Store the app secrets in Azure Key Vault and use during Azure Pipelines

You can easily store your environment related secrets in the Azure Pipelines releases as variables and mark them as secrets which will encrypt and hide them. So anyone having access to the release definition would be not able to view them. Most of the times, it suffices as once set, they become encrypted and can not be viewed in text form.

However, sometimes it may happen that the person who keeps the secret would not be the same person as who is creating the release definition. Think of that as a way of segregating the responsibilities between the two. Also, it may be possible that the person who has provisioned the environment is not comfortable to share the secrets with anyone in plain text. After all, the best way to keep a secret is not to tell anyone about it. This is where the Azure Key Vault fits in very nicely. It can be used to store and transfer the secrets/certificates needed for your environment in a secure way.
Continue reading “Store the app secrets in Azure Key Vault and use during Azure Pipelines”

Configure CI/CD in Azure Pipelines to deploy docker containers as Azure Web App

Few days back, we learned about how to publish Azure Container Instances where-in we can deploy either a container or group of containers and use the same. Azure Web App for Containers allows you to not only run your containers but it also brings forth the PaaS innovations for the Web App. So it brings best of the both worlds together. It also allows you to not worry about the maintaining an container orchestrator mechanism. You can prefer to package their code and dependencies into containers using various CI/CD systems like Jenkins, Maven, Travis CI or VSTS, alongside setting up continuous deployment web hooks with App Service.

In this blog post we’ll learn more about how to deploy .NETCore application packaged as docker container and using CI/CD in Azure Pipelines (Formerly VSTS). Continue reading “Configure CI/CD in Azure Pipelines to deploy docker containers as Azure Web App”

Troubleshooting ERROR: The subscription is not registered to use namespace ‘Microsoft.ContainerInstance’.

While trying to create the Azure Container Instances on one of the newly created Azure Subscription, we came across this strange error, “ERROR: The subscription is not registered to use namespace ‘Microsoft.ContainerInstance'”. So we checked our configuration and the way we were creating the Azure Containers, and it all seemed okay. So we dig a little around by using PowerShell, authenticate to Azure using Login-AzureRmAccount and fire few commands.

The first command we fired was classic Get-Command to check if there are any existing cmdlets to help with Azure Resources and sure enough, there it was:
Continue reading “Troubleshooting ERROR: The subscription is not registered to use namespace ‘Microsoft.ContainerInstance’.”

Azure RM Resource group deployment failed with error: Creating the deployment xx would exceed the quota of ‘800’.

Recently while deploying the source code using our CI/CD pipelines, we have got this error:

There were errors in your deployment. Error code: DeploymentQuotaExceeded.

2018-05-30T04:52:38.0042831Z ##[error]Creating the deployment ‘azuredeploy-20180430-045236-1abd’ would exceed the quota of ‘800’. The current deployment count is ‘800’, please delete some deployments before creating a new one. Please see https://aka.ms/arm-deploy for usage details.

2018-05-30T04:52:38.0051084Z ##[error]Task failed while creating or updating the template deployment.

One of the steps used by our release pipelines uses ARM template to make sure that resource being targeted has required azure configuration.
Continue reading “Azure RM Resource group deployment failed with error: Creating the deployment xx would exceed the quota of ‘800’.”

Apply / Update application settings for Azure App Service using PowerShell

Windows Azure App Service (Now an umbrella term for Azure Web App, Azure Api App, etc.) has a handy capability whereby developers can store key-value string pairs in Azure as part of the configuration information associated with a website.  At runtime, Windows Azure Web Sites automatically retrieves these values for you and makes them available to code running in your website.  Since the key-value pairs are stored behind the scenes in the Windows Azure Web Sites configuration store, the key-value pairs don’t need to be stored in the file content of your web application.  From a security perspective that is a nice side benefit since sensitive information such as Sql connection strings with passwords never show up as cleartext in a config file. However, sometimes, this can be a little too much for the Azure Admins to configure each setting over there. In this blog post, we’ll learn how to apply application settings using PowerShell.  Continue reading “Apply / Update application settings for Azure App Service using PowerShell”

Create Azure Storage Shared Access Signature and manage files with PowerShell

In one of the previous posts, we discussed how to create and manage Azure Storage accounts using PowerShell. However, we were using storage account key when trying to upload / delete / download files from azure blob storage. In case, you need to delegate access to a third person, this seems like a too much of access since that person will have access to whole storage account. In this post, we will discuss how to use SAS aka Shared Access Signature to delegate access in controlled way.

Concept of Shared Access Signature

A shared access signature is a way to delegate access to resources in a storage account, without sharing the storage account keys. Continue reading “Create Azure Storage Shared Access Signature and manage files with PowerShell”

Provision Azure Storage Account and automate file upload and deletion using PowerShell

Microsoft Azure Storage is a cloud offering from Microsoft that provides highly scalable, available, durable storage. Its a part of Microsoft Azure offerings. Azure Storage consists of three data services: Blob storage, File storage, and Queue storage. Blob storage supports both standard and premium storage, with premium storage using only SSDs for the fastest performance possible.

Now as is often the case with the cloud services, it comes at a cost. So you should be very careful in using only the space you need and not paying for extra storage consumption that you should not need to. Along with that, you should be able to automate it. In this blog post, we’ll learn how to create an Azure Storage account, uploads some files to it in the blob storage and then delete them all using PowerShell.  Continue reading “Provision Azure Storage Account and automate file upload and deletion using PowerShell”