#azure (2021-04)

azure

Archive: https://archive.sweetops.com/azure/

2021-04-01

Pierre-Yves avatar
Pierre-Yves
OpenHack: Containers was issued by Microsoft OpenHack to pierre-yves verdon.

Earners of the OpenHack: Containers badge have a fundamental understanding of leveraging Microsoft Azure Kubernetes Service to containerize an application and move it to the cloud. They know and have demonstrated the correct application of the principal features of these Azure technologies by preparing a cluster for production.

2021-04-26

oskar avatar

Has anybody gone the “official” MS way with CAF and this terraform module?

oskar avatar
aztfmod/terraform-azurerm-cafattachment image

Base terraform module for the landing zones on Terraform part of Microsoft Cloud Adoption Framework for Azure - aztfmod/terraform-azurerm-caf

oskar avatar

If not - how are you going about the “admin repo ring” vs the “application repo rings” (subscription management, preparing tf state backends?) in your case?

oskar avatar

I have a feeling that CAF in general and / or the the terraform module implementing it might be “overengineering” even for bigger orgs.

oskar avatar

Any thoughts?

Pierre-Yves avatar
Pierre-Yves

sorry but your question is not very clear, does your question is about single repos vs multiple repos to manage azure resources and terraform state ?

oskar avatar

Hi there - not really - it’s more about CAF

oskar avatar

and if anyone is following Microsoft’s best practices there.

oskar avatar

Especially as there are terraform modules for it.

oskar avatar
Azure/terraform-azurerm-caf-enterprise-scaleattachment image

Terraform Module for Cloud Adoption Framework Enterprise-scale - Azure/terraform-azurerm-caf-enterprise-scale

oskar avatar

Essentially I’m just curious if anyone is using these modules and how it went so far.

Pierre-Yves avatar
Pierre-Yves

I just discovered them when you posted them ! it’s a great source of inspiration ;)

Pierre-Yves avatar
Pierre-Yves

not sure how to use it as it is by example the service_health_alerts use a provider azurecaf

terraform {
  required_providers {
    azurecaf = {
      source = "aztfmod/azurecaf"
    }
  }
}

and then has dedicated resource resource “azurecaf_name” “ag1_name” {} https://github.com/aztfmod/terraform-azurerm-caf/blob/master/modules/monitoring/service_health_alerts/main.tf

I have found azure_caf on the terraform registry and it has 129k download … https://registry.terraform.io/providers/aztfmod/azurecaf/latest

aztfmod/terraform-azurerm-cafattachment image

Base terraform module for the landing zones on Terraform part of Microsoft Cloud Adoption Framework for Azure - aztfmod/terraform-azurerm-caf

2021-04-27

2021-04-28

Pierre-Yves avatar
Pierre-Yves

Hello, did one of you use https://promitor.io/ ? it’s a gateway to send azure monitor metrics to prometheus ..

Promitor - Bringing Azure Monitor metrics where you need them

Bringing Azure Monitor metrics where you need them.

geertn avatar

Yep

Promitor - Bringing Azure Monitor metrics where you need them

Bringing Azure Monitor metrics where you need them.

geertn avatar

Just implemented a Proof of Concept with it.

Pierre-Yves avatar
Pierre-Yves

nice !! , what was your though about it ?

Pierre-Yves avatar
Pierre-Yves

I want to monitor my azure loadbalancer, vault etc with it

geertn avatar

I was troublesome to get it working, documentation seems out of date and is inconsistent. I’m using the discovery agent as well.

geertn avatar

But now it’s working I’m happy with it.

geertn avatar

I’m monitoring AKS, API management and AKS Load Balancer with it

Pierre-Yves avatar
Pierre-Yves

it discover Azure monitor probes ? or resources ? how does it get the prometheus port

i use prometheus azure_sd to discover resource to monitor based on tag with by example:

• node_exporter=true

• windows_exporter=true

• haproxy_exporter =true

Pierre-Yves avatar
Pierre-Yves

ha I see promitor resource discovery is only for Kub !

geertn avatar

The RD discovers Azure resources based on filters, eg:

- name: aks_vmss
  type: VirtualMachineScaleSet
  criteria:
    include:
      regions:
      - westeurope
- name: apimanagement
  type: ApiManagement
  criteria:
    include:
      regions:
      - westeurope
      - northeurope
Pierre-Yves avatar
Pierre-Yves

ok I see

geertn avatar

And then you configure Promitor to query that RD group, eg:

  - name: aks_vmss_cpuload
    description: "Percentage CPU"
    resourceType: VirtualMachineScaleSet
    azureMetricConfiguration:
      metricName: "Percentage CPU"
      aggregation:
        type: Average
    resourceDiscoveryGroups:
    - name: aks_vmss
Pierre-Yves avatar
Pierre-Yves

understood

geertn avatar

Some things I don’t like:

• By default the pods run as root (need to fix that before it is promoted beyond a poc)

• You need to explicitly specify which metric you want to scrape, it doesn’t discover all metrics available

• Log settings seem to be buggy

• Error / warnings are not descriptive

Pierre-Yves avatar
Pierre-Yves

well first I will use the “Promitor Scraper” but not the discovery

geertn avatar

Good luck! Let me know if you get stuck

    keyboard_arrow_up