Remi Solutions

02/20/2026

There's a paradox in tech career transitions:

𝗬𝗼𝘂 𝗻𝗲𝗲𝗱 𝗲𝘅𝗽𝗲𝗿𝗶𝗲𝗻𝗰𝗲 𝘁𝗼 𝗴𝗲𝘁 𝘁𝗵𝗲 𝗿𝗼𝗹𝗲 𝗯𝘂𝘁 𝘆𝗼𝘂 𝗻𝗲𝗲𝗱 𝘁𝗵𝗲 𝗿𝗼𝗹𝗲 𝘁𝗼 𝗴𝗲𝘁 𝘁𝗵𝗲 𝗲𝘅𝗽𝗲𝗿𝗶𝗲𝗻𝗰𝗲.

I've hit this wall twice. As a developer trying to prove I could code. Then as an architect trying to prove I could lead.

Both times, the answer was the same: build something real, make it public, and let the work speak for you.

In my latest article, I map out the exact progression you need to level up in Azure. 38 exercises across 6 phases, from deploying your first Storage Account to running a full multi-region architecture with Terraform, RBAC, and a real DR drill.

Not theory. The actual path.

🔗 Link in the comments.

11/04/2025

𝗠𝘆 𝗦𝗼𝗹𝘂𝘁𝗶𝗼𝗻 𝗳𝗼𝗿 𝘁𝗵𝗲 𝗔𝘇𝘂𝗿𝗲 𝗙𝗿𝗼𝗻𝘁 𝗗𝗼𝗼𝗿 𝗢𝘂𝘁𝗮𝗴𝗲

Last week, Azure Front Door had a global outage that affected many services.

The suggestion was to use Azure Traffic Manager in front of Front Door which is actually just one part of the puzzle.

We might think of bypassing Front Door and connecting directly to the origin, but in some architectures, the origin might be private.

For example, a private AKS cluster or an app backend sitting behind a private IP address.

So I wanted to find a way to still use Traffic Manager as the failover mechanism without exposing the origin to the internet.

𝗔𝗱𝗱𝗶𝗻𝗴 𝗔𝗽𝗽𝗹𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗚𝗮𝘁𝗲𝘄𝗮𝘆

The solution that came to mind was to add an Azure Application Gateway in front of the private origin.

This way, Traffic Manager routes traffic to the Application Gateway instead of directly to the backend.

The Application Gateway can have both a public and private IP address and can be deployed inside your VNET (or in a peered one).

From there, it connects privately to the backend. In my case, a private Load Balancer in front of a private AKS cluster.

The main tradeoff compared to Front Door is that we lose the global edge benefits (like caching and the worldwide presence), but we keep the 𝗪𝗔𝗙 𝗽𝗿𝗼𝘁𝗲𝗰𝘁𝗶𝗼𝗻 and 𝗽𝗿𝗶𝘃𝗮𝘁𝗲 𝗰𝗼𝗻𝗻𝗲𝗰𝘁𝗶𝘃𝗶𝘁𝘆 𝘁𝗼 𝘁𝗵𝗲 𝗼𝗿𝗶𝗴𝗶𝗻.

𝗧𝗵𝗲 𝗔𝗿𝗰𝗵𝗶𝘁𝗲𝗰𝘁𝘂𝗿𝗲

Check the diagram below for a visual overview of the setup 👇

• Traffic Manager handles the global failover logic
• Application Gateway acts as the regional WAF and routes traffic privately
• AKS remains private and accessible only within the network

So even if Front Door goes down again, Traffic Manager can redirect traffic to the Application Gateway endpoint, and everything keeps running securely.

If you’re using private endpoints and private links behind Front Door, this setup might be helpful.

It’s a simple way to improve resiliency without compromising on network isolation.

Would love to hear if anyone else approached it differently.

06/09/2025

𝗦𝘁𝗶𝗹𝗹 𝗶𝗻𝘀𝘁𝗮𝗹𝗹𝗶𝗻𝗴 𝗡𝗚𝗜𝗡𝗫 𝗜𝗻𝗴𝗿𝗲𝘀𝘀 𝗖𝗼𝗻𝘁𝗿𝗼𝗹𝗹𝗲𝗿𝘀 𝗺𝗮𝗻𝘂𝗮𝗹𝗹𝘆 𝗼𝗻 𝗔𝗞𝗦?

There’s a better way.

I just published a new article showing how to use the AKS Application Routing Add-On with Terraform to simplify your Kubernetes ingress setup.

✅ Less complexity
✅ Fully automated
✅ Built for Azure

If you're using Helm charts for this… it's time for an upgrade.

👉 https://www.remiceraline.com/blog/aks-application-routing-addon-terraform-setup

Stop installing NGINX Ingress manually! Use the AKS Application Routing add-on with Terraform to deploy the NGINX Ingress Controller the easy way.

04/23/2025

🔒 𝗭𝗲𝗿𝗼 𝗣𝘂𝗯𝗹𝗶𝗰 𝗔𝗰𝗰𝗲𝘀𝘀: 𝗠𝘆 𝗦𝗲𝘁𝘂𝗽 𝗳𝗼𝗿 𝗣𝗿𝗶𝘃𝗮𝘁𝗲 𝗚𝗿𝗮𝗳𝗮𝗻𝗮 & 𝗣𝗿𝗼𝗺𝗲𝘁𝗵𝗲𝘂𝘀

I recently deployed Azure Managed Grafana and Prometheus for an AKS cluster. Fully private, no public endpoints, and everything provisioned with Terraform.

In this new blog post, I walk through the full setup.

If you're building a secure observability stack for AKS in Azure, this might help you avoid a few bumps along the way.

👉 https://www.remiceraline.com/blog/how-to-set-up-private-managed-grafana-and-prometheus-for-aks-with-terraform

Let me know what you think or if you're working on something similar!

Set up private managed Grafana and Prometheus for AKS using Terraform, with private endpoints and Azure Monitor Private Link Scope (AMPLS) for secure, production-grade observability in Azure.

01/27/2025

🔒 𝗦𝗶𝗺𝗽𝗹𝗶𝗳𝘆𝗶𝗻𝗴 𝗦𝗲𝗰𝘂𝗿𝗲 𝗔𝗰𝗰𝗲𝘀𝘀 𝘄𝗶𝘁𝗵 𝗣𝗼𝗶𝗻𝘁-𝘁𝗼-𝗦𝗶𝘁𝗲 𝗩𝗣𝗡 𝗶𝗻 𝗔𝘇𝘂𝗿𝗲 🔒

I’ve been working on a simple yet secure way to connect to private Azure resources using 𝗣𝗼𝗶𝗻𝘁-𝘁𝗼-𝗦𝗶𝘁𝗲 𝗩𝗣𝗡 and 𝗔𝘇𝘂𝗿𝗲 𝗗𝗡𝗦 𝗣𝗿𝗶𝘃𝗮𝘁𝗲 𝗥𝗲𝘀𝗼𝗹𝘃𝗲𝗿, all deployed with Terraform. 🌐

This approach minimizes complexity while letting you securely access resources like private storage accounts or databases without configuring a custom DNS. 🚀

The blog article with all the steps is now live. Check it out! 👉 https://buff.ly/4h4GCNK

01/23/2025

💻 𝗛𝗼𝘄 𝘁𝗼 𝗖𝗼𝗻𝗻𝗲𝗰𝘁 𝗬𝗼𝘂𝗿 𝗟𝗮𝗽𝘁𝗼𝗽 𝘁𝗼 𝗣𝗿𝗶𝘃𝗮𝘁𝗲 𝗔𝘇𝘂𝗿𝗲 𝗥𝗲𝘀𝗼𝘂𝗿𝗰𝗲𝘀 𝗪𝗶𝘁𝗵𝗼𝘂𝘁 𝗖𝗼𝗻𝗳𝗶𝗴𝘂𝗿𝗶𝗻𝗴 𝗮 𝗖𝘂𝘀𝘁𝗼𝗺 𝗗𝗡𝗦 💻

I’ve been working on a cool lab where I set up a Point-to-Site VPN in Azure using Azure DNS Private Resolver. No custom DNS needed. 🌐

This method lets you securely connect your laptop to private Azure resources, like a storage account or a database with a private endpoint, that aren’t accessible from the internet. 🚀

I’ll share the full steps in a new blog article next week. Stay tuned!

08/26/2024

🚀 Just published a new blog article: Configure Secret Store CSI Driver with Terraform!

Learn when to choose the Secret Store CSI Driver, and follow my step-by-step guide to install it in Azure Kubernetes Service using Terraform.

Check it out and get hands-on with securing your secrets in AKS! 🔐

Discover when to use the Secret Store CSI Driver, then learn how to configure it with Terraform in Azure Kubernetes Service.

03/20/2024

Use External Secrets to Retrieve Your TLS Certificate from Azure Key Vault in AKS

Last week, I released a new blog article where I shared my top two solutions for securing web applications with TLS certificates in AKS.

The second solution involves leveraging the open-source External Secrets operator to synchronize your Kubernetes secrets with Azure Key Vault.

If you missed the blog article, be sure to check it out. I also provided guidance on enabling etcd encryption if you opt for this solution and use Kubernetes secrets.

https://buff.ly/4a6bWYn

03/13/2024

💡 🔒 How To Use Application Gateway To Secure Your AKS Applications Without Kubernetes Secrets

This is one of my top two solutions for configuring HTTPS for web applications in AKS.

Discover the other solution in my new blog article: How to Secure Your Application with SSL/TLS Certificates in AKS.

https://buff.ly/4a6bWYn

03/11/2024

🛡️🔒 How To Configure HTTPS For Your Web Applications In AKS

Get ready for my upcoming blog article, where I'll be sharing my top two solutions for securing your web applications with HTTPS in AKS while ensuring your TLS certificates stay secure.

The blog is coming out on Webnesday. Don't miss it!