tag: Azure

A quick reference for Azure CLI commands I often use Date Category 2025-12-05 Azure / CLI Table of Contents Getting Started Installation Azure Cloud Shell Authentication Command Reference Subscription Management Resource Management (Resource Groups) Management Groups Entra ID (Formerly Azure AD) Role Assignments (RBAC) Key Vault & Secrets Virtual Machines (VMs) Networking Storage Kubernetes (AKS & Kubectl) App Service (Web Apps) Private Networking & DNS Installation Windows # Option 1: Chocolatey (My Personal Favorite Windows Package Manager) choco install azure-cli # Option 2: Using Winget winget install -e --id Microsoft.AzureCLI # Option 3: No Admin Rights (ZIP Method) # Follow the official guide: https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-windows?view=azure-cli-latest&pivots=zip macOS # Using Homebrew (Recommended) brew install azure-cli Linux # Ubuntu / Debian curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash Azure Cloud Shell (Browser-Based) If you don’t want to install anything locally, you can use the interactive shell directly in the Azure Portal. ...

A quick reference for Azure Powershell Commands I use often Date Category 2025-12-05 Azure / PowerShell Table of Contents Getting Started Installation Authentication Subscription Management Resource Management Command Reference Entra ID (Formerly Azure AD) Active Directory & Entra Sync Role Assignments (RBAC) Key Vault & Secrets Compute (Virtual Machines) Networking Storage Azure Policy & Governance Monitoring Azure Migrate Installation Prerequisite: You need PowerShell 7+ (recommended) or Windows PowerShell 5.1. Windows # Option 1: Install from PSGallery (Admin Required) Install-Module -Name Az -Repository PSGallery -Force # Option 2: MSI Installer # Download: https://github.com/Azure/azure-powershell/releases macOS # 1. Install PowerShell via Homebrew brew install --cask powershell # 2. Enter PowerShell pwsh # 3. Install Az Module Install-Module -Name Az -Repository PSGallery -Force Linux # Ubuntu / Debian # 1. Update the list of packages and install wget sudo apt-get update sudo apt-get install -y wget apt-transport-https software-properties-common # 2. Download the Microsoft repository GPG keys and register repository wget -q "https://packages.microsoft.com/config/ubuntu/$(lsb_release -rs)/packages-microsoft-prod.deb" sudo dpkg -i packages-microsoft-prod.deb # 3. Update & Install sudo apt-get update sudo apt-get install -y powershell # 4. Enter PowerShell & Install Module pwsh Install-Module -Name Az -Force Authentication 1. Log In # Interactive Login (Browser) Connect-AzAccount # Device Code Login (for servers/headless) Connect-AzAccount -UseDeviceAuthentication # Service Principal Login (Automation) $cred = Get-Credential Connect-AzAccount -ServicePrincipal -Credential $cred -Tenant "<TENANT_ID>" 2. Cloud Shell Alternatively, use the browser-based shell in the Azure Portal. ...

Understanding how Private Endpoints, Private DNS Zones, and the Azure Private DNS Resolver enable seamless hybrid connectivity. Date Category 2025-12-05 Networking TL;DR: On-premise users can’t reach Azure Private Endpoints because Private DNS Zones only exist inside Azure. Solution: Deploy an Azure Private DNS Resolver in your Hub VNet, configure conditional forwarders on-prem to point to it, and it will resolve private IPs for you. Prerequisites Before attempting to implement Hybrid DNS, you must have the networking foundation in place: ...

Securing Kubernetes workloads by removing public endpoints and utilizing internal load balancers. Date Category 2025-12-01 Azure / Kubernetes Overview What: We will deploy a fully private Azure Kubernetes Service (AKS) cluster that is only accessible from within our Virtual Network (VNet). Why: To achieve a Zero Trust architecture where the API server and workloads have zero public visibility. This ensures that no part of the cluster is reachable from the public internet, reducing the attack surface to the absolute minimum. Who: Cloud Engineers and DevOps professionals looking to secure their container infrastructure. Prerequisites Azure CLI installed locally. Resource Group created for the AKS Cluster. Virtual Network (VNet) with a dedicated /24 subnet available for AKS. Firewall rule from on-premises to AKS subnet Route Table (UDR) associated with the AKS subnet containing a 0.0.0.0/0 route (required for --outbound-type userDefinedRouting). Hub & Spoke / Hybrid Connectivity: Ensure you have network line-of-sight to the VNet. This could be via: Site-to-Site (S2S) VPN or ExpressRoute (for on-prem hybrid access). Point-to-Site (P2S) VPN (for individual developer access). A Jumpbox VM inside the VNet. Firewall Requirements (Egress) For a private AKS cluster to function (pull system images, register nodes), your Azure Firewall must allow outbound HTTPS (443) access to these Global Microsoft FQDNs: ...