Carlos Mendible

After years talking about Kubernetes, Dapr and KEDA, it’s time to run our microservices and containerized applications on a true serverless platform: Azure Containers Apps. In this session you’ll learn: Basic concepts: environments, containers and revisions. The benefits of built-in support for Dapr & KEDA How to use managed identities. How to secure and monitor your platform Fast Forward the video to: 4:24:00

When you deploy an Azure Kubernetes Service with a node pool composed by spot virtual machines, you are running a cluster with the risk of losing nodes based on the configuration you set. Eviction may occur based on capacity or max price. In this post I’ll show you how to deploy an AKS cluster with such configuration and simulate a node eviction. The exercise will help you understand the resiliency of your solution and how to query related events with log analytics.

When deploying an AKS cluster, even if you configure RBAC or AAD integration, local accounts will be enabled by default. This means that, given the right set of permitions, a user will be able to run the az get-credentials command with the --admin flag which will give you a non-audtibale access to the cluster.

One question I often get from by my customers is how to use Azure Active Directroy to protect their Node.js or .NET APIs. Every single time I answer by redirecting them to this amazing post (Proteger una API en Node.js con Azure Active Directory), written in spanish, by my friend and peer Gisela Torres (0gis0).

Azure Database for MySQL Flexible Server allows configuring high availability with automatic failover. With Zone-redundant HA your service has redundancy of infrastructure across multiple availability zones. Zone-redundant HA is preferred when you want to achieve the highest level of availability against any infrastructure failure in the availability zone and when latency across the availability zone is acceptable.

Azure Cache for Redis supports zone redundancy in its Premium and Enterprise tiers. A zone-redundant cache runs on VMs spread across multiple Availability Zones. It provides higher resilience and availability. Today I’ll show hot to test the failover of a zone-redundant cache. Deploy Azure Cache for Redis with availability zones # Create a main.tf file with the following content: # terraform { required_version = "> 0.14" required_providers { azurerm = { version = "= 2.57.0" } random = { version = "= 3.1.0" } } } provider "azurerm" { features {} } # Location of the services variable "location" { default = "west europe" } # Resource Group Name variable "resource_group" { default = "redis-failover" } # Name of the Redis cluster variable "redis_name" { default = "redis-failover" } resource "random_id" "random" { byte_length = 8 } resource "azurerm_resource_group" "rg" { name = var.resource_group location = var.location } resource "azurerm_redis_cache" "redis" { name = "${var.redis_name}-${lower(random_id.random.hex)}" location = azurerm_resource_group.rg.location resource_group_name = azurerm_resource_group.rg.name capacity = 2 family = "P" sku_name = "Premium" enable_non_ssl_port = true minimum_tls_version = "1.2" redis_configuration { } zones = ["1", "2"] } resource "azurerm_log_analytics_workspace" "logs" { name = "redis-logs" location = azurerm_resource_group.rg.location resource_group_name = azurerm_resource_group.rg.name sku = "PerGB2018" retention_in_days = 30 } resource "azurerm_monitor_diagnostic_setting" "monitor" { name = lower("extaudit-${var.redis_name}-diag") target_resource_id = azurerm_redis_cache.redis.id log_analytics_workspace_id = azurerm_log_analytics_workspace.logs.id metric { category = "AllMetrics" retention_policy { enabled = false } } log { category = "ConnectedClientList" enabled = false retention_policy { days = 0 enabled = false } } lifecycle { ignore_changes = [metric] } } output "redis_name" { value = azurerm_redis_cache.redis.name } output "redis_host_name" { value = azurerm_redis_cache.redis.hostname } output "redis_primary_access_key" { value = azurerm_redis_cache.redis.primary_access_key sensitive = true } Note: the zones are specified: zones = ["1", "2"], making the cache zone-redundant.