Posts

Azure Cosmos DB Continuous backup with point in time restore

In Microsoft Ignite (March) 2021 there were several new announcements made by different product teams (e.g. Data, AI, etc.) within Azure. As part of today's blog post, I am going to cover one such announcement made by the CosmosDB team - Continuous backup with the point in time restore capability which is in public preview now.   Prior to this new feature announcement now you might be wondering what was the option for CosmosDB backup? Until this new announcement made the option we had was Periodic backup mode where the backup is taken at a periodic interval which will be defined by the end-user. The minimum backup interval can't be less than one hour. Unfortunately, with Periodic back up you can’t access the backup by yourself. You’d need to raise a support request/ticket with the Microsoft team, who would then perform the backup for you. Another option was implementing custom implementation by yourself which comes with Time, Cost, and Effort.  By using Continuous backup, you

Authenticate Azure Functions - API Keys

Image
In this blog post, we will see one of the ways to secure your Azure Functions using API keys. Security plays a key role as part of SDLC (Software Development Life Cycle) doesn't matter whether it's exposed to the client/public or even if it's internal. There are multiple ways to secure your Azure Functions like API Keys, Certificate,  API Mgmt, App Service Authentication, etc. If you are new to the Cloud and Azure Functions but want to make a start with minimal effort and less setup of Infrastructure, then API Keys is the ideal choice. Azure Functions allows you to secure HTTP-triggered functions by API access key in the request. As part of creating new Azure Functions, we can select the Authorization Level enum value. If we set the Authorisation level to  Anonymous,  no security applied which means no authentication applied for the endpoint. Authorization Level - Function By setting the Authorisation level to Function each Azure Functions require a specific API key to Auth

Automate Certificate Issue and Renewal process - k8s cluster

Image
In this blog post, we will see if you have an existing or new Kubernetes cluster with Ingress resources how do we auto-renew the certificates. If it's not auto-renewed things need to be manually done e.g. every three months you have to renew certificates, delete the expired certificate and secret, update with new certificate secrets accordingly.  Manual is always tedious and not an ideal solution especially for your Test & Production environment.  Pre-requisites Install and setup kubectl Install and setup Helm Kubernetes cluster already provisioned with Ingress resources. Note: The scope of the blog post is to show how the certificate renewal process can be automated, the same logic can be moved to your Deployment pipelines. Install Cert Manager Installing Cert-Manager CRDs using the below command. #For Kubernetes 1.15+ kubectl apply --validate = false \ -f https://github.com/jetstack/cert-manager/releases/download/v1.

Azure App Configuration - How it's different from Azure Key Vault?

Image
Azure App Configuration is a cloud-based managed service that helps developers and infrastructure team members to centralize and manage application configurations and feature flags. Using Azure App Configuration helps to separate application configuration from code. One of the  Twelve-Factor App  principles states  strict separation of config from code  with Azure App configuration this can be easily achieved. Azure App Configuration is now generally available as a free or paid service based on the  pricing  tier you choose as part of provisioning the service.  In the modern world, applications often can run in different geographical locations, can be hosted on services like App Services, virtual machines, Serverless functions, Azure Container Instance, AKS, etc. Managing application configuration for all this type of service can be done in a centralized location using App configuration which means your operations and support team members need not go to N number of places to look for a

How to Audit - Azure Key Vault?

Image
In this blog post, we will see how to send logs and metrics for the Azure Key Vault which can be used for auditing. Azure Key Vault Overview Azure Key Vault provides a way to store securely keys, secrets, and certificates in a centralized location. Key Vault greatly reduces the chances of secrets being accidentally leaked, by simplified administration of application secrets. Azure Key Vault solution is not just for Cloud Solutions it can be integrated with on-premise as well. Integration with other Azure services is simplified with a managed identity. Azure Key Vault is not just only for Application secrets (Development) it goes well with Infrastructure team like DevOps where Passwords, Certificate, etc can be managed related to Infrastructure additionally Integration with Azure DevOps makes it more powerful. Things that can go in your vaults are: Application secrets  Connection strings API keys Tokens Passwords etc Certificates Encryption Keys Audit Enabling on Key V

Cleaning Azure Container Registry (ACR) on demand or schedule

Image
In this blog post, we will see how to purge container images from Azure Container Registry (ACR). Till recent time most of them would have written custom PowerShell or bash script and run it to clean (purge) ACR container images. Recently Microsoft introduced a new preview feature to automatically purge images based on filters, duration, and untagged manifests. Additionally, this new preview feature supports to run on-demand or on a schedule using CRON expression. In my current project, our delivery team is committing code several times a day. This automatically triggers a CI pipeline from which images are automatically built and pushed into ACR. Most of them would be going through the same journey. In this situation using this new preview feature, helps to keep ACR clean and not worrying about the Container registry getting bloated with images.  Both on-demand or schedule will make use of acr purge command. ACR purge is designed to run as a container command in an A

Immutable Storage for Azure Blob Storage

Image
Azure Blob Storage provides scalable, cost-efficient storage in the cloud. In general, Blob Storage holds organization data like back-ups, unstructured data, files, etc. With the Immutable Storage feature, it allows storing business-related information in the WORM (Write-Once-Read-Many) state. Immutable storage feature is available in all Azure public regions. Immutable storage feature is set at the container level through an Access policy. Policies apply to all the blobs in the container, can be applied either for the new or existing container and supports all blob tiers (hot, cold, and archive). Immutable storage supports two policy type: Time-based retention Legal hold Note: Immutable policy type can be applied either through Azure Portal or Azure CLI. You cannot delete or modify any files within the container when any one of the policy is enabled on the container. Immutable storage - Policy type