End-to-end Pipelines for Automating Microsoft Azure Deployments
Overview :
Imagine a fully automated, end-to-end pipeline for your cloud deployments—one that encompasses and automates everything:
• Source code repos.
• The build and release iterations.
• Agile processes supported by continuous integration and continuous deployment (CI/CD)
• Security and governance.
• Business unit chargebacks.
• Support and maintenance.
Azure services and infrastructure-as-code (IaC) make control plane automation very achievable. Many enterprise IT groups dream of creating or unifying their disparate automation processes and supporting a common, enterprise-wide datacenter control plane in the cloud that is integrated with their existing or new DevOps workflows. Their development environments may use Jenkins, Azure DevOps Services (formerly Visual Studio Team Services), Visual Studio Team Foundation Server (TFS), Atlassian, or other services. The challenge is to automate beyond the CI/CD pipeline to the management and policy layers. From a planning and architecture standpoint, it can seem like an overwhelming program of interdependent systems and processes. This guide outlines a planning process that you can use for automated support of your cloud deployments and DevOps workflows beyond the CI/CD pipeline. The Azure platform provides services you can use, or you can choose to work with third-party or open source options. The process is based on real-world examples that we have deployed with enterprise customers on Azure.
This whitepaper was authored by Tim Ehlen. It was edited by Nanette Ray. It was reviewed by AzureCAT.
Don’t miss the Live Stream of Microsoft Ignite 2018
Get the latest insights and skills from technology leaders and practitioners shaping the future of cloud, data, business intelligence, teamwork, and productivity. Immerse yourself with the latest tools, tech, and experiences that matter, and hear the latest updates and ideas directly from the experts.
Watch live https://www.microsoft.com/en-us/ignite as Microsoft CEO Satya Nadella lays out his vision for the future of tech, then watch other Microsoft leaders explore the most important tools and technologies coming in the next year. After the keynotes, select Microsoft Ignite sessions will stream live—take a deep dive into the future of your profession.
Azure Kubernetes Service (AKS) makes it simple to deploy a managed Kubernetes cluster in Azure. AKS reduces the complexity and operational overhead of managing Kubernetes by offloading much of that responsibility to Azure. As a hosted Kubernetes service, Azure handles critical tasks like health monitoring and maintenance for you. In addition, the service is free, you only pay for the agent nodes within your clusters, not for the masters.
When you have a Web App like Joomla CMS running on Microsoft Azure Kubernetes Services (AKS) and you need more capacity or performance, you can really easy Scale-Up and Scale-Down when needed. It is easy to scale an AKS cluster to a different number of nodes. Select the desired number of nodes and run the az aks scale command. When scaling down, nodes will be carefully cordoned and drained to minimize disruption to running applications. When scaling up, the az command waits until nodes are marked Ready by the Kubernetes cluster.
Scaling your Azure Kubernetes Cluster (AKS)
In the following step-by-step guide I’m scaling my AKS Cluster from 2 nodes to 4 node Kubernetes Cluster :
Here you can scale your Cluster to the right Size Click on Save to execute.
One AKS Cluster can Scale-Up to 100 vCPU’s and 350 GB of Memory 😉
It’s updating now my 2 Node AKS Cluster to 4 Nodes.
( wait a couple of minutes )
When you open the Kubernetes Dashboard you see the load on the 4 Nodes.
When you don’t need a 4 Node Cluster performance and/or capacity any more because of the workload, you can scale your Cluster back to 2 Node Cluster for example.
Scaling down to 2 Node AKS Cluster.
Back to 2 Node Azure Kubernetes Cluster.
Just Refresh in Visual Studio Code
2 Node Cluster Again.
And my Joomla CMS Web App is running on 2 Node AKS Cluster.
This was Scaling your Microsoft Azure Kubernetes Cluster (AKS), the Next step-by-step guide I’m Upgrading my Azure Kubernetes Cluster (AKS) to a New version.
Upgrading your Azure Kubernetes Cluster (AKS)
My Current version of AKS is 1.10.5
I’m Upgrading to Kubernetes version 1.10.6
Click on Save to Execute.
After +/- 10 minutes my AKS Cluster was Up-to-Date.
with kubectl version you see the Changes in Visual Studio Code (VSC)
And of course you get notified by the Azure Portal when your Upgrade is Done 🙂
This 300 pages guide presents a structured approach for designing cloud applications that are scalable, resilient, and highly available. The guidance in this e-book is intended to help your architectural decisions regardless of your cloud platform, though we will be using Azure so we can share the best practices that we have learned from many years of customer engagements.
In the following chapters, we will guide you through a selection of important considerations and resources to help determine the best approach for your cloud application:
Choosing the right architecture style for your application based on the kind of solution you are building.
Choosing the most appropriate compute and data store technologies.
Incorporating the ten high-level design principles to ensure your application is scalable, resilient, and manageable.
Utilizing the five pillars of software quality to build a successful cloud application.
Applying design patterns specific to the problem you are trying to solve
The Azure DevOps Project presents a simplified experience where you bring your existing code and Git repository, or choose from one of the sample applications to create a continuous integration (CI) and continuous delivery (CD) pipeline to Azure. The DevOps project automatically creates Azure resources such as a new Azure virtual machine, creates and configures a release pipeline in VSTS that includes a build definition for CI, sets up a release definition for CD, and then creates an Azure Application Insights resource for monitoring.
Infrastructure as Code (IaC) gives you benefits like :
Consistency in naming conventions of Azure components
Working together in the same way with your company policies
Reusability of Templates
Automatic documentation and CMDB of deployments in your repository
Rapid deployments
Flexibility and Scalability in code for Azure Deployments
As an Large Enterprise Company you don’t want to Click and Type in the Azure Portal with lot of employees to get the job done in a consistent way. The changes and deployments will be different in time because people can make mistakes. For Developers it’s important to make your building process before you publish your application, so why not for DevOps and ITpro to do the same thing for Infrastructure.
In the following step-by-step guide you will learn how to make a Microsoft Azure DevOps Project and make a CI/CD Pipeline deploying a virtual machine with your ASP.net Application.
When you have your prerequisites in place you can start with the following steps :
Search for DevOps at All Services in the Azure Portal
Select .NET and Click on Next
You can see where you are in the flow of creating your CI/CD Pipeline, when you need a Azure SQL Database for your ASP.net application you can select Add a Database (Option). This will provide you Azure SQL as a Service (PaaS).
Database-as-a-Service
(I didn’t Choose for SQL)
In this step select Virtual Machine and click Next
From here you can create a VSTS account or your Existing account of Visual Studio Team Services. After selecting VSTS you can manage your Azure settings and by clicking on Change you can select the Azure options.
Select the Virtual Machine you need for your Application.
Here you see the Deployment Running
Important for Infrastructure as Code (IaC), the Deployment template can be saved into the library and / or you can download it for reusability or make your own policies into the template.
When you save it into the Azure Library you get the release notes and who’s the publisher
In the Microsoft Azure DevOps Project main Dashboard you will see the status of your CI/CD Pipeline and that release is in progress or not. On the right-side of the Dashboard you see the Azure resources like the Application endpoint, the Virtual Machine and Application Insights for monitoring. When the CI/CD Pipeline deployment is succeeded you can browse to your ASP.net Application.
Your Application.
Your Virtual Machine Running and in the Monitoring.
The Microsoft Azure DevOps Project CI/CD Pipeline is Completed.
Application Insights is an extensible Application Performance Management (APM) service for web developers on multiple platforms. Use it to monitor your live web application. It will automatically detect performance anomalies. It includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app. It’s designed to help you continuously improve performance and usability. It works for apps on a wide variety of platforms including .NET, Node.js and J2EE, hosted on-premises or in the cloud. It integrates with your DevOps process, and has connection points to a variety of development tools. It can monitor and analyze telemetry from mobile apps by integrating with Visual Studio App Center and HockeyApp.
You can drill down into the error to see what is happening.
Azure Application Insights topology
Application Insights is aimed at the development team, to help you understand how your app is performing and how it’s being used. It monitors: Request rates, response times, and failure rates – Find out which pages are most popular, at what times of day, and where your users are. See which pages perform best. If your response times and failure rates go high when there are more requests, then perhaps you have a resourcing problem. Dependency rates, response times, and failure rates – Find out whether external services are slowing you down. Exceptions – Analyse the aggregated statistics, or pick specific instances and drill into the stack trace and related requests. Both server and browser exceptions are reported. Page views and load performance – reported by your users’ browsers. AJAX calls from web pages – rates, response times, and failure rates.
User and session counts. Performance counters from your Windows or Linux server machines, such as CPU, memory, and network usage. Host diagnostics from Docker or Azure. Diagnostic trace logs from your app – so that you can correlate trace events with requests. Custom events and metrics that you write yourself in the client or server code, to track business events such as items sold or games won.
You can also drill down into Microsoft Azure Log Analytics and run your analytics queries to get the right information you want for troubleshooting. More information on Azure Log Analytics and queries is on MSFT docs.
From App Insight we see it was an Exception error
Because the Azure DevOps Project is connected with VSTS you can follow the Build and Release here to and you got your documentation of the CI/CD Pipeline.
From here you can work with your Developers and DevOps and manage the User and Groups security in de CI/CD Pipeline for the next Build. Working together to build innovative apps via VSTS from one Dashboard :
VSTS Dashboard
Next day you see it was one time error and the Pipeline is running Fine 😉
Invest in your CI/CD Pipeline and make your own environment is important before you deploy into Azure production for your business. Make your ARM Templates and Code in repositories like Git or VSTS. When you have this all in place your are more in control of your consistent Deployments and Changes in the Azure Cloud. I hope this blogpost is useful for you and your Company. Start today with Infrastructure as Code (IaC) and get the benefits 😉
Azure Cloud Shell is an interactive, browser-accessible shell for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work. Linux users can opt for a Bash experience, while Windows users can opt for PowerShell
Docker CE for Windows is Docker designed to run on Windows 10. It is a native Windows application that provides an easy-to-use development environment for building, shipping, and running dockerized apps. Docker CE for Windows uses Windows-native Hyper-V virtualization and networking and is the fastest and most reliable way to develop Docker apps on Windows. Docker CE for Windows supports running both Linux and Windows Docker containers. Download Docker for Windows Community Edition Edge here
From Docker for Windows version 18.02 CE Edge includes a standalone Kubernetes server and client, as well as Docker CLI integration. The Kubernetes server runs locally within your Docker instance, is not configurable, and is a single-node cluster.
I’m using Docker for Windows CE version 18.05.0
Now your Single node Kubernetes Cluster is running.
To get the Kubernetes Dashboard you have to install it with Kubectl :
Now it’s time to make your first containers (Pods) on Kubernetes.
Click on +CREATE in the upper right corner.
For example code I used a yaml script to deploy Nginx with 3 replicas
Deploying the Nginx Containers (Pods)
Nginx is running on Kubernetes.
With Microsoft Visual Studio Code and the Kubernetes extension you can play with Nginx Containers (pods) locally on your laptop.
When you need more capacity and want to scale-up with more Containers (Pods) for your solution, you can use Microsoft Azure Cloud with Azure Kubernetes Services
Architecting and Building Hybrid Cloud Apps for Azure and Azure Stack.
With Filippo Seracini @pipposeraand Ricardo Mendes @rifmendesfrom the AzureStack Team
When you have installed Microsoft Visual Studio Code which is Free and Open Source with Git integration, Debugging and lot of Extensions available,
You activate the Microsoft Azure App Service extension in VSC.
Azure App Service Extension
You can install really easy more Azure Extensions here.
On the Left you will see your Azure Subscription and by pushing the + you will create a new Azure WebApp.
After this it will install your Microsoft Azure Web App in the Cloud in a couple of seconds 🙂
When you open the Azure Portal you will see your App Service plan running.
From here you can configure your Azure Web App for Continues Delivery, and use different tools like VSC, Kudu or Azure App Service Editor.
Azure Web Apps enables you to build and host web applications in the programming language of your choice without managing infrastructure. It offers auto-scaling and high availability, supports both Windows and Linux, and enables automated deployments from GitHub, Visual Studio Team Services, or any Git repo.
And to come back at Microsoft Visual Studio Code, you can manage and Build your Azure Web App from here too :
Azure Web App Services in VSC
Hope this first step by step Guide is useful for you to start with Microsoft Azure Web App and Visual Studio Code to make your Pipeline.
More Information at Visual Studio Code
Microsoft Azure Storage tools
Type azcopy /? for help on AzCopy.
C:\Program Files (x86)\Microsoft SDKs\Azure>azcopy /?
—————————————————————————— AzCopy 7.1.0 Copyright (c) 2017 Microsoft Corp. All Rights Reserved.
——————————————————————————
AzCopy </Source:> </Dest:> [/SourceKey:] [/DestKey:] [/SourceSAS:] [/DestSAS:]
[/V:] [/Z:] [/@:] [/Y] [/NC:] [/SourceType:] [/DestType:] [/S]
[/Pattern:] [/CheckMD5] [/L] [/MT] [/XN] [/XO] [/A] [/IA] [/XA]
[/SyncCopy] [/SetContentType] [/BlobType:] [/Delimiter:] [/Snapshot]
[/PKRS:] [/SplitSize:] [/EntityOperation:] [/Manifest:]
[/PayloadFormat:]
## ## Common Options ##
## /Source:<source> Specifies the source data from which to copy.
The source can be a directory including:
a file system directory, a blob container,
a blob virtual directory, a storage file share,
a storage file directory, or an Azure table.
The source can also be a single file including:
a file system file, a blob or a storage file.
The source is interpreted according to following rules:
1) When either file pattern option /Pattern or
recursive mode option /S is specified,
the source will be interpreted to a directory.
2) When both file pattern option /Pattern and
recursive mode option /S are not specified,
the source can be a single file or a directory.
In this case, AzCopy will choose an existing
location as the source, if the source is both
an existing file and an existing directory,
the source will be interpreted to a single file.
/Dest:<destination> Specifies the destination to copy to.
The destination can be a directory including:
a file system directory, a blob container,
a blob virtual directory, a storage file share,
a storage file directory, or an Azure table.
The destination can also be a single file including:
a file system file, a blob or a storage file.
The destination is interpreted according to following rules:
1) When source is a single file, destination
is interpreted as a single file.
2) When source is a directory, destination
is interpreted as a directory.
/SourceKey:<storage-key> Specifies the storage account key for the
source resource.
/DestKey:<storage-key> Specifies the storage account key for the
destination resource.
/SourceSAS:<SAS-Token> Specifies a Shared Access Signature with READ and LIST permissions for the source (if
applicable). Surround the SAS with double
quotes, as it may contains special command-line
characters.
The SAS must be a Container/Share/Table SAS, or
an Account SAS with ResourceType that includes
Container.
If the source resource is a blob container,
and neither a key nor a SAS is provided, then
the blob container will be read via anonymous
access.
If the source is a file share or table, a key or
a SAS must be provided.
/DestSAS:<SAS-Token> Specifies a Shared Access Signature (SAS) with
READ and WRITE permissions for the
destination (if applicable). When /Y is
specified, and /XO /XN are not specified, the SAS
can have only WRITE permission for the operation
to succeed.
Surround the SAS with double quotes, as it may
contains special command-line characters.
The SAS must be a Container/Share/Table SAS, or
an Account SAS with ResourceType that includes
Container.
If the destination resource is a blob container,
file share or table, you can either specify this
option followed by the SAS token, or you can
specify the SAS as part of the destination blob
container, file share or table’s URI, without
this option.
This option is not supported when asynchronously
copying between two different types of storage
service or between two different accounts.
/V:[verbose-log-file] Outputs verbose status messages into a log
file.
By default, the verbose log file is named
AzCopyVerbose.log in
%LocalAppData%\Microsoft\Azure\AzCopy. If you
specify an existing file location for this
option, the verbose log will be appended to
that file.
/Z:[journal-file-folder] Specifies a journal file folder for resuming an
operation.
AzCopy always supports resuming if an
operation has been interrupted.
If this option is not specified, or it is
specified without a folder path, then AzCopy
will create the journal file in the default
location, which is
%LocalAppData%\Microsoft\Azure\AzCopy.
Each time you issue a command to AzCopy, it
checks whether a journal file exists in the
default folder, or whether it exists in a
folder that you specified via this option. If
the journal file does not exist in either
place, AzCopy treats the operation as new and
generates a new journal file.
If the journal file does exist, AzCopy will
check whether the command line that you input
matches the command line in the journal file.
If the two command lines match, AzCopy resumes
the incomplete operation. If they do not match,
you will be prompted to either overwrite the
journal file to start a new operation, or to
cancel the current operation.
The journal file is deleted upon successful
completion of the operation.
Note that resuming an operation from a journal
file created by a previous version of AzCopy
is not supported.
/@:<parameter-file> Specifies a file that contains parameters.
AzCopy processes the parameters in the file
just as if they had been specified on the
command line.
In a response file, you can either specify
multiple parameters on a single line, or
specify each parameter on its own line. Note
that an individual parameter cannot span
multiple lines.
Response files can include comments lines that
begin with the # symbol.
You can specify multiple response files.
However, note that AzCopy does not support
nested response files.
/Y Suppresses all AzCopy confirmation prompts.
/NC:<number-of-concurrent> Specifies the number of concurrent operations.
AzCopy by default starts a certain number of
concurrent operations to increase the data
transfer throughput.
Note that large number of concurrent operations
in a low-bandwidth environment may overwhelm
the network connection and prevent the
operations from fully completing. Throttle
concurrent operations based on actual available
network bandwidth.
The upper limit for concurrent operations is
512.
## ## Options – Applicable for Blob and Table Service Operations ##
##
/SourceType:<blob | table> Specifies that the source resource is a blob
or table available in the local development
environment, running in the storage emulator.
/DestType:<blob | table> Specifies that the destination resource is a
blob or table available in the local
development environment, running in the
storage emulator.
## ## Options – Applicable for Blob and File Service Operations ##
##
/S Specifies recursive mode for copy operations.
The /S parameter is only valid when the
source is a directory.
In recursive mode, AzCopy will copy all blobs
or files that match the specified file
pattern, including those in subfolders.
/Pattern:<file-pattern> Specifies a file pattern that indicates which
files to copy.
The behavior of the /Pattern parameter is
determined by the location of the source data,
and the presence of the recursive mode option.
The /Pattern parameter is only valid when the
source is a directory.
Recursive mode is specified via option /S.
If the specified source is a directory in
the file system, then standard wildcards are
in effect, and the file pattern provided is
matched against files within the directory.
If option /S is specified, then AzCopy also
matches the specified pattern against all
files in any subfolders beneath the directory.
If the specified source is a blob container or
virtual directory, then wildcards are not
applied. If option /S is specified, then AzCopy
interprets the specified file pattern as a blob
prefix. If option /S is not specified, then
AzCopy matches the file pattern against exact
blob names.
If the specified source is an Azure file share,
then you must either specify the exact file
name, (e.g. abc.txt) to copy a single file, or
specify option /S to copy all files in the
share recursively. Attempting to specify both a
file pattern and option /S together will result
in an error.
AzCopy uses case-sensitive matching when the
/Source is a blob, blob container or blob virtual
directory, and uses case-insensitive matching
in all the other cases.
The default file pattern used when no file
pattern is specified is *.* for a file system
location or an empty prefix for an Azure
Storage location.
Specifying multiple file patterns is not
supported.
/CheckMD5 Calculates an MD5 hash for downloaded data and
verifies that the MD5 hash stored in the blob
or file’s Content-MD5 property matches the
calculated hash. The MD5 check is turned off by
default, so you must specify this option to
perform the MD5 check when downloading data.
Note that Azure Storage doesn’t guarantee that
the MD5 hash stored for the blob or file is
up-to-date. It is client’s responsibility to
update the MD5 whenever the blob or file is
modified.
AzCopy always sets the Content-MD5 property for
an Azure blob or file after uploading it to the
service.
/L Specifies a listing operation only; no data is
copied.
AzCopy will interpret the using of this option as
a simulation for running the command line without
this option /L and count how many objects will
be copied, you can specify option /V at the same
time to check which objects will be copied in
the verbose log.
The behavior of this option is also determined by
the location of the source data and the presence
of the recursive mode option /S and file pattern
option /Pattern.
When using this option, AzCopy requires LIST and READ
permission of the source location if source is a directory,
or READ permission of the source location if source
is a single file.
/MT Sets the downloaded file’s last-modified time
to be the same as the source blob or file’s.
/XN Excludes a newer source resource. The resource
will not be copied if the source is the same
or newer than destination.
/XO Excludes an older source resource. The resource
will not be copied if the source resource is the
same or older than destination.
/A Uploads only files that have the Archive
attribute set.
/IA:[RASHCNETOI] Uploads only files that have any of the specified attributes set.
Available attributes include:
R Read-only files
A Files ready for archiving
S System files
H Hidden files
C Compressed file
N Normal files
E Encrypted files
T Temporary files
O Offline files
I Not content indexed Files
/XA:[RASHCNETOI] Excludes files from upload that have any of the specified attributes set.
Available attributes include:
R Read-only files
A Files ready for archiving
S System files
H Hidden files
C Compressed file
N Normal files
E Encrypted files
T Temporary files
O Offline files
I Not content indexed Files
/SyncCopy Indicates whether to synchronously copy blobs
or files among two Azure Storage end points.
AzCopy by default uses server-side
asynchronous copy. Specify this option to
download the blobs or files from the service
to local memory and then upload them to the
service.
/SyncCopy can be used in below scenarios:
1) Copying from Blob storage to Blob storage.
2) Copying from File storage to File storage.
3) Copying from Blob storage to File storage.
4) Copying from File storage to Blob storage.
/SetContentType:[content- type] Specifies the content type of the destination
blobs or files.
AzCopy by default uses
“application/octet-stream” as the content type
for the destination blobs or files. If option
/SetContentType is specified without a value
for “content-type”, then AzCopy will set each
blob or file’s content type according to its
file extension. To set same content type for
all the blobs, you must explicitly specify a
value for “content-type”.
## ## Options – Only applicable for Blob Service Operations ##
##
/BlobType:<page | block
| append> Specifies whether the destination blob is a
block blob, a page blob or an append blob.
If the destination is a blob and this option
is not specified, then by default AzCopy will
create a block blob.
/Delimiter:<delimiter> Indicates the delimiter character used to
delimit virtual directories in a blob name.
By default, AzCopy uses / as the delimiter
character. However, AzCopy supports using any
common character (such as @, #, or %) as a
delimiter. If you need to include one of these
special characters on the command line, enclose
it with double quotes.
This option is only applicable for downloading
from an Azure blob container or virtual directory.
/Snapshot Indicates whether to transfer snapshots. This
option is only valid when the source is a
blob container or blob virtual directory.
The transferred blob snapshots are renamed in
this format: [blob-name] (snapshot-time)
[extension].
By default, snapshots are not copied.
## ## Options – only applicable for Table Service Operations ##
##
/PKRS:<“key1#key2#key3#…”> Splits the partition key range to enable
exporting table data in parallel, which
increases the speed of the export operation.
If this option is not specified, then AzCopy
uses a single thread to export table entities.
For example, if the user specifies
/PKRS:”aa#bb”, then AzCopy starts three
concurrent operations.
Each operation exports one of three partition
key ranges, as shown below:
[<first partition key>, aa)
[aa, bb)
[bb, <last partition key>]
/SplitSize:<file-size> Specifies the exported file split size in MB.
If this option is not specified, AzCopy will
export table data to single file.
If the table data is exported to a blob, and
the exported file size reaches the 200 GB limit
for blob size, then AzCopy will split the
exported file, even if this option is not
specified.
/EntityOperation:<InsertOrSkip
| InsertOrMerge
| InsertOrReplace> Specifies the table data import behavior.
InsertOrSkip – Skips an existing entity or
inserts a new entity if it does not exist in
the table.
InsertOrMerge – Merges an existing entity or
inserts a new entity if it does not exist in
the table.
InsertOrReplace – Replaces an existing entity
or inserts a new entity if it does not exist
in the table.
/Manifest:<manifest-file> Specifies the manifest file name for the table
export and import operation.
This option is optional during the export
operation, AzCopy will generate a manifest file
with predefined name if this option is not
specified.
This option is required during the import
operation for locating the data files.
/PayloadFormat:<JSON | CSV> Specifies the format of the exported data file.
If this option is not specified, by default
AzCopy exports data file in JSON format.
#10 – Import data in a local folder to a new table
AzCopy /Source:D:\test\
/Dest:https://myaccount.table.core.windows.net/mytable1/ /DestKey:key
/Manifest:”myaccount_mytable_20140103T112020.manifest”
/EntityOperation:InsertOrReplace
Follow AzureCAT and SQLCAT on Twitter
Cloud and Datacenter Management Blog 