Menu
About Author
Contact

Search This Blog

2021-04-30

My Azure Study Note - 09 - Secure VM Access, Service Endpoint, Private Link, ASE

 Secure VM Access










App Svc Env(ASE)- Special type of App Svc deployed directly to a dedicated Vnet. Created on dedicated hardware.
Normal app svc can't be placed in any Vnet. However, it can have access protection.

For complete isolation, ASE is used. It requires scale up and Isolated.

ASEs are isolated from running only a single customer’s applications and are always deployed into a virtual network. Customers have fine-grained control over inbound and outbound application network traffic. Applications can establish high-speed secure connections over VPNs to on-premises corporate resources.

Customers can create multiple ASEs within a single Azure region or across multiple Azure regions. This flexibility makes ASEs ideal for horizontally scaling stateless application tiers in support of high RPS workloads. App Service environments (ASEs) are appropriate for application workloads that require:

Very high scale.
Isolation and secure network access.
High memory utilization.

Posted by at No comments:

2021-04-19

My Azure Study Note - 08 - Azure Function

What is Azure Function

Azure Functions is a serverless solution that allows you to write less code, maintain less infrastructure, and save on costs. Instead of worrying about deploying and maintaining servers, the cloud infrastructure provides all the up-to-date resources needed to keep your applications running.

What is Trigger and Binding in azure ?

Triggers are what cause a function to run. A trigger defines how a function is invoked and a function must have exactly one trigger. Triggers have associated data, which is often provided as the payload of the function.

Binding to a function is a way of declaratively connecting another resource to the function; bindings may be connected as input bindings, output bindings, or both. Data from bindings is provided to the function as parameters.

You can mix and match different bindings to suit your needs. Bindings are optional and a function might have one or multiple input and/or output bindings.

Triggers and bindings let you avoid hardcoding access to other services. Your function receives data (for example, the content of a queue message) in function parameters. You send data (for example, to create a queue message) by using the return value of the function.

Example- A scheduled job reads Blob Storage contents and creates a new Cosmos DB document.

Trigger = Timer

Input binding = Blob Storage

Output binding = Cosmos DB

Sample Function



What is Cold Start ?

Cold start is a term used to describe the phenomenon that applications which haven’t been used take longer to start up.


What is Durable Function

Durable Functions is an extension of Azure Functions and Azure WebJobs that lets you write stateful functions in a serverless environment. The extension manages state, checkpoints, and restarts for you.

Run Azure Function Locally

  • Install the Core Tools and dependencies.
  • Download the VS Code Extension - Azure Functions
  • Download Postman
  • In the terminal run the command- dotnet restore
  • Initialize and run the code in VS Studio with the extension


  • Test the code from Postman

Run Azure Function in Azure

Run Bash command to create storage account

az storage account create --name readitfuncstorage --location westeurope --resource-group readit-app-rg --sku Standard_LRS

Create azure function
az functionapp create --name readitfunctionapp --storage-account readitfunctionstorage --consumption-plan-location westeurope --resource-group readit-app-rg --functions-version 3

Same command with alternative func name and storage account
az functionapp create --name readitfunctionapp2 --storage-account readitfuncstorage2 --consumption-plan-location westeurope --resource-group readit-app-rg --functions-version 3

In Azure, Search the function app in all resources

Deploy the function app in VS Code

Check in the azure portal for those new functions

Click on any function and go to Code+Test. The output will be printed in the log.


Click the GET Function URL and copy the URL to Postman

Clear the console window in Azure

Test the function from Postman and check the log once again

Console Log in azure





Posted by at No comments:

2021-04-17

My Azure Study Note 07- Container, Kubernetes, Docker

 Containers

A container is a standard unit of software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another.

Advantage of using Containers

  • Predictability -  The same package is deployed from the dev machine to test to prod
  • Performance - Containers goes up in seconds vs minutes in VM
  • Density - One server can run thousands of containers vs dozens of VMs
Disadvantage
 Isolation- Containers share the same of, so isolation is lighter than VM

Build and Deploy image to ACR using VS Code

Step 1. Install Docker for windows
Step 2. Install Azure CLI
Step 3. Open project in VS code and Add extension "Docker"
Step 4. Open Explorer in VS code, right click on Dockerfile and Build Image

Content of docker file is as below

FROM mcr.microsoft.com/dotnet/core/aspnet:3.1 AS base
WORKDIR /app
EXPOSE 5004
ENV ASPNETCORE_URLS=http://+:5004

FROM mcr.microsoft.com/dotnet/core/sdk:3.1 AS build
WORKDIR /src
COPY ["cart.csproj", "./"]
RUN dotnet restore "cart.csproj"
COPY . .
WORKDIR "/src/."
RUN dotnet build "cart.csproj" -c Release -o /app/build

FROM build AS publish
RUN dotnet publish "cart.csproj" -c Release -o /app/publish

FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "cart.dll"]

Step 5. In VS code Docker extension check the Images list
Step 6. Right click the "latest" image and run
Step 7. In VS code Docker extension check the Containers list
Step 8. Right click the target container and "Open in Browser"
Step 9. It will run the application in browser from container
Step 10. Click connect registry -> Azure
Step 11. Right click Subscription -> Create registry-> Type a name like "myacr"-> Hit Enter
Step 12. Select a SKU = Basic, Select RG , select Location
This will throw exception The subscription is not registered to use namespace 'Microsoft.ContainerRegistry'. See https://aka.ms/rps-not-found for how to register subscriptions."
Step 13. Go to the azure portal-> Subscription-> Resource Providers-> Select "Microsoft.ContainerRegistry" and Register
Step 14. In cloud shell check the registration status by following command
az provider show --namespace Microsoft.ContainerRegistry -o table
Step 13. Perform step 11 and 12 once again
Step 14. Check in azure portal-> Container registry
Step 15. In VS Code ->Images->Latest-> Push image
Step 16. In Azure portal-> Container Registry -> Repository and check the image

Create AKS Cluster

Step 1. In VS Code Terminal run below command to create aks cluster
az aks create --resource-group readit-app-rg --name cart-aks --node-count 1 --generate-ssh-keys --attach-acr readitacr2 --node-vm-size Standard_DS1_v2

Step 2. Install CLI of AKS to run kubctl command to perform various option
az aks install-cli

Set path for Kubectl command
set PATH=%PATH%;"C:\Users\ManabRanjan\.azure-kubectl"

Step 3. Get credential to access aks
az aks get-credentials --resource-group readit-app-rg --name cart-aks

If you have multiple subscriptions, check the subscription id
az login
az account list --output table

Set the subscription id
az account set --subscription 0da7d86b-a610-4f8a-97e8-6c44db344baa

Step 4. To check everything is fine, run below command
kubectl get nodes

Output as below i.e one node is running. Node is a actual VM where kubernet is setup 
NAME                                STATUS   ROLES   AGE     VERSION
aks-nodepool1-40111762-vmss000000   Ready    agent   3m27s   v1.18.14

Step 5. Go to the portal and type aks
 In Cart-aks, go to the node pool, it will show a node pool with Node count = 1

Step 6.
Deploy the app in that AKS
in VS Code, open deployment.yaml

apiVersionapps/v1
kindDeployment
metadata:
  namereadit-cart
spec:
  selector:
    matchLabels:
      appreadit-cart
  template:
    metadata:
      labels:
        appreadit-cart
    spec:
      containers:
      - namereadit-cart
        imagereaditacr2.azurecr.io/cart:latest
        resources:
          limits:
            memory"128Mi"
            cpu"500m"
        ports:
         - containerPort80
---
apiVersionv1
kindService
metadata:
  namereadit-cart
spec:
  typeLoadBalancer
  ports:
  - port80
    targetPort5004
  selector:
    appreadit-cart      


Run the below command as below for the actual deployment

kubectl apply -f deployment.yaml

Step 7. In the azure portal, go to the aks cart-aks, go to the "Services and ingresses". 

The first 3 has been created by default but the actual service is readit-cart

Go to the workloads where the actual image can be seen found under.

Step 8. Go to the "Services and ingresses", click on readit-cart, check the Pod is running and then click on the external IP. It will open the application in the local browser from the container.



Posted by at No comments:

My Azure Study Note 06 - Azure icons, App Service and debugging tool

Download Azure Icons from

https://docs.microsoft.com/en-us/azure/architecture/icons/

App Service Types

  • Web Apps
  • Web API
  • Web Jobs(batch processes)
Its a PAAS

App Service Tires
Free, Basic, Standard, Premium, ISolated

https://azure.microsoft.com/en-in/pricing/details/app-service/windows/

App Service supports Auto scale based on the Metrics

Deploy code in App Service from VS Code

1. Create a app service in azure portal , Publish= Code, Runtime Stack= .net core 3.1, SKU= Free F1
2. In VS Code, publish the code
dotnet publish -o publish

Right click on Publish folder and selecr "Deploy to web App" and sign in and choose the app service

Note : In VS Code , install the extensions - Azure Accounts, Azure App Service, Azure Resources,
C#

3. Browse website
4. In Azure portal we have some useful feature for debugging like

Development Tool -> App Service Editor
Development Tool -> Console

5. Scale up to change the plan from free to paid, if required

Posted by at No comments:

2021-04-16

My Azure Study Note -05 - Publish Code, VM Setup(windows and ubuntu), Deploy code (from publish and git repo), check communication between VM using private IP

 Step 1.

In VS Code publish .NET core application running below command in Terminal

dotnet publish -o publish

Step 2. Create a VM(Windows Server 2019 DC Gen1) in azure portal with Static IP Address

Step 3. RDP to VM

Step 4. In server manager-> Local Server-> IE Enhanced Security Configuration= False

Step 5. In server manager-> Dashboard -> Add Roles and Features->Next(3 times)-> Add "Web Server(IIS)"-> Next->Next-> Add Custom Logging and Logging Tools-> Next and Install->Close

Step 6. In IE, type localhost to ensure the web server is installed

Step 7. Download google chrome and .NET core 3.1(ASP.NET Core Runtime 3.1.14->Hosting Bundle)

Step 8. Create a new folder C:\catalog and copy all the contents of publish folder

Step 9. IIS -> Sites->Add Site-> Name= Catalog, Physical Path= C:\catalog, Port=8080

Step 10. Browse from IIS and ensure the site is working

Step 11. To access the site from external system, in the VM open "Windows Defender Firewall" and turn it off both for private and public network. But still the site is not accessible from outside which is the expected behavior and we need to make some changes in the networking

Step 12. Create a Ubuntu VM "weather-vm" in the same vnet with static ip and enable auto shutdown (within management) and user id and password option

Step 13. Download Putty to connect that VM

Step 14. Connect the Unix VM with the Public IP and user id/password

Step 15. run below command

sudo apt install git

sudo apt update

sudo apt install nodejs (click Y)

git clone http://github.com/memilavi/WeatherAPI.git

cd WeatherAPI

ls

sudo apt install npm (click Y)

npm start

Step 16. copy the private IP address of ubuntu VM

Step 17. In windows VM browse the catallog app ->click on weather and type the private IP address: 8080 ->click on "Get Weather"


This proves that 2 VM in same VNET can communicate each other by private IP address but still not accessible from external network




Posted by at No comments:

2021-04-13

My Azure Study Note -04 - VM Autoscale, Resource Provider, VM Metadata Service

Custom Autoscaling Rule

Scale Out







Scale In




Register Resource Provider
By default auto-scaling doesn't support and throws an exception while saving the setting. So need to register "Microsoft.Insight" in subscription to support auto scaling



VM Metadata Service

Metadata service is available from any azure VM only after remote login



Posted by at No comments:

My Azure Study Note -03 - ARM Template, Deployment using ARM Template

 



Deploy VM using ARM Template

Step 1 . Create and Download the ARM Template (Template and parameter.json file ). Edit those files, if required

Step 2. Go to the storage account -> File Shares

Step 3: Click a new Directory example "templates"
Step 4. Upload both template and parameter.json in that new directory
Step 5. Create a new RG in azure portal
Step 6. Run command in azure Bash





Posted by at No comments:

2021-04-12

My Azure Study Note - 02 - VM







How to reduce cost for a VM

Select Auto shutdown (best fit for Dev/Test VMs)

Reserved Instances (best fit for Prod VMs)

Spot Instances - Machine that runs on unused capacity in azure. Best fit for non critical, non continuous task



Disk Optimization : Standard SSD instead of Premium SSD
Select Right Size - CPU shouldn't be rest
Select Linux over windows
Check price in nearby regions



Posted by at No comments:

My Azure Study Note - 01 - Types of Cloud, Region and Zone, SLA Calculator, Pricing Calculator

Public Cloud - Set up in the public network. Accessible through the internet. The client has no access to the underlying infrastructure. 

Examples are AWS, Azure, GCP, IBM Cloud, Oracle Cloud.

Private Cloud - Set up on Prem. Only accessible by the organization. High security.

Examples are VMWare Cloud, Azure Stack, Red Hat OpenShift Container Platform.

Hybrid Cloud -  Setup on-prem but connected to the public cloud. Sensitive data stored in on-prem, public data in the public cloud.

Examples are Azure ARC, AWS Outposts.

--------------------------------------------------------------------------------------------------

What is Region: Each datacenters' location is called the region. Microsoft has more than 60 regions.

What is Zone: Some of the regions has more than one physical data centres. Great for availability in case one DC fails. Each physical DC called Zone. Where there is more than one DC in a region, the region is said to have availability zones.

What is Paired Region: Required for Geo-Replication.

An Azure region consists of a set of data centres deployed within a latency-defined perimeter and connected through a dedicated low-latency network. This ensures that Azure services within an Azure region offer the best possible performance and security

Region Details

https://azure.microsoft.com/en-us/global-infrastructure/geographies/

Services Availability 

https://azure.microsoft.com/en-us/global-infrastructure/services/?products=all


--------------------------------------------------------------------------------------------------



SLA Calculator :

https://uptime.is/

--------------------------------------------------------------------------------------------------

Pricing Calculator :

https://azure.microsoft.com/en-gb/pricing/calculator/

Posted by at No comments:
Subscribe to: Posts (Atom)