Azure Compute solutions Flashcards
ACR, Azure Functions, Azure App Service web apps
What’s an Azure Container Registry (ACR)
is a managed, private Docker registry service based on the open-source Docker Registry 2.0.
What are the Azure Container Registry service tiers?
Basic, Standard and Premium
Explain the Basic tier of ACR service
A cost-optimized entry point for developers learning about Azure Container Registry. Basic registries have the same programmatic capabilities as Standard and Premium (such as Azure Active Directory authentication integration, image deletion, and webhooks). However, the included storage and image throughput are most appropriate for lower usage scenarios.
Explain the Standard tier of ACR service?
Standard registries offer the same capabilities as Basic, with increased included storage and image throughput. Standard registries should satisfy the needs of most production scenarios.
Explain the Premium tier of ACR service?
provide the highest amount of included storage and concurrent operations, enabling high-volume scenarios.
higher image throughput
Premium adds features such as geo-replication for managing a single registry across multiple regions, content trust for image tag signing, and private link with private endpoints to restrict access to the registry.
What are the different Azure storage features?
Encryption-at-rest, Regional storage, zone redudnancy, scalable storage.
Explain encryption-at-rest feature in Azure storage.
All container images in your registry are encrypted at rest. Azure automatically encrypts an image before storing it, and decrypts it on-the-fly when you or your applications and services pull the image.
Explain regional storage feature in Azure Storage
Azure Container Registry stores data in the region where the registry is created, to help customers meet data residency and compliance requirements. In all regions except Brazil South and Southeast Asia, Azure may also store registry data in a paired region in the same geography. In the Brazil South and Southeast Asia regions, registry data is always confined to the region, to accommodate data residency requirements for those regions.
Explain zone redundancy feature in Azure Storage
A feature of the Premium service tier, zone redundancy uses Azure availability zones to replicate your registry to a minimum of three separate zones in each enabled region.
Explain scalable storage feature in Azure Storage
allow you to create as many repos, images, layers, or tags as you need, up to the registry storage limit
What are the different scenarious for ACR Tasks?
Quick task, Automatically triggered tasks, multi-step task
What’s Quick task?
Build and push a single container image to a container registry on-demand, in Azure, without needing a local Docker Engine installation. It provides an integrated development experience by offloading your container image builds to Azure.
Benefit; you can verify your automated build definitions and catch potential problems prior to committing your code.
What’s multi-step task?
it’s defined in a YAML file specifying individual build/ push operations for container images or other artifacts. Also define execution of one or more containers.
What’s a Dockerfile?
a script that contains a series of instructions that are used to build a Docker image
What does a dockerfile include?
The base or parent image we use to create the new image. Commands to update the base OS and install other software. Build artifacts to include, such as a developed application.Services to expose, such a storage and network configuration. Command to run when the container is launched.
What can you use ACR Task for?
Create an Azure Container Registry. Build and push image from a Dockerfile. Run the image in the ACR.
What is ACR Tasks?
a set of features within ACR
What is Azure Container Instances (CI)?
a service that let developer easily to deploy container on Azure cloud platform
What’s container group in CI?
collection of containers that get scheduled on the same host machine
What does container in a container group?
container in a container group share lifecycle, local network and storage volume (similar to pods in Kubernetes)
What are the two ways of deploying container group?
Resource Manager template and YAML file
When to use Resource Manager template to deploy container group?
when deploy additional Azure service resources (eg. Azure Files share) when u deploy CI
When to use YAML file to deploy container group?
when your deployment includes only container instances
Give a scenario to use multi-container groups
useful where u want to divide a single functional task into a few container images
What does it mean that Azure CI is stateless?
if container crash/stops, all of its state is lost
What are the limitations of mounting Azure file share in Azure CI?
- only mount Azure Files shares to Linux containers
- Azure file share volume mount requires the Linux container run as root
- Azure File share volume mounts are limits to CIFS support
What are the restarts policies for running containerized tasks?
Always = default setting when no restart policy
Never
OnFailure
What’s Azure Container Apps (CA)?
a fully managed environment that enables you to run containerized applications and microservices on a serverless platform
What is Azure CA common used for?
- Deploy API endpoints
- Host background processing applications
- Handle event-driven processing
- Run microservices
What are the limitations of Azure CA?
- can’t run priviliged container. can’t process root access.
- Linux-based (linux/amd64) container images are required
What can Azure CA handle for you with its built-in authentication and authorization features?
- Authenticates users/clients
- manages the authenticated session
- inject identity info into HTTP request headers
What happens when Authen/author feature is enabled in Azure CA?
when the middleware is enabled, every incoming HTTP request passes through the security layer before being handled by your app.
What is revision in Azure CA?
Revision is an unchangeable/immutable snapshot of a container app version.
How are secrets updated/ deleted in Azure CA?
Updated or deleted secrets doesn’t automatically affect existing revisions in your app. To do it you can:
1. Deploy a new revision
2. Restart an existing revision
What’s Azure App Service?
an HTTP-based service (PaaS) for hosting web apps, REST APIs, mobile back ends.
Develop in any languages/framework
Benefit with Azure App Service?
- Built-in auto scale support
- Continuous integration/deployment support
- Deployment slots
What are the limitations of Azure App Service?
- App service on Linux are NOT supported on Shared pricing tier
- The Azure portal shows only features that currently work for Linux apps.
- Disk latency is higher and variable than latency of the container filesystem.
What does the plans in Azure App Service define?
defines a set of compute resources for a web app to run
1. Operating system (Windows, Linux)
2. Region (West US)
3. Number of VM instances
4. Size of VM instances (small, medium, large)
5. Pricing tier
What are the different pricing tiers on Azure App Service?
- Shared compute: Free, Shared
- Dedicated compute: Basic, Standard, Premium, PremiumV2, PremiumV3
- Isolated:
Isolated, IsolatedV2
What’s the shared compute pricing tier?
Base tier. Runs app on same Azure VM as other App Service apps. Intended to use for dev and testing purposes
Fixed CPU to each app that runs on the shared resources.
Resources can’t scale out
What’s the dedicated compute pricing tier?
Run apps on dedicated Azure VMs.
Only apps in same App Service plan share same compute resource.
The higher tier, the more VM instances available for scale-out.
What’s the isolated pricing tier?
Run dedicated Azure VMs on dedicated Azure Virtual Networks.
Provides network isolation and compute isolation to your app.
Provides max scale-out capabilities
What are the different ways to automatically deploy an App Service?
- Azure DevOps Services
- Bitbucket
- GitHub
What are the manual ways to deploy Azure App Service?
- Git
- CLI
- Zip deploy
- FTP/S
What are the inbound features of multi-tenant App Service networking feature?
- App-assigned address
- Access restrictions
- Service endpoints
- Private endpoints
What are the outbound features of multi-tenant App Service networking feature?
- Hybrid Connections
- Gateway-required virtual network integration
- Virtual network integration
Which plans host customer workloads on multitenant workers in Azure App Service?
free and shared SKU (stock keeping unit)
What are configured in Application settings in web app settings?
Variables passed as environment variables to the app code.
Always encrypted when stored (encrypted-at-rest).
What are configured in General settings in web app settings?
- Stack settings: language & SDK version
- Platform settings: conf hosting platform (Bitness, WebSocket, Always On, Manage pipeline version, HTTP version)
- Debugging
- Incoming client certificates
What are the different Application logging types in web apps?
- Detailed error logging
- Failed request logging
- Web server logging
- Application logging (supported on Linux platform)
- Deployment logging (supported on Linux platform)
Where are Application logging from web apps stored?
All logging types have location App Service file system.
Web server and application logging also has storage Azure Storage.
Which application logging from web apps supports on Linux platform?
Application logging and deployment logging.
All logging types support Windows platform.
What are the different log levels?
- Disabled
- Error - incl. error, critical
- Warning - incl. warning, error, critical
- Information - incl. info, warning, error, critical
- Verbose - incl. trace, debug, info, warning, error, critical
What are the different options to add security certificates in App Service?
- Create a free App Service managed certificate (TLS/SSL server certificate)
- Purchase an App Service certificate
- Import from Key Vault
- Upload a private certificate
- Upload a public certificate
Which plans allow you to create a free App Service managed certificate in App Service?
Azure Service plan Basic, Standard, Premium or Isolated tier.
What are the limitations of creating a free Azure Service managed certificate?
- Doesn’t support wildcard certificates
- doesn’t support private DNS
- isn’t exportable
When you purchase an App Service certificate what does Azure App Service manage for you?
- purchase process from certificate provider
- maintain cert in Azure Key Vault
- renewal
When to isolate your app into a new Azure App service plan?
- the app is resource intensive
- you want to scale the app independently from the other apps in the existing plan
- the app needs resource in a different geographical region
When should you auto scale your app?
when there are predictable changes in app load
When should you NOT auto scale your app?
- When app perform resource-intensive processing as part of each req (best to manually scaling up)
- handling long-term growth
What does autoscaling rules describe?
- specify a metric to monitor
- how autoscaling should respond when the metrics crosses a threshold.
What are the autocale options?
- based on metrics
- scale to a specific instance count according to schedule
What are the metrics you can use to autoscale?
- no. HTTP reqs awaiting processing
- Data in/out
- CPU Percentage
- Memory Percentage
- Disk Queue Length
- HTTP Queue Length
What are the best practices for auto scaling?
- Max and Min value are different, and adequate margin between them
- Choose appropriate statistic for your diagnostics metric (Average (common), Minimum, Maximum and Total as a metric to scale by)
- Choose thresholds carefully for all metric types
- multiple rules configured
What do you have to remember when you have multiple rules configured for auto scaling (both scale out and scale in)?
Scale-out, autoscale runs if any rule is met.
Scale-in, autoscale require all rules to be met
What are deployments slots?
live apps w/their own host names
What are the benefit of deploying to non-production slot?
- validate app changes in staging deployment slot before swapping it to prod slot.
- warmed up all instances of the slot before swapping into production
Which Azure App Service plan tier support deployment slots?
Standard (5 deployment slots), Premium (20) or Isolated (20) plans
Which settings are swapped when doing slot swapping?
- General settings (framework version, 32/64-bit, web sockets)
- App settings (can conf to stick to a slot)
- Connection strings (can conf to stick to slot)
- Handler mappings
- Public certificates
- WebJobs content
- Hybrid connections
- Azure Content Delivery Network
- Service endpoints
- Path mappings
Which settings are NOT swapped when doing slot swapping?
- Publishing endpoint
- Custom domain names
- Non-public certificates and TLS/SSL settings
- Scale settings
- WebJobs schedulers
- IP restrictions
- Always On
- Diagnostic log settings
- Cross-origin resource sharing
- Virtual network integration
- Managed identities
- Settings that end with the suffix _EXTENSION_VERSION
What are the different ways to route traffic?
- Route production traffic automatically
- Route production traffic manually
- Route a portion of traffic to another slot. Useful when u need feedback for a new update, but not ready to release it to prod
What’s Azure Functions?
Serverless solution allowing u to write less code, maintain less infrastructure, and save on costs.
What are bindings?
ways to simplify coding for input and output data
What’s input binding?
The function can READ data from these input sources.
Connect to a data source
What’s output binding?
The function can WRITE data to these output destinations.
Connect to a data destination
What are the binding properties?
- Name (refer to in the code)
- Type
(the type of data/service interacting with) - Direction
(in/out binding) - Connection: Provides the name of an app setting key that contains the connection string. Bindings use connection strings stored in app settings to keep secrets out of the function code.
What are the different Azure Functions plans?
- Consumption: Default hosting plan. scales automatically, pay for compute resource on running functions
- Premium: Automatically scales based on demand using pre-warmed workers, which run applications with no delay after being idle, runs on more powerful instances, and connects to virtual networks.
- Dedicated: best for predictive scaling and costs
What are the different trigger types in Azure Functions?
- Timer: execute a func at a set interval
- HTTP
- Blob: exc when a file is uploaded/updated in Azure Blob storage
- Queue: exc when message added to an Azure Storage queue
- Azure Cosmos DB: exc when a doc changes in a collection
- Azure SQL: exc when a row changes in a table
- Event Hub: exc when an event hub receives a new event
- Event Grid. exc based on Event Grid subscriptions
What’s Logic Apps?
Design-first technologies. Code, by creating/editing a workflow in JSON. For people w/ development skills.
Good at integration cause over 200 connectors included (interface to external service)
automate, orchestrate, and integrate disparate components of a distributed application
What’s Microsoft Power Automate?
Design-first technologies.
No need of development/ IT Pro experience.
Built on Logic Apps. Intended scenarious: self-service workflow creation. GUI only.
Include testing and production environment.
What’s WebJobs?
a feature of Azure App Service that enables you to run a program or script in the same instance as a web app, API app, or mobile app
When do you choose WebJobs over Azure Functions?
if you have …
1. existing Azure App Service app and want to model the workflow in the app.
2. specific customizations that u want to make to the JobHost that aren’t supported by Azure Functions
3. want to control your app’s retry policies
4. WebJobs only support C# on Microsoft Windows
What does scale up means?
Increase CPU, memory, disk space, extra features.
etc. moving to a higher tier to get access to more features (memory, resources)
What’s Deployment center setting?
used to configure continuous deployment and manual deployment
Which platform setting should u use when routing a client app to the same instance for the life of the session, when u manage a multi-instance deployment of an Azure App Service Web?
In a multi-instance deployment, the ARR Affinity setting ensures a client application is routed to the same instance for the life of the session
What are key prefixes and labels?
Key prefixes are the beginning parts of keys. A set of keys can be grouped by using the same prefix in names. Labels are an attribute on keys. Labels are used to create variants of a key. For example, labels can be assigned to multiple versions of a key.
What do you need to do to mount an Azure file share as a volume in a container?
Specify the share and volume mount point when you create the container.
az container create –resource-group learn-deploy-aci-rg –name aci-demo-files –image mcr.microsoft.com/azuredocs/aci-hellofiles –location eastus –ports 80 –ip-address Public –azure-file-volume-account-name $STORAGE_ACCOUNT_NAME –azure-file-volume-account-key $STORAGE_KEY –azure-file-volume-share-name aci-share-demo –azure-file-volume-mount-path /aci/logs/
What command to use to display files contained in your file share?
az storage file list
eg. az storage file list -s aci-share-demo -o table
What Azure Service app plan do you need to create custom TLS/SSL bindings or enable client certificates for ur App Service app?
Basic, Standard, Premium or Isolated tier.
What’s a container registry?
a service that stores and distributes container images and related artifacts. eg, Docker Hub
What’s a repository?
a collection of container images/other artifacts in a registry that have the same name but different tags.
For example, the following three images are in the acr-helloworld repository:
acr-helloworld:latest
acr-helloworld:v1
acr-helloworld:v2
tag is like version tag at work when deploy.
What’s namespace in repository?
Repository names can include namespaces. Namespace allow u to identify related repositories/artifact ownership in ur organisation by using forward slash-delimited names
Eg
marketing/campaign10-18/web:v2
marketing/campaign10-18/api:v3
What are layer in container images?
Container images/artifacts are made up of one or more layers.
For example, in a Docker container image, each layer corresponds to a line in the Dockerfile that defines the image.
NB To provide secure isolation and protection from potential layer manipulation, layers are not shared across registries.
What’s a manifest?
Each container image or artifact pushed to a container registry is associated with a manifest. The manifest, generated by the registry when the content is pushed, uniquely identifies the artifacts and specifies the layers. JSON file/format
In Azure CLI, which command to list the manifests for a repository?
az acr manifest list-metadata
eg.
az acr manifest list-metadata –name <repositoryName> --registry <acrName></acrName></repositoryName>
How many instances can functions of Consumption and Premium plan scale out?
Consumption scale out to 200 instances.
Premium scale out to 100 instances
Setting functionAppScaleLimit to 0 or null means unrestricted
What components are required to enable the customer-managed key capability for Azure App Configuration?
- Standard tier Azure App Configuration instance
- Azure Key Vault with soft-delete and purge-protection features enabled
- an RSA or RSA-HSM key within the Key Vault (Key Vault Premium tier)
What’s Durable Functions?
an extension of Azure Functions that lets you write stateful functions in a serverless compute environment.
Define stateful workflows by writing orchestrator functions.
Define stateful entities by writing entity functions using the Azure Functions programming model.
What’s the primary use case for Durable Functions?
simplifying complex, stateful coordination requirements in serverless applications.
What are the typical application patterns that can benefit from Durable Functions?
- Function chaining
- Fan-out/fan-in
- Async HTTP APIs
- Monitoring
- Human interaction
- Aggregator (stateful entities)
What’s Function chaining?
an application pattern where a sequence of functions executes in a specific order.
What’s fan out/fan in pattern?
The fan-out/fan-in pattern enables multiple functions to be executed in parallel, waiting for all functions to finish. Often, some aggregation work is done on the results that are returned from the functions.
What’s the Async HTTP APIs pattern?
This application pattern addresses the problem of coordinating the state of long-running operations with external clients.
Common way to implement this pattern; having an HTTP endpoint trigger the long-running action. Then redirect the client to a status endpoint that the client pulls to learn when the operation is finished.
