Raju RH

If you are a Developer/Architect using Visual Studio as IDE for your development activities, this blog post will be of your interest. During the Ignite 2021 conference, Microsoft released Visual Studio 2019 v16.9 and v16.10 Preview 1. As part of version 16.10 Preview 1, one of the cool features they introduced is to "Remove Unused References..." for any Projects and Nuget packages that are not in use. At the time of writing this blog post, we have Visual Studio Version 16.10.0 (official release) which includes this new feature.  As part of development, we generally get carried away and introduce new Nuget package references to your project and add new references to your Projects. By the end of development, you will not be 100% sure which are not being referenced and unused which means you will leave those unused project references in your application. Now you might be wondering what's the big deal in it since it doesn't harm. The advantage of removing unused project r

In this blog post, let's see how to recover an accidentally deleted Azure App Service (Web App). If you hear someone saying they have accidentally deleted any Azure service and want to restore it, it gives an indication they are lacking best practices and patterns in their cloud environment. One such pattern is described in my previous blog post named Resource Lock and if you haven't still read it, highly recommend having a look at it.  Within your Azure App Service, you will have multiple hosting capabilities like Web API, Static website, Front end application, Container-based solution.  Facts to know: At this point in time, the options to restore your App Service are through PowerShell or Azure CLI, and no option available through Azure Portal. I would recommend going with PowerShell because Azure CLI is still in preview and under development Only sites deleted in the past 30 days can be restored.  Restore is not supported if the deleted app was in Free or Shared SKU Restor

Azure Resource Locking feature helps to prevent deletion and modification of Azure Resources on which the lock is been applied. Now you might be wondering how it's different and advantages compared to Azure RBAC (Role-Based Access Control)? RBAC is used as the first line of defense against restricting access to Azure Resources. Using RBAC you can restrict access to resources and resource actions. RBAC alone will not be sufficient across all environments especially from the Test environment onwards. RBAC and Resource lock doesn't conflict with each other rather they complement and should be applied as standard practice/pattern across all your Azure Subscriptions in your organization.  Assume you are an Administrator, which means you have full access to all your resources. With Resource Lock applying it provides a way for administrators to lock down Azure resources to prevent deletion and modification of a resource. Resource lock applies to all users regardless of their roles. Th

In Microsoft Ignite (March) 2021 there were several new announcements made by different product teams (e.g. Data, AI, etc.) within Azure. As part of today's blog post, I am going to cover one such announcement made by the CosmosDB team - Continuous backup with the point in time restore capability which is in public preview now.   Prior to this new feature announcement now you might be wondering what was the option for CosmosDB backup? Until this new announcement made the option we had was Periodic backup mode where the backup is taken at a periodic interval which will be defined by the end-user. The minimum backup interval can't be less than one hour. Unfortunately, with Periodic back up you can’t access the backup by yourself. You’d need to raise a support request/ticket with the Microsoft team, who would then perform the backup for you. Another option was implementing custom implementation by yourself which comes with Time, Cost, and Effort.  By using Continuous backup, you

In this blog post, we will see one of the ways to secure your Azure Functions using API keys. Security plays a key role as part of SDLC (Software Development Life Cycle) doesn't matter whether it's exposed to the client/public or even if it's internal. There are multiple ways to secure your Azure Functions like API Keys, Certificate,  API Mgmt, App Service Authentication, etc. If you are new to the Cloud and Azure Functions but want to make a start with minimal effort and less setup of Infrastructure, then API Keys is the ideal choice. Azure Functions allows you to secure HTTP-triggered functions by API access key in the request. As part of creating new Azure Functions, we can select the Authorization Level enum value. If we set the Authorisation level to  Anonymous,  no security applied which means no authentication applied for the endpoint. Authorization Level - Function By setting the Authorisation level to Function each Azure Functions require a specific API key to Auth

In this blog post, we will see if you have an existing or new Kubernetes cluster with Ingress resources how do we auto-renew the certificates. If it's not auto-renewed things need to be manually done e.g. every three months you have to renew certificates, delete the expired certificate and secret, update with new certificate secrets accordingly.  Manual is always tedious and not an ideal solution especially for your Test & Production environment.  Pre-requisites Install and setup kubectl Install and setup Helm Kubernetes cluster already provisioned with Ingress resources. Note: The scope of the blog post is to show how the certificate renewal process can be automated, the same logic can be moved to your Deployment pipelines. Install Cert Manager Installing Cert-Manager CRDs using the below command. #For Kubernetes 1.15+ kubectl apply --validate = false \ -f https://github.com/jetstack/cert-manager/releases/download/v1.

Azure App Configuration is a cloud-based managed service that helps developers and infrastructure team members to centralize and manage application configurations and feature flags. Using Azure App Configuration helps to separate application configuration from code. One of the  Twelve-Factor App  principles states  strict separation of config from code  with Azure App configuration this can be easily achieved. Azure App Configuration is now generally available as a free or paid service based on the  pricing  tier you choose as part of provisioning the service.  In the modern world, applications often can run in different geographical locations, can be hosted on services like App Services, virtual machines, Serverless functions, Azure Container Instance, AKS, etc. Managing application configuration for all this type of service can be done in a centralized location using App configuration which means your operations and support team members need not go to N number of places to look for a

In this blog post, we will see how to send logs and metrics for the Azure Key Vault which can be used for auditing. Azure Key Vault Overview Azure Key Vault provides a way to store securely keys, secrets, and certificates in a centralized location. Key Vault greatly reduces the chances of secrets being accidentally leaked, by simplified administration of application secrets. Azure Key Vault solution is not just for Cloud Solutions it can be integrated with on-premise as well. Integration with other Azure services is simplified with a managed identity. Azure Key Vault is not just only for Application secrets (Development) it goes well with Infrastructure team like DevOps where Passwords, Certificate, etc can be managed related to Infrastructure additionally Integration with Azure DevOps makes it more powerful. Things that can go in your vaults are: Application secrets  Connection strings API keys Tokens Passwords etc Certificates Encryption Keys Audit Enabling on Key V

In this blog post, we will see how to purge container images from Azure Container Registry (ACR). Till recent time most of them would have written custom PowerShell or bash script and run it to clean (purge) ACR container images. Recently Microsoft introduced a new preview feature to automatically purge images based on filters, duration, and untagged manifests. Additionally, this new preview feature supports to run on-demand or on a schedule using CRON expression. In my current project, our delivery team is committing code several times a day. This automatically triggers a CI pipeline from which images are automatically built and pushed into ACR. Most of them would be going through the same journey. In this situation using this new preview feature, helps to keep ACR clean and not worrying about the Container registry getting bloated with images.  Both on-demand or schedule will make use of acr purge command. ACR purge is designed to run as a container command in an A