What's New in Azure for Developers
<<
Shifting Things to the Left
- Shift left = do things earlier in the dev process
- Testing
- Security
- Deployment
As developers, we have to learn more about security
Azure Virtual Networks 🔗
- Similar to a traditional network, but in Azure
- Address space, subnets
- VNets can be connected through VNet Peering
- Network Security Rules (NSGs) filter traffic to/from VNets
- Can be connected to an on-premises network using VPN Gateway
-
Private Endpoints bring Azure PaaS offerings into your VNet 🔗
- Optionally, make your own services available through PEs
- Private DNS for managed DNS services inside VNet
Limit network accessability of services to a minimum
Challenges
-
Limited knowledge about networking in dev teams
-
Traditionally, devs did not care so much about firewalls, proxies, routers, DNS, address ranges, etc.
-
-
Troubleshooting challenges
-
How to access resources not accessible via Internet?
-
VPN hard to get right especially in larger enterprises
-
Azure Bastion 🔗 might be a possible solution. Challenge: VMs
-
-
It is always DNS! 😅
Azure DNS Private Resolver 🔗
-
Query Azure DNS private zones from an on-premises environment and vice versa
-
Important for scenarios with Azure VNets, Private Endpoints, and Enterprise VPN Gateways
-
Previously: Manage your own DNS solution based on VMs
-
-
New solution is fully managed, no VMs needed
-
Currently in public preview
Demo
Time!
ssh rainer@20.101.140.92
dig rsmanagedstorage.blob.core.windows.net
# Returns public IP of storage
dig @10.0.200.4 rsmanagedstorage.blob.core.windows.net
# 10.0.200.4 is inbound interface of Private DNS Resolver
# Returns private IP of storage
sudo vim /etc/netplan/50-cloud-init.yaml
# add nameservers: addresses: [10.0.200.4]
sudo netplan apply
dig rsmanagedstorage.blob.core.windows.net
# Returns private IP of storageAzure Frontdoor
- Integrated Routing, CDN, and security solution
- Caching
- Web Application Firewall
- Reverse Proxy
- "Front door" to static and dynamic assets
- Premium tier support Private Endpoints
- Greatly simplified pricing 🔗
- Now affordable in even smaller projects
Demo
Time!
https://pingpong-fga4hxg0dfbghmdj.z01.azurefd.net/api/PingPong?name=Rainer
https://pingpong-fga4hxg0dfbghmdj.z01.azurefd.net/images/itv.gif
Workload identity federation 🔒🔑
Token Exchange
- Goal: Turn external JWT into AAD token
- Use AAD token to access AAD-protected Azure resources
- Examples: GitHub, Google Cloud, K8s
Demo
Time!
GitHub Actions -> Azure
- https://github.com/rstropek/ContainerAppsDemo/blob/main/.github/workflows/build-images.yaml
- Deploy container images to ACR
- Copy SPA static files into Azure Storage
Azure Container Apps
What is ACA?
Yet another container option?
- App Service
- Optimized for web sites and APIs
- Serverless, event-driven with Functions,
but Functions-specific programming model
- Container Instances
- Single pod, Hyper-V isolated containers on demand
- No scaling, load balancing, etc.
- Building block for other services (e.g. AKS virtual nodes)
- Kubernetes Service, Red Hat Open Shift
- Managed clusters
- Configured by customers
- Container Apps
- More general than App Service
- Less configuration/maintenance work than AKS
Feature Highlights
- VNet support
- Optional support for Dapr 🔗
- Any Linux-based x86-64 container works
- No Windows support yet
- Multiple containers per Container App (=Pod)
- Support for revisions
- Support for traffic shaping
- Well suited for Microservices
- Service discovery
- Dapr integration
- Independent scaling, versioning per app
- Authentication support
- Similar to App Service Easy Auth
Demo
Time!
Demo Azure Container Apps
- Discuss app
- https://itvinfotagweb.z6.web.core.windows.net/
- Create Container App
- Deploy container image from ACR
- Discuss
- CA Environment
- Authentication
- Containers
- Scaling (change min. to 1)
- Console
What else?
Azure Dev Box 🔗
Private Preview
Codespaces anybody?
Azure Load Testing 🔗
Public Preview
Copilot 🔗
Technical Preview