What's New in Azure for Developers

<<

Shifting Things to the Left

  • Shift left = do things earlier in the dev process
    • Testing
    • Security
    • Deployment

As developers, we have to learn more about security

Azure Virtual Networks 🔗

  • Similar to a traditional network, but in Azure
    • Address space, subnets
    • VNets can be connected through VNet Peering
    • Network Security Rules (NSGs) filter traffic to/from VNets
    • Can be connected to an on-premises network using VPN Gateway
  • Private Endpoints bring Azure PaaS offerings into your VNet 🔗
    • Optionally, make your own services available through PEs
  • Private DNS for managed DNS services inside VNet

Limit network accessability of services to a minimum

Challenges

  • Limited knowledge about networking in dev teams

    • Traditionally, devs did not care so much about firewalls, proxies, routers, DNS, address ranges, etc.

  • Troubleshooting challenges

    • How to access resources not accessible via Internet?

    • VPN hard to get right especially in larger enterprises

    • Azure Bastion 🔗 might be a possible solution. Challenge: VMs

  • It is always DNS! 😅

Azure DNS Private Resolver 🔗

  • Query Azure DNS private zones from an on-premises environment and vice versa

    • Important for scenarios with Azure VNets, Private Endpoints, and Enterprise VPN Gateways

    • Previously: Manage your own DNS solution based on VMs

  • New solution is fully managed, no VMs needed

  • Currently in public preview

Demo
Time!

ssh rainer@20.101.140.92
 
dig rsmanagedstorage.blob.core.windows.net
 	# Returns public IP of storage
dig @10.0.200.4 rsmanagedstorage.blob.core.windows.net
 	# 10.0.200.4 is inbound interface of Private DNS Resolver
    # Returns private IP of storage
   
sudo vim /etc/netplan/50-cloud-init.yaml
	# add nameservers: addresses: [10.0.200.4]
sudo netplan apply
dig rsmanagedstorage.blob.core.windows.net
 	# Returns private IP of storage

Azure Frontdoor

  • Integrated Routing, CDN, and security solution
    • Caching
    • Web Application Firewall
    • Reverse Proxy
  • "Front door" to static and dynamic assets
  • Premium tier support Private Endpoints
  • Greatly simplified pricing 🔗
    • Now affordable in even smaller projects

Demo
Time!

https://pingpong-fga4hxg0dfbghmdj.z01.azurefd.net/api/PingPong?name=Rainer
https://pingpong-fga4hxg0dfbghmdj.z01.azurefd.net/images/itv.gif

Workload identity federation 🔒🔑

Token Exchange

  • Goal: Turn external JWT into AAD token
  • Use AAD token to access AAD-protected Azure resources
  • Examples: GitHub, Google Cloud, K8s

Demo
Time!

GitHub Actions -> Azure

Azure Container Apps

What is ACA?

  • Run container-based workload without maintaining a K8s cluster
  • Scaling similar to Azure Functions
    • Scaling done with KEDA 🔗
    • Can scale down to zero -> attractive pricing for some apps 🔗
  • Unopinionated about runtime or programming model

Yet another container option?

  • App Service
    • Optimized for web sites and APIs
    • Serverless, event-driven with Functions,
      but Functions-specific programming model
  • Container Instances
    • Single pod, Hyper-V isolated containers on demand
    • No scaling, load balancing, etc.
    • Building block for other services (e.g. AKS virtual nodes)
  • Kubernetes Service, Red Hat Open Shift
    • Managed clusters
    • Configured by customers
  • Container Apps
    • More general than App Service
    • Less configuration/maintenance work than AKS

Feature Highlights

  • VNet support
  • Optional support for Dapr 🔗
  • Any Linux-based x86-64 container works
    • No Windows support yet
  • Multiple containers per Container App (=Pod)
  • Support for revisions
    • Support for traffic shaping
  • Well suited for Microservices
    • Service discovery
    • Dapr integration
    • Independent scaling, versioning per app
  • Authentication support
    • Similar to App Service Easy Auth

Demo
Time!

Demo Azure Container Apps

What else?

Azure Dev Box 🔗

Private Preview

Codespaces anybody?

Azure Load Testing 🔗

Public Preview

Copilot 🔗

Technical Preview

Azure 🤘