Azure Insights: Private endpoints; Fluent Bit; Secrets in Key Vault

Azure pros discuss referencing private endpoints with Terraform, setting up Fluent Bit on Azure Kubernetes Service, and storing secrets in Azure Key Vault.

Referencing private endpoints with Terraform

Aidan Finn explored how to reference private endpoint IPs with Terraform. Users can dynamically retrieve an IP address used by an Azure Private Endpoint to be reused in Terraform. Finn demoed a Terraform state command to view the state of a Cosmos DB resource he previously deployed. He wrote:

You can think of the exposed state as a description of the resource the moment after it was deployed. Everything in that state is addressable. A common use might be to refer to the resource ID (azurerm_private_endpoint.cosmosdb-account1.id) or resource name (azurerm_private_endpoint.cosmosdb-account1.name) properties. But you can also get other properties that you don’t know in advance.

Cosmos DB generates private endpoints with several different IP addresses and it yields a more complicated output than other services. With the addresses available, Finn was able to deploy an NSG rule with the right destination IPs for the private endpoint.

Setting up Fluent Bit on Azure Kubernetes Service

Daniel Neumann, writing on Daniel’s Tech Blog, looked into logging with Azure Kubernetes Service. In Azure, this can be accomplished with Monitor Container Insights, which is comparable to other services in different clouds like Google Kubernetes Engine and Amazon Elastic Kubernetes Service. Fluent Bit is a platform-agnostic option that can also run on VMs or bare-metal servers.