If your working in Azure regularly at scale then it’s very likely you spend a fair amount of time at the command line using the Azure PowerShell cmdlets or Azure CLI (or both).
This week at the Build conference Microsoft announced: “Windows Terminal” a new command line experience for Windows, which looks very interesting. It’s still in development, but you can download the source from Github and build it yourself if you’re interested in trying it out.
Maybe joy is not the right word, but tags can be a handy tool for organising and querying your Azure resources, and are something I find are often not used very well. In this article, we’ll take a look at why tags are useful and some examples of how you can use them and what you can do to ensure they are applied.
Tags If you’ve not already seen them, tags allow you to add arbitrary key-value pairs to most (there are still some edge cases) resource in Azure.
If your authoring ARM templates then you can use pretty much any text editor, however, tools like Visual Studio and Visual Studio code offer some additional functionality to help you with the process. If you are using VS Code, then Microsoft has created the “Azure Resource Manager Tools” extension to add support for ARM templates. If your not already using this extension, then I recommend you install it, however, the features this extension provides are not always apparent.
When you deploy a service in AKS that is of type load balancer, or you create an Ingress, AKS will automatically create an NSG rule for you . This rule is applied to the NSG that is attached to your nodes NICs and will open up your services port to “All”. If your planning on publishing your application to be accessed by anyone then this is fine. However, if you want to lock access to your application down to specific users then this can be a bit of a pain.
Prometheus has become the default metrics collection mechanism for use in a Kubernetes cluster, providing a way to collect the time series metrics for your pods, nodes and clusters. This metric collection allows you to monitor for issues, review performance over time, and also provide metrics to be used by the scaling functionality in Kubernetes. Both the Pod and Cluster auto-scaler can take custom metrics from Prometheus and use these to determine if they can scale out.
This is a relatively new feature in Azure Resource Manager Templates that I wasn’t aware of until someone mentioned it to me today. It is now possible to catch the failure of an ARM template deployment and then trigger running a previous version of the template when this happens. I’m hesitant to call this a roll-back (even though the docs do), as there are some limitations that mean it’s not really a full roll-back, but it could be a useful tool to deal with failed deployments.
I recently delivered a session at Microsoft Ignite The Tour in London around governance in Azure. One of the critical points in this session is that before you try and implement any controls around resources, cost or security you need to have a good understanding of what your Azure estate currently looks like and what resources you are making use of, so you know where to focus your effort.
There is no point spending lots of time implementing policies to restrict which size web apps you can deploy if no one is using them.
Budgets are a feature of the new Azure cost management tool, which is primarily the integration of Cloudyn into the Azure portal. Budgets allow you to set a financial boundary for a subscription or a resource group, which you can monitor through cost management and trigger alerts when you are close to the cost set in your budget.
One thing you cannot do with budgets, and something that many people feel is an obvious requirement, is to stop people spending any more money when they hit the budget.
I have a love/hate relationship with Windows containers. On the one hand, it is great that we have an option for containerising legacy applications that are dependant on things like the full .net framework or other Windows-only features. On the other hand, Windows containers have some many limitations and issues compared to Linux containers, that working with them becomes painful. These limitations include what options you have for hosting these contains when you want to run them in Azure.
From the early days of Azure, it has been possible to configure storage accounts to be geo-redundant. Geo-redundant storage is replicated 3 times in the local region and then a further 3 times in the paired region, so that should the primary region go down, data can be accessed in the secondary. The big problem with this, however, is that the failover to the secondary region is under Microsoft’s control. Microsoft are the ones to decide as to whether the primary region is impaired enough to require storage to be failed over to the secondary region.
