gems) None Themes Via gems or fork Local directory or module Native drafts Partial Native (draft: true) Future dates Not handled natively Native (buildFuture) The point that motivated me most: Hugo is a single binary compiled in Go. No Ruby to install, no gem version conflicts, no bundle install failing depending on the environment. Download it, run it, done. ...

What is an Azure Policy? An Azure Policy is a governance rule applied to Azure resources. It ensures that an environment remains compliant with defined standards: security, naming conventions, allowed regions… There are three key concepts to distinguish. A Policy Definition is the rule itself. It defines what is evaluated and the effect triggered in case of non-compliance. The main effects are: Effect Behavior Audit Logs non-compliance, does not block Deny Blocks resource creation or modification DeployIfNotExists Automatically deploys an associated resource if absent Modify Modifies a property during creation/update Append Adds fields to the resource An Initiative (or PolicySetDefinition) is a grouping of multiple definitions. Rather than assigning each policy one by one, they are grouped into a coherent initiative, for example a security baseline or CIS compliance set. ...

Azure Private Endpoints attach a managed service (PostgreSQL, Key Vault, Storage…) to the private network via an internal IP. The challenge: for AKS pods to resolve the FQDN of that resource to its private IP rather than its public IP, you need to correctly configure private DNS zones and Virtual Network Links. Architecture of the problem When Azure creates a Private Endpoint for, say, a PostgreSQL Flexible Server, it automatically creates a private DNS zone of the form privatelink.postgres.database.azure.com. This zone contains an A record mapping the server’s FQDN to the Private Endpoint’s private IP. ...

When an Azure Policy blocks a deployment, the error message in Terraform or in the portal often shows the responsible assignment but not always the full detail of the violated rule. Azure Activity Logs keep a complete trace of every denial. Where to look in the portal Activity Logs are accessible from several places: at the subscription level, resource group level, or directly from a resource. To diagnose a Policy Deny, go to Activity Log. ...

The Azure portal offers compliance views for Azure Policies, but they are limited: no advanced cross-subscription filtering, no easy export, no complex criteria combinations. Azure Resource Graph solves this with KQL, the same language as Log Analytics, applied to your Azure resource metadata. What is Azure Resource Graph? Azure Resource Graph is a service that indexes all your Azure resources and their state. It lets you query your entire tenant in seconds, across all subscriptions, using KQL (Kusto Query Language). ...