Azure on Beneath Abstraction

Running Sidecar Containers in Azure App Service: An experiment with Dapr

Sat, 16 Nov 2024 10:43:40 +1100

Running Sidecar Containers in Azure App Service: An experiment with Dapr

Today I decided to try Azure App Service’s new ability to run sidecar containers.
My goal, To create a simple .NET API, run it in Azure App Service, and pair it with Dapr as a sidecar container and use it for state management. Locally, Dapr would connect to a local Redis docker container, and once deployed to Azure, it would seamlessly switch to Azure Cache for Redis.

Simplified Microservice Deployment with Azure Container Apps and Dapr

Mon, 07 Oct 2024 21:45:08 +1000

Introduction

In this blog post we look into a scalable and flexible platform to run microservices on Azure without the complexity of managing infrastructure. Azure Container Apps allows you to run containerized microservices and integrating Dapr (Distributed Application Runtime) can simplify the communication between services, manage state, and handle pub/sub messaging. This blog also shows how to set up Azure Container Apps, and how to deploy Dapr-enabled microservices that communicate with each other.

Configuring Azure Application Gateway for API Management Traffic Routing

Sat, 02 Dec 2023 14:00:48 +1100

Introduction

Azure Application Gateway provides a powerful solution for load balancing, SSL termination, and URL-based routing. In this blog post, we will discuss a common scenario where we need to forward traffic to two different Azure API Management instances based on the incoming URL, distinguishing between non-production and production environments.

Problem Statement

Consider a scenario where you have two separate instances of Azure API Management (Sku: any non consumption tier): one for non-production/testing (nonprod) and the other for production (prod). The requirement is to route incoming traffic through an Azure Application Gateway, forwarding requests to the appropriate API Management instance based on the path specified in the URL. Specifically, requests with the path /nonprod/* should be directed to the non-production API Management instance, while requests without this path should be forwarded to the production instance.

Exposing Azure Storage container via SFTP

Mon, 13 Jun 2022 12:05:53 +1000

Context

While most of the application integration patterns are moving towards real-time, near-real-time and stream based solutions, there are still requirement to have batch file based data movement. These requirements are often for reporting or data warehousing scenario or while integrating with a legacy system. While there are many products that help setup SFTP server, Azure was missing a SaaS offering for hosted SFTP server, like Amazon’s AWS Transfer on top of S3. To host SFTP in Azure the customer has to setup their own SFTP workload either using a VM hosting an SFTP server and mounting the blob storage as a VM disk or hosting the SFTP server as a container on services like ACI and mounting the storage account. While hosting an SFTP VM is not a complex task, but it adds to the organization’s maintenance list, to keep it up and running, securing it and patching updates while maintaining uptime.

Client Certificate authentication using Azure API Management

Sun, 27 Feb 2022 20:03:08 +1100

Introduction

APIs have become so popular that almost all websites and applications rely on APIs to get data from server. Often user impersonation is used to authenticate as well as authorize access to the resource exposed by an API, but there are also use cases where application itself needs data from an API for functioning. Currently the most used authentication mechanism is OAuth, where identity management is performed by a third provider and both the client and resource server trusts this identity provider. While this works well, there is also another way to authenticate when the interaction is purely machine to machine, and works based on SSL certificates and is called Client Certificate Authentication.

Cloning a Azure Function App

Thu, 10 Feb 2022 14:22:48 +1100

Recently I had a requirement to make a copy of a Function App from the production version to support a POC implementation of an solution upgrade.

One option was to deploy the Release branch which had the version same as in PROD (we already made updates to that function app post release, so DEV was already a lot of commits ahead). The challenge with this approach was, since we did not had a hotfix release, there were no Pipelines setup for Release branch. So we had to setup a pipeline, give the pipeline service account access to the POC resource group, then actually triggering the deployment.

Policy Execution in Azure APIM.

Wed, 27 Oct 2021 18:50:46 +1100

What are APIM Policies?

APIM policies are statements executed by Azure APIM to modify the behavior of API request, response and exception flows. The logic/conditions written as part of the policies are executed at various stages of API execution like, request received (inbound), before request sent to backend service/API (backend), before sending response to requester (outbound) and in case of any exceptions during the request processing (on-error). Policies are defined as an XML format with different tag to define the execution stage and the actual policy.

Move azure resources between resource groups

Tue, 12 Oct 2021 17:20:59 +1100

Problem

While working with Azure cloud platform, often there will be instances where resources needs moving across resource groups for maintenance reasons or because of re-organising of products. There might even cases where the resource may need to be moved across subscriptions.

Solution

In Azure resources can be moved across resource groups from the portal UI or Azure CLI or powershell or from the rest APIs. Moving the resource using the portal UI is as easy as going through a wizard like steps and clicking finish at the end of it. The process also validates if the resource can be moved or not, for example an Azure SQL Database cannot be moved without moving the SQL Server instance, and when a SQL Server instance is moved across, all the databases gets moved automatically.

Deploying 'JUST' the modified ARM templates

Sun, 05 Sep 2021 10:00:46 +1000

Problem

The project has a bunch of ARM templates as part of IAC scripts and more often only couple, if not few templates get modified. But when deploying using Azure pipeline all the templates gets deployed. Even though ARM template deployment support incremental mode, if a templates is deployed with exact same properties, the resource gets recreated. The project does not want to recreate all the templates when only a few are changed. Currently there is no out-of-the-box tasks that support this behavior (or I could not find any). Deployment Mode Reference

Identity in Microsoft Azure - Modern Authentication

Sun, 01 Aug 2021 18:06:02 +1000

Introduction

Continuing from the previous post, the new generation of authentication mechanism was created to satisfy the new generation of application, starting from apps that run just in the browser to apps that run on micro-controllers. This new generation of authentication mechanism called as the modern authentication protocols are built on top of the OAuth protocol and taking inspiration from SAML. In the below article the term IDP refers to the Identity provider, the external service that is responsible for authenticating a user and issuing authorization tokens. This service is both trusted by the client app as well as the resource api.

Identity in Microsoft Azure - A bit of history

Sat, 24 Jul 2021 19:16:16 +1000

Introduction

Authentication has been an important component in the world of IT from the time companies required their employees to prove their identity to use the company’s computing resources whether it was to execute its business processes or accessing email or file. During the earlier days employees used to login to their computers using a username and password, which was stored in a central server like an active directory (in case of Microsoft tech stack). With the active directory credentials employees where able to use to login to both their windows computers as well as the email application both of which were in the same network. This approach worked well for many years until the softwares and services that the companies used where no longer within their network.
While active directory protocols like NTLM or Kerberos could work across external networks via technologies like VPN it was complex to setup and maintain such an infrastructure while keeping all the connection secure and stable. Also with growing number of users/services and the pace at which the growth occurred, these technologies were not designed to scale at that pace. Hence new Authentication mechanisms were needed.

Cloud Resume Challenge - Azure Serverless

Mon, 28 Jun 2021 10:18:48 +1100

I recently came across the site https://cloudresumechallenge.dev/ and decided to give it a try using Azure services. To start simple I decided to ignore the DB, CDN part etc and just have the the UI and the middler layer of the app. Below is the high level architecture.

The front end of the app will be hosted a static web site in Azure Blob storage. Backend will be an Azure function that will feed the resume data to the frontend over HTTP, the azure function will be a HTTP triggered function. Currently the resume data in JSON format hardcoded in the Azure Function code. As an upgrade to the app, the JSON data can be moved to a CosmosDB instance and put an Azure CDN in front of the UI to deliver content fast to users.

Implementing Custom Feature flags - Your own logic to shutoff a feature - Azure App Configuration

Tue, 22 Jun 2021 10:18:48 +1100

This is a continuation from the previous article on feature flags implemented using Azure App configuration service to maintain the flags. Just to reiterate, feature management can be implemented using config files but this article is trying to implement feature flags connecting to Azure App configuration service.

Introduction

The previous article described about implementing a boolean feature flag to turn on/off a feature. In this article I am trying to implement a custom feature flag. Microsoft provides few predefined custom feature flags or feature filters (as they are called) Targeting, TimeWindow, and Percentage (more about it here), which covers most usecases, however, there might be situations where you find the predefined ones falling short. In this article I am building a filter ground up with a made up custom logic.

Implementing Feature flags using azure

Sun, 16 May 2021 10:00:48 +1100

Feature flag is a very popular practice in modern application development, which is used to specifically hide features implemented that are not yet ready to be used by wider audience, and when ready can be enabled by a flip of a switch. The flags can also be used as a kill switch for application feature when it not working as expected.

With feature flags implemented, it would be effective to have the features enabled or disabled from a location outside of the application infrastructure or configuration, this way we can have features spanning across applications be controlled via a centralized flag. Azure has feature management as part of the Azure App configuration service which can manage feature flags and maintain it separate from your hosting model and will act as a centralized repository for feature flags. Microsoft also provides libraries for different programing languages to consume Azure App Configuration service. More about it can be found here

Azure for integration and process automation

Sun, 21 Jun 2020 18:52:19 +1100

Problem

Businesses run on multiple applications and services, how well the business runs is often impacted on how efficiently data is distributed to the correct task. Automating this flow of data is a way to streamline the business. The problem here is to choose the right technology for this data integration and process automation.

Objective

This article is describing the azure technologies that are available during time of writing to solve the business need.