27/11/2023
Azure FinOps using Terraform and Infracost - Finding the hourly or monthly cost before Azure DevOps Deployments
16/07/2023
Azure DevOps Self-Hosted Agents Automation Using Packer and Terrafrom
- Generating a Managed VM Image using Packer.
- Saving the Managed image to a Image gallery within my tenant.
- Create a Virtual Machine Scale Set(VMSS) from the said image.
- Register the VMSS as DevOps Self-Hosted agents.
- Run a time intensive project using self-hosted pool to see how VMSS will autoscale.
- Then update the VM image with new build and see how we can update the existing Self-hosted agents.
07/07/2023
Terraform Azure Application Landing Zone - TF AZ Bootstrap
Objective: This post is to provide a kick strat your Azure DevOps journey by providing a Seed Repo for your Azure DevOps organization. Every time when a new application is about to be launched into Azure, you have to go through the provisioning of launchpad and Devops Repo and building the CI/CD pipelines. Below project will address all of those concerns.
Now i want to create similar thing and add couple of more steps and make it avilable for everyone.
Here is what you gona get.
11/06/2023
Deploying Virtual WAN using Terraform & Azure DevOps
Let me summarize Azure networking options based on usecase:
- You need network connectivity between resources across different virtual networks in same region, you need to implement VNet peering.
- You need connectivity between resources in virtual networks spanned across different region, you need to implement Global VNet peering.
- You need network connectivity between your Organization (On-Prem) and your azure tenant and you are ok to have the secure channels over the internet, You need to implement site to site VPN gateways.
- You want network connectivity between your offices to azure tenancy with high throughput and not over internet, you need to implement Express Route.
- You need individual users to use services hsoted in your Azure tenant, you will implemnet Point-to-site VPN gateway.
All the above implementations are different on thier configurations and they each cater for each use case in its own capacity.
Here is why you need to choose Virtual WAN if you are already using more than 2 capabilities mentioned above.
- VWAN brings all of the above network connectivity implemntations under one centralized platform.
- VWAN automatically deployes one hub in each choosen region which implements Hub-spoke network design by default.
- Site-to-Site VPN gateways supports max of 10, 30 and 100 tunnels in Basic, Standard and HighPerformance SKUs. VWAN supports upto 1000 branch conncetions per VWAN hub, which can throuhput at 20GBps per hub.
- Though private communication between VNets in both VNet Peering and VWAN are ecrypted over MS backbone network, Adding additional firewall security is way easier in VWAN comapred to VNet peering.
- VWAN has most of the above services deployed across all avilability zones in a given region thus making it more relaible and scalable without any manual intervention.
- Virtual WAN provides many functionalities built into a single pane of glass such as site/site-to-site VPN connectivity, User/P2S connectivity, ExpressRoute connectivity, virtual network connectivity, VPN ExpressRoute Interconnectivity, VNet-to-VNet transitive connectivity, Centralized Routing, Azure Firewall and Firewall Manager security, Monitoring, ExpressRoute Encryption, and many other capabilities. Pick and choose what you want.
More information is available on MS Documentation. All refrence links are provided at the end of the article.
Now the title of artice is no "Why VWAN?" it says "Deploying VWAN using Terrafrom & Azure Devops". So lets jump in to deployment.
26/03/2022
How to build subscription based security around Azure functions
Working in company which deals with hundreds of client azure tenants showed me how different it is working on your own tenant.
Recently i worked on a subscription based service and i want to show you how to build the secruity walls arround your azure functions.
Here is an example of subscriotion service which caters differently for each client based on thier type of subscription. Free or Paid or Premium.
11/03/2022
React Js Modularity - Breaking a monolith react component into modular components
Earlier in 2017, I have written a few articles on Basics of SharePoint Framework, Use of React JS and React JS component life cycle.
But Most of the SPFx web parts I created were task oriented and not application oriented. This means the size of the React components is small.
Now I am working on a product / application level components which are complex and big in size.
Here is a screenshot of a POC I am currently working.
10/02/2022
Azure PIM Provisioning and Configuration
Setting up PIM Administrator
Global
Admins enable PIM provisioning and create PIM Admin role assignment.
PIM Admin Account Pre-requisites:
PIM admin
account need to have below 2 licenses assigned.
- Azure AD Premium P2
- Enterprise Mobility + Security (EMS) E5
PIM Admin Setup:
1. Login to Azure portal as Global
admin, navigate to Azure Active Directory.
2. In Featured highlights, click on
3. Click on “Azure AD roles” in left pane=> Navigate to “Roles” by clicking on
4. Search for “privileged role administrator”.
5. Click on “Privileged Role Administrator” role. Click on
6. Follow below configuration
Field |
Value |
Reason |
Selected
Member(s)* |
PIM
Admin Account |
This
should be an account which will be permanently treated as PIM admin |
Assignment
type |
Eligible |
This
means PIM admin account is always eligible, but not active. PIM admin need to
activate this role every time the changes need to be made to PIM
configuration |
Permanently
eligible |
YES |
Always
eligible, but not active. |
24/05/2021
Data Persistence Models in Docker Containers
A container has different layers starting with Minimal Subset of OS topped by Container Filesystem topped by Application layer topped by Hosting layer. All these layers are read-only.
There is a top layer called Container Runtime layer which will be in a Read/Write state.
The data on Container Runtime layer is persistent only when the container is stopped/started . If a continer is deleted, this data will be lost forever. Also this data is isolated only to that continer and cannot be shared with other containers.
So lets look at better data persistance models to share data between different containers on a Host.
Volume is the storage created and managed by Docker. This means no containers can go beyond the boundaries of docker while working with volumes.
Bind Mount is the storage directly from file system of the host file. So if there is a malicious code deployed in a container, it can break the host by manipulating the host filesystem.
By now looking at color coding you should have understood that Volume is a better/safer way of storing and sharing data between containers. Let me show you by a demonstration.
22/05/2021
Containerize ASP.Net Core app on Azure Kubernetes Cluster
In my earlier post, we have deployed ASP.Net Core application to a Container hosted by a Linux Server.
There are some problems with this approach.
- What if the Host VM is stopped?
- What if Container Instance is stopped?
- How do we manage the deployment of any app changes?
- Even when we stop Host VM, you still be paying for the Disk allocated. How we can avoid that?
This is where Azure Kubernetes comes into the picture.
Azure Kubernetes provide serverless CI/CD experience which also manages Health, Security, Auto-Scaling, Deployment and Governance aspects. More details can be found here.
In this article we will be:
- Deploy a ASP.Net Core App to a Container
- Create a Container Image from .Net Core Container
- Push the Image to Azure Container Registry
- Use Kubernetes to Pull that image and create mutliple instances of the container in Kubernete Pods.
- Expose the .Net Core App via Azure Load-Balancer.