Subhro

Terraform Dynamic Block : What, Why and How (with Azure Use Cases)

Imagine this, You want to create a re-usable terraform module, which can be used in multiple environments, to create any number of VNets and subnets.

- In Development environment, you need to create two virtual networks (vNets), and inside each vNet there will be 3 subnets.
- In production environment, you need to create 5 vNets, and within each vNet, there will be 4 subnets.

Using reusable Terraform code — how will you do this?

The number of vNets and number of subnets are not the same — so a single for_each loop will not solve this. You need something that can iterate inside each vNet, independently.

Let’s take another example.

You added a ddos_protection_plan block in your reusable vNet module, but from Azure’s point of view, this block is optional. Some environments may skip it, while some environment might need it.

But how do you tell Terraform that this block is optional?

If you use a static block, Terraform will expect this block to be always present — which is not what you want.

Well….if you have faced any of these scenarios, you are in the right place.

In this article, we will learn what a dynamic block is, why it exists, and exactly how to use it to solve such practical challenges — with real Azure examples.

Continue reading “Terraform Dynamic Block : What, Why and How (with Azure Use Cases)”

HTTPS Traffic Handling in AKS with Istio Ingress Gateway

Modern applications are increasingly exposed over HTTPS to ensure secure communication between users and backend services. When deploying applications in Kubernetes using Istio Ingress Gateway, handling HTTPS requires a clear understanding of how certificates are configured, where they are stored, and how traffic flows through the system.

In this article, we will walk through the end-to-end flow of HTTPS traffic with Istio Ingress Gateway running on Azure Kubernetes Service (AKS), including how certificates are managed, how Azure Key Vault can be integrated, and how to ensure seamless certificate rotation without downtime.

Continue reading “HTTPS Traffic Handling in AKS with Istio Ingress Gateway”

Istio Ingress Gateway : Comprehensive Guide

When working with Kubernetes, one of the first things developers and platform engineers need is a way to expose applications running inside the cluster to the external world. Kubernetes provides a native solution called Ingress, but when using Istio service mesh, the recommended approach is to use the Istio Ingress Gateway.

Let’s take a deep dive and understand what Istio Ingress Gateway is, why it is preferred over native Kubernetes Ingress, and how it works with components like VirtualService and DestinationRule to route and control traffic in a secure and observable manner.

Continue reading “Istio Ingress Gateway : Comprehensive Guide”