Kubernetes

In professional environments, Azure databases (PostgreSQL, MySQL, SQL Server…) are often exposed exclusively via a Private Endpoint: they are only reachable within the Azure private network, with no public IP. The result: from your development workstation, it is impossible to connect directly using a client like DBeaver or psql. However, the AKS cluster (Azure Kubernetes Service) running in the same VNet does have access. This guide explains how to leverage that fact to create a secure tunnel to the database, without modifying any network rules or opening a single public port. ...

Azure Private Endpoints attach a managed service (PostgreSQL, Key Vault, Storage…) to the private network via an internal IP. The challenge: for AKS pods to resolve the FQDN of that resource to its private IP rather than its public IP, you need to correctly configure private DNS zones and Virtual Network Links. Architecture of the problem When Azure creates a Private Endpoint for, say, a PostgreSQL Flexible Server, it automatically creates a private DNS zone of the form privatelink.postgres.database.azure.com. This zone contains an A record mapping the server’s FQDN to the Private Endpoint’s private IP. ...

Taints and Tolerations let you repel pods from certain nodes. It is the inverse mechanism of Node Affinity (which attracts pods). The two are complementary and are often both necessary for a production workload. The concept A Taint is placed on a node: it signals that the node does not accept pods by default. A Toleration is declared in a pod: it allows the pod to tolerate a specific Taint and be scheduled on that node. ...