Demystifying Kubernetes: CRDs, Custom Resources, and the Reconciliation Loop
This post breaks down Kubernetes’ extensibility through Custom Resource Definitions (CRDs) and Custom Resources (CRs), showing how they’re applied, how controllers and operators run reconciliation loops to enforce desired state, and how finalizers ensure safe, graceful deletion of resources. Includes a lifecycle diagram to make the process clear.
Aug 9, 2025
Azure Retires Default Outbound Access for New VMs – What You Need to Know
Starting September 30, 2025, Azure will retire default outbound internet access for all newly created VMs without explicit connectivity configurations. Existing VMs keep their current behavior, but Microsoft strongly recommends transitioning to explicit outbound methods—such as NAT Gateway, Standard Load Balancer outbound rules, or Public IP addresses—for better security, stability, and predictable networking. This change aligns with Zero Trust principles and eliminates reliance on shifting, shared Microsoft-owned IPs. Cloud engineers, DevOps teams, and architects should audit their environments now to avoid service interruptions and modernize their Azure networking design.
Aug 9, 2025
Mastering Azure Bicep: Complex Examples, Step-by-Step Deployment, and a Real Comparison with Terraform
If you’re working with Azure and looking to level up your Infrastructure as Code game, this post is for you. We take a deep dive into Azure Bicep, showing how to build out a real-world, scalable infrastructure — including virtual networks, VM scale sets, and storage — all with clean, modular Bicep templates. You’ll also get a simple, step-by-step guide to deploying it using the Azure CLI. And for those wondering how Bicep stacks up against Terraform, we’ve got a side-by-side comparison to help you decide what’s right for your projects. Whether you’re just getting started or ready to move beyond ARM templates, this guide will help you build smarter in the cloud.
Aug 6, 2025
Navigating the limitations of Azure Firewall with Azure Virtual WAN
Azure Virtual WAN and Azure Firewall offer a powerful way to build secure, scalable network architectures, but their integration comes with key limitations. Each hub requires its own firewall—firewalls can’t be shared across regions—and default routes don’t propagate between hubs. Routing intent simplifies setup but restricts flexibility, allowing only one Internet and one private traffic policy per hub. Combining NVAs with Azure Firewall in the same hub or peering traffic back through a hub firewall is unsupported. Planning for availability zones must happen at deployment time, and general Azure Firewall constraints (like no DNAT with private IPs) still apply. Knowing these constraints early helps avoid costly redesigns.
Aug 3, 2025
Azure vs AWS: Understanding the Constructs and Concepts Across Cloud Providers
This blog post provides a practical comparison between Microsoft Azure and Amazon Web Services (AWS), focusing on how each platform structures its core cloud constructs. Aimed at cloud engineers, DevOps professionals, and architects, it breaks down key service categories—compute, storage, networking, identity, monitoring, and infrastructure as code—highlighting how similar concepts are implemented differently across the two clouds. With side-by-side tables and a downloadable cheat sheet, the post serves as a translation guide to help engineers confidently navigate both environments by understanding not just the terminology, but the design philosophies behind each platform.
Aug 3, 2025