Store the app secrets in Azure Key Vault and use during Azure Pipelines

November 16, 2018February 14, 2019 Mohit Goyal5 Comments

You can easily store your environment related secrets in the Azure Pipelines releases as variables and mark them as secrets which will encrypt and hide them. So anyone having access to the release definition would be not able to view them. Most of the times, it suffices as once set, they become encrypted and can not be viewed in text form.

However, sometimes it may happen that the person who keeps the secret would not be the same person as who is creating the release definition. Think of that as a way of segregating the responsibilities between the two. Also, it may be possible that the person who has provisioned the environment is not comfortable to share the secrets with anyone in plain text. After all, the best way to keep a secret is not to tell anyone about it. This is where the Azure Key Vault fits in very nicely. It can be used to store and transfer the secrets/certificates needed for your environment in a secure way.
Read More »

Remove old docker images from Azure Container Registry

September 13, 2018February 13, 2019 Mohit Goyal2 Comments

As part of the Continuous Integration process, new builds are generated which contains certain enhancements or modification or bugfixes. For a containerized application deployment, docker images are created as part of builds which then needs to be uploaded to one of the container registries. Over the time, the registry will get filled up. Also as one use more and more space on the container registry, one needs to pay more and more.

There are no inbuilt commands or utilities provided by Docker for this. You have to write complex scripts for doing it. Fortunately, in latest round of the Azure CLI update, Microsoft has added some commands to do this. However, it can be cumbersome to select and remove docker images one at a time. Read More »

Azure RM Resource group deployment failed with error: Creating the deployment xx would exceed the quota of ‘800’.

June 5, 2018February 13, 2019 Mohit GoyalLeave a comment

Recently while deploying the source code using our CI/CD pipelines, we have got this error:

There were errors in your deployment. Error code: DeploymentQuotaExceeded.

2018-05-30T04:52:38.0042831Z ##[error]Creating the deployment ‘azuredeploy-20180430-045236-1abd’ would exceed the quota of ‘800’. The current deployment count is ‘800’, please delete some deployments before creating a new one. Please see https://aka.ms/arm-deploy for usage details.

2018-05-30T04:52:38.0051084Z ##[error]Task failed while creating or updating the template deployment.

One of the steps used by our release pipelines uses ARM template to make sure that resource being targeted has required azure configuration.
Read More »

Enable and Use Nested Virtualization on Azure Virtual Machine

June 1, 2018March 4, 2019 Mohit GoyalLeave a comment

Nested Virtualization is one of the cool new features in Windows Server 2016 that allows you to install hyper-v, create and run virtual machines inside a hyper-v virtual machine itself. In other words, a hyper-v virtual machine can act as a virtual host server. A great benefit of nested Hyper-V virtualization is for labs and training scenarios where you can, for instance, build a cluster of several virtual Hyper-V hosts on a single physical computer. This also allows one to use hyper-v containers and is required by Docker.

Also, provided you have required resource capacity, there are no depths of this feature. That means, you can create a virtual machine, inside a virtual machine, install hyper-v on guest virtual machine and then create virtual machines inside it. Well if you have seen inception, its something like it. In this blog post, we will learn how to do the same for Azure Virtual Machine. Read More »

Apply / Update application settings for Azure App Service using PowerShell

February 26, 2018February 13, 2019 Mohit Goyal4 Comments

Windows Azure App Service (Now an umbrella term for Azure Web App, Azure Api App, etc.) has a handy capability whereby developers can store key-value string pairs in Azure as part of the configuration information associated with a website. At runtime, Windows Azure Web Sites automatically retrieves these values for you and makes them available to code running in your website. Since the key-value pairs are stored behind the scenes in the Windows Azure Web Sites configuration store, the key-value pairs don’t need to be stored in the file content of your web application. From a security perspective that is a nice side benefit since sensitive information such as Sql connection strings with passwords never show up as cleartext in a config file. However, sometimes, this can be a little too much for the Azure Admins to configure each setting over there. In this blog post, we’ll learn how to apply application settings using PowerShell. Read More »

Backup / Restore Data to / from Azure Cosmos Database with Mongo DB API

February 21, 2018February 13, 2019 Mohit Goyal5 Comments

Azure Cosmos Database (formerly known as Azure DocumentDB) is a PaaS offering from Microsoft Azure. As a document store, it falls into the same category as MongoDB, CouchDB or RethinkDB and other No SQL DBs and just like those, it handles documents in the JSON format.

Azure Cosmos DB automatically takes backups of all your data at regular intervals. These automated backups are currently taken approximately every four hours and latest 2 backups are stored at all times. If the data is accidentally dropped or corrupted, you can contact Azure support within eight hours.

Now what happens if you figure out after 8 hours that your data is lost or if its corrupted in your development / staging environments or something accidentally went wrong with production while everyone was on holidays.Read More »

Create Azure Storage Shared Access Signature and manage files with PowerShell

February 15, 2018February 13, 2019 Mohit Goyal2 Comments

In one of the previous posts, we discussed how to create and manage Azure Storage accounts using PowerShell. However, we were using storage account key when trying to upload / delete / download files from azure blob storage. In case, you need to delegate access to a third person, this seems like a too much of access since that person will have access to whole storage account. In this post, we will discuss how to use SAS aka Shared Access Signature to delegate access in controlled way.

Concept of Shared Access Signature

A shared access signature is a way to delegate access to resources in a storage account, without sharing the storage account keys.Read More »

Provision Azure Storage Account and automate file upload and deletion using PowerShell

January 26, 2018February 13, 2019 Mohit Goyal1 Comment

Microsoft Azure Storage is a cloud offering from Microsoft that provides highly scalable, available, durable storage. Its a part of Microsoft Azure offerings. Azure Storage consists of three data services: Blob storage, File storage, and Queue storage. Blob storage supports both standard and premium storage, with premium storage using only SSDs for the fastest performance possible.

Now as is often the case with the cloud services, it comes at a cost. So you should be very careful in using only the space you need and not paying for extra storage consumption that you should not need to. Along with that, you should be able to automate it. In this blog post, we’ll learn how to create an Azure Storage account, uploads some files to it in the blob storage and then delete them all using PowerShell. Read More »

mohitgoyal.co

#Cloud #Devops #Automation #SRE

Category: PowerShell