Cloud – Page 5 – Buchatech.com

Two new Pluralsight Courses: Heroku & Cloud Computing Fundamentals

October 1, 2020 by sbuchanan

Over the past couple of months I have been hard at work on some more Pluralsight courses. I am excited to announce that today I released 2 new courses on Pluralsight! These are both cloud related courses. One course is more DevOps focused and the other is focused more on cloud security. One of the courses is intermediate while the other is for those beginning with cloud. It’s pretty cool to have two courses listed on Pluralsight’s new releases!

Newe 0u10
「冫 59 ~ Manage.
弓 Microsoft Azur
planning Microsoft Azur

Here are the courses:

Heroku: The Big Picture

This course will teach you the basics of Heroku from; architecture components, developer and operational tooling, along with limitations and benefits of using the platform.

Heroku is a cloud PaaS service that enables companies to speed up the application lifecycle; building, delivering, monitoring, and scaling applications without the headaches of standing up infrastructure to support the application.

Some of the major topics covered in this Cloud Computing course are:

Learn about the components of the Heroku platform and how it works including the architecture, idea to running app, the runtime, Dynos and the various Heroku services.
Gain an understanding about the benefits and limitations of the Heroku platform such as pricing, language support, and ecosystem.
Insight into the developer and operational experience on Heroku.
And you will also see demos on the Heroku Dashboard, Using the Heroku Estimators, and deployment of an application to the Heroku platform.

By the end of this course, you will gain a better understanding of the Heroku platform all up including how to build and operate an application on it.

Check out the course here: https://app.pluralsight.com/library/courses/heroku-big-picture

Cloud Computing Fundamentals: Governance, Risk, Compliance, and Security

This course will teach you the fundamental knowledge needed to understand the essentials of cloud Governance, Risk, Compliance, and Security.

Q Særch_
nt Process with aoud
Cloud Computing F ndamentals:
Governance, Risk, Compliance, and
Security
by Steve Buchanan
tm ar in tm C:kø_"

Some of the major topics covered in this Cloud Computing course are:

Identifying the importance and impacts of compliance in the cloud
Understanding cloud policies or procedures
Recognizing risk management concepts related to cloud services
Security concerns, measures, or concepts of cloud operations

This Cloud Computing course will help you prepare for the CompTIA Cloud Essentials+ exam. This course is also useful if you don’t plan to take the CompTIA exam and just need to ramp up on cloud security.

Take this course if you want to learn cloud essentials, what it takes to successfully adopt cloud, the impact of cloud on IT service management, how security, and risks apply to cloud as well as consequences. This course is for someone with some exposure to cloud technologies and a general background in Information Technology at the minimum of a business analyst level.

Check out the course here: https://app.pluralsight.com/library/courses/cloud-computing-fundamentals-governance-risk-compliance-security

I hope you find value in each of these courses. These two courses bring me to a total of 5 courses now published on the Pluralsight platform. Be sure to follow my profile on Pluralsight so you will be notified as I release new courses! I will be releasing more courses soon!

Here is the link to my Pluralsight profile to follow me: https://app.pluralsight.com/profile/author/steve-buchanan

Third Pluralsight Course Published – Microsoft Azure Pricing and Support Options

July 17, 2020 by sbuchanan

Today my third Pluralsight course has been published. This course is titled “Microsoft Azure Pricing and Support Options“. It is a part of an AZ-900 learning path that will help you prepare for the Microsoft Azure Fundamentals AZ-900 exam. Learn more about that exam here: https://docs.microsoft.com/en-us/learn/certifications/exams/az-900 .

I was excited about this course as it is a part of my day to day focus on Azure. Also, this is a chance to help those that are getting started with Azure. Here is what you will gain from this course:

This course will teach you the fundamental knowledge about the pricing and support options in Azure one of the core skills measured in the AZ-900: Azure Fundamentals exam.

In this course, Microsoft Azure Pricing and Support Options, you’ll learn to estimate the pricing and support of Azure cloud services. First, you’ll explore Azure subscriptions, subscription management, and management groups.

Next, you’ll discover, plan, and manage Azure costs. Finally, you’ll learn how to understand Azure SLA’s, various Azure service lifecycles, and how to select the right support options. When you’re finished with this course, you’ll have the skills and knowledge of Azure pricing and available support needed to estimate Azure costs and select the right support options.

Please check out this new course here: https://app.pluralsight.com/library/courses/microsoft-azure-pricing-support-options

Also, be sure to follow my profile on Pluralsight so you will be notified as I release new courses! I will be releasing more courses soon!

Here is the link to my Pluralsight profile: https://app.pluralsight.com/profile/author/steve-buchanan

Second Pluralsight Course Published – Monitor and Maintain a Software-Defined Datacenter with SCOM

June 15, 2020 by sbuchanan

Pluralsight has recently published my second course. This course is Monitor and Maintain a Software-Defined Datacenter with SCOM. This one took me back to my System Center roots focusing on Operations Manager.

This course prepares you for the 70-745 exam, while simultaneously showing you how to use SCOM for your datacenter.

In the course you will learn:

How to plan, deploy, and configure Operations Manager.
Then, you will discover how to tune Operations Manager.
Finally, you will learn about monitoring infrastructure and virtual machine workloads.

By the end of this course, you will have a better understanding of how monitoring works using SCOM.

Please check out the course here: https://app.pluralsight.com/library/courses/monitor-maintain-software-defined-datacenter-scom/table-of-contents

Also, be sure to follow my profile on Pluralsight so you will be notified as I release new courses! I will be releasing an Azure course soon!

Here is the link to my Pluralsight profile: https://app.pluralsight.com/profile/author/steve-buchanan

Application Gateway Ingress Controller Deployment Script

April 10, 2020 by sbuchanan

In Kubernetes, you have a container or containers running as a pod. In front of the pods, you have something known as a service. Services are simply an abstraction that defines a logical set of pods and how to access them. As pods move around the service that defines the pods it is bound to keeps track of what nodes the pods are running on. For external access to services, there is typically an Ingress controller that allows access from outside of the Kubernetes cluster to a service. An ingress defines the rules for inbound connections.

Microsoft has had an Application Gateway Ingress Controller for Azure Kubernetes Service AKS in public preview for some time and recently released for GA. The Application Gateway Ingress Controller (AGIC) monitors the Kubernetes cluster for ingress resources and makes changes to the specified Application Gateway to allow inbound connections.

This allows you to leverage the Application Gateway service in Azure as the entry into your AKS cluster. In addition to utilizing the Application Gateway standard set of functionality, the AGIC uses the Application Gateway Web Application Firewall (WAF). In fact, that is the only version of the Application Gateway that is supported by the AGIC. The great thing about this is that you can put Application Gateways WAF protection in front of your applications that are running on AKS.

This blog post is not a detailed deep dive into AGIC. To learn more about AGIC visit this link: https://azure.github.io/application-gateway-kubernetes-ingress . In this blog post, I want to share a script I built that deploys the AGIC. There are many steps to deploying the AGIC and I figured this is something folks will need to deploy over and over so it makes sense to make it a little easier to do. You won’t have to worry about creating a managed identity, getting various id’s, downloading and updating YAML files, or installing helm charts. Also, this script will be useful if you are not familiar with sed and helm commands. It combines PowerShell, AZ CLI, sed, and helm code. I have already used this script about 10 times myself to deploy the AGIC and boy has it saved me time. I thought it would be useful to someone out there and wanted to share it.

You can download the script here: https://github.com/Buchatech/Application-Gateway-Ingress-Controller-Deployment-Script

I typically deploy RBAC enabled AKS clusters so this script is set up to work with an RBAC enabled AKS cluster. If you are deploying AGIC for a non-RBAC AKS cluster be sure to view the notes in the script and adjust a couple of lines of code to make it non-RBAC ready. Also note this AGIC script is focused on brownfield deployments so before running the script there are some components you should already have deployed. These components are:

VNet and 2 Subnets (one for your AKS cluster and one for the App Gateway)
AKS Cluster
Public IP
Application Gateway

The script will deploy and do the following:

Deploys the AAD Pod Identity.
Creates the Managed Identity used by the AAD Pod Identity.
Gives the Managed Identity Contributor access to Application Gateway.
Gives the Managed Identity Reader access to the resource group that hosts the Application Gateway.
Downloads and renames the sample-helm-config.yaml file to helm-agic-config.yaml.
Updates the helm-agic-config.yaml with environment variables and sets RBAC enabled to true using Sed.
Adds the Application Gateway ingress helm chart repo and updates the repo on your AKS cluster.
Installs the AGIC pod using a helm chart and environment variables in the helm-agic-config.yaml file.

Application Gateway Ingress Controller Architecture

Now let’s take a look at running the script. It is recommended to upload to and run this script from Azure Cloud shell (PowerShell). Run:

./AGICDeployment.ps1 -verbose

You will be prompted for the following as shown in the screenshot:

Enter the name of the Azure Subscription you want to use.:

Enter the name of the Resource Group that contains the AKS Cluster.:

Enter the name of the AKS Cluster you want to use.:

Enter the name of the new Managed Identity.:

Here is a screenshot of what you will see while the script runs.

That’s it. You don’t have to do anything else except entering values at the beginning of running the script. To verify your new AGIC pod is running you can check a couple of things. First, run:

kubectl get pods

Note the name of my AGIC pod is appgw-ingress-azure-6cc9846c47-f7tqn. Your pod name will be different.

Now you can check the logs of the AGIC pod by running:

kubectl logs appgw-ingress-azure-6cc9846c47-f7tqn

You should not have any errors but if you do they will show in the log. If everything ran fine the output log should look similar to:

After its all said and done you will have a running Application Gateway Ingress Controller that is connected to the Application Gateway and ready for new ingresses.

This script does not deploy any ingress into your AKS cluster. That will need to be done in addition to this script as you need. The following is an example YAML code for an ingress. You can use this to create an ingress for a pod running in your AKS cluster.

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: myapp
  annotations:
    kubernetes.io/ingress.class: azure/application-gateway
spec:
  rules:
  - http:
      paths:
      - path: /
        backend:
          serviceName: myapp
          servicePort: 8080

Thanks for reading and check back soon for more blogs on AKS and Azure.

Build & release a Container Image from Azure DevOps to Azure Web App for Containers

March 11, 2020 by sbuchanan

I recently published a blog post on 4sysops.com about Web App for Containers on Azure here: https://4sysops.com/archives/web-app-for-containers-on-azure. That blog post is about the often-overlooked service in Azure that can be used to host a container/s on a web app in Azure App service.

This is a great service if you just need to run a single container or even a couple of containers that you have in Docker Compose. This service is PaaS and abstracts away an orchestration system like Kubernetes. If you need insight into the Azure App Service Web App for Containers service check out the blog post on 4sysops.

In this long blog post I am going to take things a step further and walk-through the build & release of a Container from Azure DevOps to Azure Web App for Containers. The overall goal of this post is to help someone else out if they want to setup a build and release pipeline for building and deploying a container to Azure App Service. We will use a very simple PHP web app I built that will run in the container.

Here are the components that are involved in this scenario:

Azure Container Registry (ACR): We will use this to store our container image. We will be pushing up the container image and pull it back down from the registry as a part of the build and release process.
Azure DevOps (ADO): This is the DevOps tooling we will use to build our container, push it up to ACR, pull it down into our release pipeline and then deploy to our Azure App Service.
App Service Web App for Containers: This is the web server service on Azure that will be used to host our container. Under the hood this will be a container that is running Linux and Apache to host the PHP web app.

Here is the data Flow for our containerized web app:

Deploy the Azure App Service Web App for Containers instance
Deploy the Azure Container Registry
Deploy the Azure DevOps organization and project, create repository to host the code, clone repository in VS Code (Not shown in this blog post. Assume you know how to this up.)
Update the application code (PHP code and Docker image) in Visual Studio code
Commit application code from Visual Studio code to the Azure DevOps repo (Not shown in this blog post. Assume you know how to this up.)
Setup build and then run container build and push the container image to ACR
Setup release pipeline and then kick off the release pipeline pulling down the container image from ACR and deploys the container to the App Service Web App for Containers instance.

Here is a diagram detailing out the build and release process we will be using:

Note that all code used in this blog post is hosted on my GitHub here: https://github.com/Buchatech/EOTD-PHP-APP-DOCKER-CONTAINER

Ok. Let’s get into the setup of core components of the solution and the various parts of the build and release pipeline.

For starters this solution will need a project in Azure DevOps with a repo. Create a project in Azure DevOps and a repo based on Git. Name the repo exerciseoftheday. Next up let’s create the core framework we need in Azure.

Deploy Azure App Service Web App for Containers

Let’s create the Azure App Service Web App for Containers that will be needed. We will need a resource group, an app service plan and then we can setup the app service. The PHP app we will be running is named Exercise Of The Day (EOTD) for short so our resources will use EOTD. Use the following steps to set all of this up.

We will do everything via Azure Cloud Shell. Go to https://shell.azure.com/ or launch Cloud Shell within VS Code.

Run the following Syntax:

# Create a resource group

az group create –name EOTDWebAppRG –location centralus

# Create an Azure App Service plan

az appservice plan create –name EOTDAppServicePlan –resource-group EOTDWebAppRG –sku S1 –is-linux

# Create an Azure App Service Web App for Containers

az webapp create –resource-group EOTDWebAppRG –plan EOTDAppServicePlan –name EOTD –deployment-container-image-name alpine

# Create a deployment slot for the Azure App Service Web App for Containers

az webapp deployment slot create –name EOTD –resource-group EOTDWebAppRG –slot dev –configuration-source EOTD

Deploy Azure Container Registry

Now let’s create the Azure Container Registry. Again, this is where we will store the container image. Run the following Syntax:

# Create Azure Container Registry

az acr create –resource-group EOTDWebAppRG –name eotdacr –sku Basic –admin-enabled false –location centralus

Note the loginServer from the output. This is the FQDN of the registry. Normally we would need this, admin enabled, and the password to log into the registry. In this scenario we won’t need admin enabled or the password because we will be adding a connection to Azure DevOps and the pipelines will handle pushing to and pulling the image from the registry.

When it’s all done you should see the following resources in the new resource group:

Next, we will need to build an application and a container image.

Cloud Governance, Bringing Order To Your Cloud Chaos – Podcast

January 30, 2020 by sbuchanan

Recently I was a guest on the “Day Two Cloud” podcast hosted by fellow Microsoft MVP/Pluralsight author Ned Bellavance.

We talked about how native Azure governance & management tools Azure Policy, Tagging, and Blueprints can be used to bring order to your cloud environments. Listen now here:

Check it out here:

https://packetpushers.net/podcast/day-two-cloud-033-cloud-governance-bringing-order-to-your-cloud-chaos

Master Azure with VS Code

January 1, 2020 by sbuchanan

At Experts Live Europe 2019 I presented a session titled “Master Azure with VS Code”. This was a fun session with an engaging audience that took to twitter after the session. There was some chatter asking this session was recorded. It was not. I did note that I planned to write a blog post on this topic.

Here is that blog post and it is the first one of 2020 for me! In this post, we are going to dive into how VS code is helpful when working with Azure and many extensions I find useful when working with Azure. This post is not set to be an end-all to using VS Code with Azure but from my experience. Use this post as a starting point or a reference for expanding your use of VS Code with Azure. Also, check out the many other community experts and Microsoft MVPs for their additional knowledge plus tips and tricks on this topic.

VS Code Overview

First off if you are not using VS Code stop reading this right now, go download it and install it then come back to finish reading. 🙂 VS Code is a must-have in your toolbox and it is free! For those that are new to VS Code, it is an open-source – code editor developed by Microsoft that runs on Windows, Linux, and macOS. Here is a shortlist of the many benefits of VS Code:

Has support for hundreds of languages.
Has Integrated Terminal.
Also powerful developer tool with functionality, like IntelliSense code completion and debugging.
Includes syntax highlighting, bracket-matching, auto-indentation, box-selection, snippets, and more.
Integrates with build and scripting tools to perform common tasks making everyday workflows faster.
Has support for Git to work with source control.
Large Extension Marketplace of third-party extensions.

Note that yes, VS Code is for the “IT Pro”. Not just developers.

Azure Extensions in VS Code

VS Code has a ton of extensions in general. There are a number of Azure specific extensions and you can work with Azure directly from VS Code.

If you go to the VS Code Marketplace here: https://marketplace.visualstudio.com/vscode and search on Azure you will see results for many published by Microsoft and many community based extensions for Azure. As of the time of writing this blog post, there are 93. Here is a screenshot showing some of the results:

You can also go directly to the Azure Tools extension from Microsoft here:

https://marketplace.visualstudio.com/itemdetails?itemName=ms-vscode.vscode-node-azure-pack

Or the

Azure Extensions from Microsoft here:

https://code.visualstudio.com/docs/azure/extensions

In the rest of this post, I am going to share some key extensions I use with Azure. I will post the marketplace links at the end of each extension I talk about and if it is maintained by community or Microsoft.

Deploy to Azure using VS Code

It is important to note that not all of the Azure extensions available in VS Code can be used to deploy to Azure. Some can but most can’t here is a list of the services that you can deploy to from extensions in VS Code.

Azure Service	Description
Azure Functions	Build and manage Azure Functions serverless apps directly in VS Code with the Azure Functions extension.
App Service	Manage Azure resources directly in VS Code with the Azure App Service extension.
Docker	Deploy your website using a Docker container.
Azure CLI	Create, deploy, and update a website using a terminal and the Azure CLI.
Static website	Create, deploy, and update a static website on Azure Storage.

NOTE: This list is current at the time of writing this blog post. This will change over time.

Azure Cloud Shell in VS Code

Cloud Shell is something you should be using with Azure to make your life easier. It is an interactive command-line shell. You are authenticated to your Azure account when you launch it, It typically runs in the browser and is used for managing Azure resources. When you launch it you can choose the shell experience that best for you, either Bash or PowerShell. With VS Code you can launch Cloud Shell directly in VS Code!

Cloud Shell is a part of the Azure Account extension. Here are some key points on using Cloud Shell with VS Code:

Free (storage consumed has costs.)
Launch Azure Cloud Shell directly in VS Code.
Launch Bash, PowerShell, or Upload.
Works in the Integrated Terminal.

Azure and open-source Tooling in Cloud Shell:

Azure Tools:
blobxfer Azure CLI and Azure classic CLI Azure Functions CLI AzCopy Service Fabric CLI Batch Shipyard

Open-Source:
Bash Terraform Packer Ansible Chef InSpec Puppet Bolt Docker Kubectl Helm DC/OS CLI iPython Client Cloud Foundry CLI

PowerShell Modules in Cloud Shell

You get the following PowerShell modules in Cloud Shell:
Azure Modules (Az.Accounts, Az.Compute, Az.Network, Az.Resources, Az.Storage)
Azure AD Management (Preview)
Exchange Online (In development)
MicrosoftPowerBIMgmt
SqlServer

Marketplace Link:

Azure Account: https://marketplace

Maintained By Microsoft

Walk-through: use Azure Policy modify effect to require tags

September 27, 2019 by sbuchanan

In my day to day I do cloud foundations work helping companies with their Azure governance and management. On projects we will develop a tagging strategy. A tagging strategy is only good if it is actually used. One way to ensure that tags are used is by using Azure Policy to require tags on resource groups or resources.

In the past I have used the deny effect in an Azure Policy to require tags upon resource creation. I basically use the template as previously blogged about here: https://www.buchatech.com/2019/03/requiring-many-tags-on-resource-groups-via-azure-policy. This policy works but can be a problem because the error that is given when denied during deployment is not clear about what tags are required. Also, folks think it is a pain and slows down the provisioning process.

I set out to require tags using a different method. The idea was to use the effect append vs deny so that resources without the proper tags would be flagged as non-compliant and the policy would add the required tags with generic values. Someone from the cloud team could then go put in the proper values for the tags bringing the resources into compliance. Th end result was that the effect append does work remediating with a single tag but falls down when trying to remediate using multiple tags.

I discovered that this behavior was intended and that the append effect only supports one remediation action (i.e. one tag). On 9-20-19 Microsoft updated the modify effect so that Modify can handle multiple ‘operations’ – where each operation specifies what needs to be remediated.

Now let’s walk through using the modify effect in an Azure Policy to add multiple tags on a resource group.

You will need to start off by coding your Azure Policy definition template. There are three important parts you need to ensure you have in template. You need to have modify effect for the proper effect, roleDefinitionIds as this is the role that will be used by the managed identity set as contributor, and operations to tell Azure policy what to do when remediation out of compliance resources.

"effect": "modify",

and

"roleDefinitionIds": [
            "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"

and

 "operations": [
            {
            "operation": "addOrReplace",

Here is a screenshot of the template.

You can get the full Azure Policy definition ARM Template on my GitHub here:

Required Tags Azure Policy Modify Effect.json

Add the ARM template as a new policy definition in the Azure portal.

See the following screenshot to complete your Azure policy definition.

You will then see your new Azure policy definition.

Next, you need to assign the Azure policy definition. To do this click on Assignments.

See the following screenshot to complete your Azure policy assignment.

Note that this policy assignment will create a managed identity so that the policy has the ability to edit tags on existing resources.

The assignment will now be created but the evaluation has not happened so the compliance state will be set to not started as shown in the following screenshot.