Azure on Patoune-IThttps://www.patoune-it.fr/en/tags/azure/Recent content in Azure on Patoune-ITHugoenWed, 27 May 2026 10:00:00 +0200Connecting to an Azure database without direct access using socat and kubectl port-forwardhttps://www.patoune-it.fr/en/posts/2026-05-27-azure-db-kubectl-portforward/Wed, 27 May 2026 10:00:00 +0200https://www.patoune-it.fr/en/posts/2026-05-27-azure-db-kubectl-portforward/<p>In professional environments, Azure databases (PostgreSQL, MySQL, SQL Server…) are often exposed exclusively via a <strong>Private Endpoint</strong>: they are only reachable within the Azure private network, with no public IP. The result: from your development workstation, it is impossible to connect directly using a client like DBeaver or <code>psql</code>.</p> <p>However, the AKS cluster (Azure Kubernetes Service) running in the same VNet does have access. This guide explains how to leverage that fact to create a secure tunnel to the database, without modifying any network rules or opening a single public port.</p>Managing Azure Policies at Scale: A Terraform and azapi Approachhttps://www.patoune-it.fr/en/posts/2026-04-28-azure-policy-automation/Tue, 28 Apr 2026 10:00:00 +0200https://www.patoune-it.fr/en/posts/2026-04-28-azure-policy-automation/How to manage Azure Policies at scale with Terraform and azapi: versioned catalog per service, override management, DoNotEnforce strategy and CI/CD pipeline.Azure Private DNS and AKS: resolving Private Endpoints from the clusterhttps://www.patoune-it.fr/en/posts/2025-02-11-azure-private-dns-aks/Tue, 11 Feb 2025 10:00:00 +0200https://www.patoune-it.fr/en/posts/2025-02-11-azure-private-dns-aks/Private DNS zones, Virtual Network Links, split-horizon DNS, and a concrete PostgreSQL Flexible Server example accessible from AKS.Azure Policy: reading Activity Logs to diagnose a Denyhttps://www.patoune-it.fr/en/posts/2024-12-10-azure-policy-activity-logs/Tue, 10 Dec 2024 10:00:00 +0200https://www.patoune-it.fr/en/posts/2024-12-10-azure-policy-activity-logs/How to filter Activity Logs on Microsoft.Authorization to identify which assignment blocked which resource, and why.Azure Resource Graph: auditing resources and policies with KQLhttps://www.patoune-it.fr/en/posts/2024-11-05-azure-resource-graph-kql/Tue, 05 Nov 2024 10:00:00 +0200https://www.patoune-it.fr/en/posts/2024-11-05-azure-resource-graph-kql/KQL queries for Azure Resource Graph: find non-compliant resources, audit policies, and go beyond the limited views of the Azure portal.Azure Policy: customizing the Deny error messagehttps://www.patoune-it.fr/en/posts/2024-05-14-azure-policy-deny-message/Tue, 14 May 2024 10:00:00 +0200https://www.patoune-it.fr/en/posts/2024-05-14-azure-policy-deny-message/How to define a clear and actionable error message in an Azure Policy Deny to guide the user instead of blocking them without explanation.Introducing Microsoft Retinahttps://www.patoune-it.fr/en/posts/2024-03-25-retina/Mon, 25 Mar 2024 23:03:19 +0100https://www.patoune-it.fr/en/posts/2024-03-25-retina/Discovering Microsoft Retina, an open-source network monitoring tool for AKS: CLI and CRD capture modes, Basic and Advanced metrics pushed to Prometheus.