Azure Archives - Page 2 of 24

Posted on March 7, 2024March 14, 2024 by geralexgr — Leave a comment

Optimise Azure Costs with Advisor Recommendations

Microsoft Advisor can be a powerful tool for your Azure subscription because it automatically suggest you various changes in your infrastructure based on specific pillars like Cost, Security, Reliability, Performance etc. This means that you can easily eliminate costs by following some of the findings that are automatically generated.

A sample scenario is my virtual machine that I created some time ago with SKU E2as_v5. I selected the specific type because the application that I had to install inside the server was requesting such specs but this is not the case at all. As I was looking at the recommendations, I saw a note to downscale my virtual server as it seems under utilized.

Specifically it was mentioned to downscale for D2as_v5 SKU which used 8GB RAM instead of 16GB it is cheaper and it is a general purpose VM and not Memory Optimized.

In order to downscale one should go in the virtual machine and under size select the new SKU and press resize.

But how can I be sure that the performance will be adequate and the virtual machine will perform as needed? By looking at the statistics below, I noticed that the CPU was steady and the available memory was constantly at 9GB. This means that it was heavily under utilized and the application although having minimum specs of 16GB in reality that was not accurate.

By monitoring the virtual machine after the change I can conclude that it is performing well and the original SKU was not calculated correctly.

Youtube video:

Posted on November 12, 2023November 12, 2023 by geralexgr — Leave a comment

Deploy azurerm function app with zip_deploy_file terraform

When you need to deploy code in a function app using terraform you can use the zip_deploy_file parameter. Using this you can specify a zip file that will be created from your committed code and by doing so you can dynamically deploy code using terraform.

The first thing that you will need to do is to create a folder with the code that you want to commit in the function_app. In my example I have the terraform files inside the aws and azure folders and in the same directory I have a folder called resources where the code is located. This code need to be deployed in the serverless function app.

Create a data archive_file with terraform and specify where your code is located. You should correctly point where the files are stored.

data "archive_file" "python_function_package" {  
  type = "zip"  
  source_file = "../resources/function.py" 
  output_path = "function.zip"
}

Then you should use the above data archive and use it along with zip_deploy_file.

resource "azurerm_linux_function_app" "functionapp" {
  name                = var.serviceplan_name
  resource_group_name = azurerm_resource_group.rg.name
  location            = azurerm_resource_group.rg.location

  storage_account_name       = azurerm_storage_account.sg.name
  storage_account_access_key = azurerm_storage_account.sg.primary_access_key
  service_plan_id            = azurerm_service_plan.serviceplan.id
  
  zip_deploy_file = data.archive_file.python_function_package.output_path
  app_settings              = "${var.app_settings}"

  site_config {
    application_stack {
        python_version = "3.10"
    }
  }

}

When you deploy your terraform code the function app will correctly upload the code in your infra component and you can check that by navigating inside the code on azure portal.

azurerm_linux_function_app | Resources | hashicorp/azurerm | Terraform | Terraform Registry

Posted on November 11, 2023November 11, 2023 by geralexgr — Leave a comment

Function Apps are not supported in Free and Shared plans. Please choose a different plan

When you use terraform and functions apps in azure you may end up with the below issue.

Creating Linux Function App: (Site Name "multicloud-serviceplan" / Resource
│ Group "multicloudrg"): web.AppsClient#CreateOrUpdate: Failure sending
│ request: StatusCode=400 -- Original Error: Code="BadRequest" Message="You
│ tried creating a function app in the 'Free' SKU. Function Apps are not
│ supported in Free and Shared plans. Please choose a different plan."
│ Details=[{"Message":"You tried creating a function app in the 'Free' SKU.
│ Function Apps are not supported in Free and Shared plans. Please choose a
│ different
│ plan.

The issue indicates that a Function app cannot be created using the Free tier F1 of the service plan.

In order to fix the issue you must select one of the additional plans Consumption, Premium or Dedicated.

In Consumption plan hosting, each function app typically runs in its own plan. In the Azure portal or in code, you may also see the Consumption plan referred to as Dynamic or Y1.

https://learn.microsoft.com/en-us/azure/azure-functions/consumption-plan

The details of each plans are described below.

https://learn.microsoft.com/en-us/azure/azure-functions/functions-scale?WT.mc_id=Portal-WebsitesExtension

The terraform issue will be resolved when you select Y1 instead of F1 which is the free tier.

Posted on September 14, 2023September 14, 2023 by geralexgr — Leave a comment

Access Managed Identity from container inside VM – Azure

Managed identity is the best practice regarding security when accessing resources on Azure. There are many ways you can use it for service to service communication. Sometimes though you can use nested managed identity in more complex scenarios like the one demonstrated below. In this guide we will enable managed identity on a virtual machine and we will access this managed identity within a container that runs on that specific virtual machine. This case can be useful in complex deployment scenarios where you have multiple containers inside a virtual machine and you want to deploy using managed identity on azure.

The first thing you will need is the system assigned managed identity on the virtual machine.

Then you can run your containers inside the virtual machine. In my case the containers are windows based as a result I will use the route print command to show the routing table.

Run the following Commands to expose the managed identity endpoint

$gateway = (Get-NetRoute | Where { $_.DestinationPrefix -eq '0.0.0.0/0' } | Sort-Object RouteMetric | Select NextHop).NextHop

$ifIndex = (Get-NetAdapter -InterfaceDescription "Hyper-V Virtual Ethernet*" | Sort-Object | Select ifIndex).ifIndex

New-NetRoute -DestinationPrefix 169.254.169.254/32 -InterfaceIndex $ifIndex -NextHop $gateway -PolicyStore ActiveStore # metadata API

After the successful add of the route the managed identity endpoint should be redirected in the gateway and from there you will be able to authenticate.

We can verify the procedure by executing a key vault managed identity secret retrieval.

$token = Invoke-WebRequest -Uri 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fvault.azure.net' -Headers @{Metadata="true"} -UseBasicParsing
$tokenvalue = ($token.Content | ConvertFrom-Json).access_token

Retrieve secret:

Invoke-WebRequest -Uri "https://test.vault.azure.net/secrets/testsecret/d9ce520dfdfdf4bdc9a41f5572069708c?api-version=7.3" -Headers @{Authorization = "Bearer $tokenvalue"} -UseBasicParsing

At last you can login using Managed Identity from the container using the powershell module.

References:

Co authored with Giannis Anastasiou @ Vivawallet