Develop Azure Compute Solutions Flashcards
What are the azure Container Registry service tiers and what differentiates them? [5]
1) Basic
2) Standard ([4] has more storage and image throughput than basic)
3) Premium ([5] adds features such as geo-replication, supports content-trust for image-tag-signing and it supports private link with private end points)
Is an Azure Container Registry image read-only? [1]
[1] Yes, it is a read-only snapshot of a Docker-compatible container.
Can Azure container registries support Windows images, Linux images or both types of images? [1]
[1] Both are supported.
What other than container images do Azure Container Registries store? [2]
[1] Helm charts and [2] images built on the Open Container Initiative (OCI) Image Format Specification.
What do Azure Container Registry Tasks (ACR Tasks) allow for? [4]
The streamlining of [1] building, [2] testing, [3] pushing, and [4] deploying images in Azure
What are the features of Azure Container Instances? [8] + [1] updated
[1] Fast startup times – Containers can start in seconds, no need to provision a VM.
[2] Public IP connectivity and DNS – Containers can be exposed to the internet with IP and domain name.
[3] Hypervisor-level security – Container applications are as isolated as they would be in a VM.
[4] Custom sizes – Containers can scale dynamically to match resource demand for an application.
[5] Persistent storage – Containers support direct mounting of Azure file shares.
[6] Linux and Windows Containers – The same API is used to schedule both Linux and Windows containers.
[7] Co-scheduled groups - Container Instances support multi-container container groups that share host machine resources.
[8] Virtual network deployment – Container instances can be deployed into an Azure virtual network.
[9] Customer data: The ACI service stores the minimum customer data required to ensure your container groups are running as expected
What are the two common ways to deploy a multi-container group? [2]
[1] ARM template or [2] YAML file.
In Container Instances, what is a container group? [3]
A container group is a [1] collection of containers [2] that get scheduled on the same host machine. [3] The containers in a container group share a lifecycle, resources, local network, and storage volumes. It’s similar in concept to a pod in Kubernetes.
https://learn.microsoft.com/en-us/azure/container-instances/container-instances-container-groups
How do resources such as CPUs and memory get allocated to a container group? [1]
Azure Container Instances allocates resources such as CPUs, memory, and optionally GPUs (preview) to a multi-container group [1] by adding the resource requests of the instances in the group. Taking CPU resources as an example, if you create a container group with two container instances, each requesting 1 CPU, then the container group is allocated 2 CPUs.
https://learn.microsoft.com/en-us/azure/container-instances/container-instances-container-groups
In Container Instance networks, what two things do container groups share? [2]
[1] IP address and [2] port namespace.
In Container Instance storage, what external volumes can you specify to mount within a container group? [4]
[1] Azure file share
[2] Secret
[3] Empty directory
[4] Cloned git repo
You can map those volumes into specific paths within the individual containers in a group.
https://learn.microsoft.com/en-us/azure/container-instances/container-instances-container-groups
In Container Instances, when are multi-container groups useful? [1]
[1] In cases where you want to divide a single functional task into a small number of container images.
Example usage could include:
A container serving a web application and a container pulling the latest content from source control.
An application container and a logging container. The logging container collects the logs and metrics output by the main application and writes them to long-term storage.
An application container and a monitoring container. The monitoring container periodically makes a request to the application to ensure that it’s running and responding correctly, and raises an alert if it’s not.
A front-end container and a back-end container. The front end might serve a web application, with the back end running a service to retrieve data.
https://learn.microsoft.com/en-us/azure/container-instances/container-instances-container-groups
What 4 things can you dynamically scale an Azure Container App on? [4]
[1] HTTP traffic
[2] Event-driven processing
[3] CPU or memory load
[4] Any Kubernetes Event-driven Autoscaling (KEDA) supported scaler
What is Kubernetes Event-driven Autoscaling (KEDA)? [4]
Kubernetes Event-driven Autoscaling (KEDA) is a single-purpose and lightweight component that [1] strives to make application autoscaling simple and is a CNCF Incubation project.
[2] It applies event-driven autoscaling to scale your application to meet demand [3] in a sustainable
[4] and cost-efficient manner with scale-to-zero.
https://learn.microsoft.com/en-us/azure/aks/keda-about
What can Azure Container Apps allow you to do? [4]
[1] Deploy API endpoints
[2] Host background processing applications
[3] Handle event-driven processing
[4] Run microservices
What is an App Service Plan?
It defines [1] a set of compute resources for a web app to run. One or more apps can be configured to run on the same computing resources.
In terms of app service plans, how does a web service web app run and scale? [5] UPDATED
[1] In free and shared tiers, an app receives CPU minutes on a shared VM instance and can’t scale out. [2] In other tiers, an app runs on all the VM instances configured in the App Service plan.
[3] If multiple apps are in the same App Service plan, they all share the same VM instances.
[4] If you have multiple deployment slots for an app, all deployment slots also run on the same VM instances.
[5] If you enable diagnostic logs, perform backups, or run WebJobs, they also use CPU cycles and memory on these VM instances.
In this way, the App Service plan is the scale unit of the App Service apps. If the plan is configured to run five VM instances, then all apps in the plan run on all five instances. If the plan is configured for autoscaling, then all apps in the plan are scaled out together based on the autoscale settings.
What if a web service web app needs more capabilities or features? [1]
[1] Your App Service Plan can be scaled up and down at any time.
Can an App Service Plan host multiple web apps? [1]
[1] Yes, it can.
Can an App Service Plan host multiple web apps? [1]
[1] Yes, it can.
Do web apps support near instant scaling as well as auto scaling? [1]
[1] Yes
Why might you separate different app service web apps into their own app service plan? [2]
[1] Because the different web apps in the app service plan will share and compete for the resources in that plan. [2] And all those app will scale together making it uneconomical.
What is Azure App Service? [4]
[1] It is a HTTP-based service for [4] hosting web application, [2] REST APIs and [3] mobile back ends.
What tiers support auto scaling in app service web apps? And what kind of scaling does it support? [2]
[1] Standard tier and above and [2] only supports scaling in/out.
Can you autoscale up/down in app service web apps? [1]
[1] No, it can only be done manually.
What does CI/CD stand for? [1]
[1] Continuous Integration / Continuous Delivery
Does app service web apps support Continuous Integration / Continuous Delivery (CI/CD) and if so, from what technologies? [6]
[1] Yes, [2] Azure DevOps, [3] GitHub, [4] Bitbucket, [5] FTP (file transfer protocol, a standard for the exchange of program and data files across a network), or [6] local Git repository on your local machine.
Can you use deployment slots in app service web apps? [1]
[1] Yes
Can you host an App Service natively on Linux? [1]
[1] Yes
Can you mix Windows and Linux apps on the same app service plan? [1]
[1] No
What do you need to remember about setting Application Settings in App Service, App settings? [2]
[1] It sets environmental settings in the App. [2] What you add in Applications will override settings put in the .config ect.
Can you tie Application Settings in App Service to a specific deployment slot? [1]
[1] Yes, you can.
Is it possible to store a secrete in Azure Key Vault and then reference the secret in Application Settings in App Service? [1]
[1] Yes
What are the automated deployment tools that App Service offers? [3]
[1] Azure DevOps
[2] GitHub
[3] Bitbucket
What are the manual deployment tools that App Service offers? [4]
[1] Git
[2] CLI
[3] ZipDeploy
[4] FTP/S
In App Service configuration settings, what are the options for configuring Secure Socket Layer (TLL/SSL)? [7]
[1] Buy and import App Service certificate
[2] Import a certificate from Key Vault
[3] Upload a public/private certificate
[4] Renew an expiring/uploaded/App Service certificate
[5] Renew a certificate imported from Key Vault
[6] Manage App Service certificates
[7] Automate with scripts
In App Service configuration settings, which of these allows you to set the software stack to run the app, including the language and SDK version? [1]
[1] Platform setting [2] Stack settings [3] Incoming client certificates [4] Debugging.
Stack settings
In App Service configuration settings, which of these allows you to set Configuration settings for hosting the platform, Bit (32/64 bit), WebSocket protocol, always on, managed pipeline version, HTTP version, ARR affinity. [1]
[1] Platform setting [2] Stack settings [3] Incoming client certificates [4] Debugging
Platform settings
In App Service configuration settings, which of these allows you to set Configuration settings for Enabling remote debugging for ASP.NET, ASP,NET Core, or Node.js apps. [1]
[1] Platform setting [2] Stack settings [3] Incoming client certificates [4] Debugging
Debugging
In App Service configuration settings, which of these allows you to set Configuration settings for requiring client certificates in mutual authentication. TLS mutual authentication is used to restrict access to your app by enabling different types of authentications for it. [1]
[1] Platform setting [2] Stack settings [3] Incoming client certificates [4] Debugging
Incoming client certificates
What is the difference between SSL and TLS? [1]
[1] TLS is an updated, more secure version of SSL.
What is autoscaling? [1]
[1] Adjust available resources based on current demand. Autoscale performs scaling in and out as apposed to scaling up and down.
In Azure App Service, what does autoscaling use to scale resources? And what would happen if you didn’t autoscale an application?[2]
It uses [1] resource Metrix to detect when additional resources are required to handle increasing workloads [2] and ensure that those resources are available before the system become overloaded.
What are the three main characteristics of autoscaling? [3]
[1] Provides elasticity.
[2] Improves Availability and [3] fault tolerance.
How does autoscaling work? [1]
[1] Autoscaling works by adding and removing servers.
When is autoscaling not the best approach? [1]
[1] When handling long-term growth
In Azure App Service, where can you monitor autoscaling activity? [2]
[1] The ‘Run History’ chart shows how the number of instances varies over time [2] and which autoscale conditions caused each change.
In Azure App Service, what is the difference between a scale condition and a scale rule? [2]
[1] The scale condition is the point in which autoscaling will occur, and [2] the scale rule is what will happen once the condition has been met.
Where can you configure these options when deploying an App Service ?
[1] Buy and import App Service certificate
[2] Import a certificate from Key Vault
[3] Upload a public/private certificate
[4] Renew an expiring/uploaded/App Service certificate
[5] Renew a certificate imported from Key Vault
[6] Manage App Service certificates
[7] Automate with scripts
App Service configuration settings, for configuring Secure Socket Layer (TLS/SSL)
In Azure App Service, if there are multiple auto scale rules that trigger at the same time. Which rule will be triggered? [1]
[1] The rule that allocates the most resources.
What are the best practices in Autoscaling? [6]
- Ensure that the maximum and minimum values are different and have an adequate margin between them.
- Chose the appropriate statistic for your diagnosis metric.
- Choose the threshold carefully for all metric types.
- Remember the rules for scaling when multiple rules are configured in a profile.
- Always set a safe default instance count.
- Configure autoscale notifications.
What does the term ‘flapping’ mean in autoscaling? [1]
[1] Flapping is when you have set the same minimum and maximum value for an autoscale condition, causing the service to scale in and out really quickly.
In Azure Functions, what are the two parts of a function? [2]
- Your code
- Some config (function.json)
In Azure Functions, what does function.json file do? [2]
It defines the functions [1] trigger, bindings, and [2] other configuration settings. The runtime uses the config (function.json) file to determine the events to monitor and how to pass data and return data from the function execution.
Do functions, in a Function App, share the same pricing plan, deployment method and runtime version? [1]
[1] Yes, they do.
What is a binding in an Azure function? And what can be set? [4]
[1] It’s a way of connecting to another resource to the function. They [2] can be input [3] or output bindings [4] or both.
In a Function App, what languages are supported for creating functions and how are the triggers and bindings defined? [6]
[1] C# class library – decorating methods and parameters
[2] Java – decorating methods and parameters
[3] JavaScript, [4] PowerShell, [5] Python, [6] TypeScript – Updating function.json schema
Which Azure Service Plan pricing tier is available only to the function apps? [1]
1. Shared compute
2. Dedicated Compute
3. Consumption
4. Isolated
[1] Consumption
What are the steps that you need to follow to create a container? And also publish it to ACR [7]
[1] Create your application
[2] Install and Run Docker Desktop
[3] Run Visual Studio Container Tools
[4] Add Docker Support to the application and select target OS (Docker file will then be added to solution containing the details for building for Docker)
[5] Publish to Azure Container Registry
[6] In the Azure Portal enable Admin User under the Access Key Settings (Allows me to add image to Azure using Azure CLI, PowerShell or Portal)
[7] Now Create Container Instance or Azure Web App and deploy Container image that is in the Azure Container Registry
In Azure Container Registry, what are the use cases and the applications that would pull container images? [9]
[1] Scalable orchestration systems that manage containerized applications across clusters of hosts, [2] including Kubernetes, [3] DC/OS, [4] and Docker Swarm.
[5] Azure services that support building and running applications at scale, including [6] Azure Kubernetes Service (AKS), [7] App Service, [8] Batch, [9] Service Fabric, and others.
In Azure Container Registry, developers can push to a container registry as part of a container development workflow as part of their continuous integration and delivery tools, where from? [2]
[1] Azure Pipelines or [2] Jenkins
In Azure Container Registry ACR Tasks, what kind of scenarios would you configure for? [3]
[1] Automatically rebuild application images when their base images are updated
[2] Automate image builds when your team commits code to a Git repository
[3] Create multi-step tasks to automate building, testing, and patching multiple container images in parallel in the cloud.
In Azure Container Registry ACR Tasks, what do build tasks do and when? [2]
Configure build tasks to [1] automate your container OS and framework patching pipeline, and [2] build images automatically when your team commits code to source control.
In Azure Container Registry, what storage capabilities does it have? [5]
[1] Encryption-at-rest: All container images in your registry are encrypted at rest. Azure automatically encrypts an image [2] before storing it, and decrypts it on-the-fly when you or your applications and services pull the image.
[3] Regional storage: Azure Container Registry stores data in the region where the registry is created, to help customers meet data residency and compliance requirements. In all regions except Brazil South and Southeast Asia.
[4] Zone redundancy: A feature of the Premium service tier, zone redundancy uses Azure availability zones to replicate your registry to a minimum of three separate zones in each enabled region.
[5] Scalable storage: Azure Container Registry allows you to create as many repositories, images, layers, or tags as you need, up to the registry storage limit.
High numbers of repositories and tags can impact the performance of your registry. Periodically delete unused repositories, tags, and images as part of your registry maintenance routine. Deleted registry resources like repositories, images, and tags can’t be recovered after deletion.
In Azure Container Registry ‘ACR Tasks’, what are the scenarios/command tools to build and maintain container images and other artifacts? [3]
[1] Quick task - Build and push a single container image to a container registry on-demand, in Azure, without needing a local Docker Engine installation.
[2] Automatically triggered tasks - Enable one or more triggers to build an image:
Trigger on source code update
Trigger on base image update
Trigger on a schedule
[3] Multi-step task - Extend the single image build-and-push capability of ACR Tasks with multi-step, multi-container-based workflows.
In Azure Container Registry, each ACR Task has an associated source code context, what does that mean? And what two examples are there of files being stored [3]
[1] Its the location of a set of source files used to build a container image or other artifact. [2] Example contexts include a Git repository or [3] a local filesystem.
In Azure Container Registry, when would you want to trigger task on source code update? And what applications would need to have been updated for this to occur ? [5]
Trigger a container image build or multi-step task when [1] code is committed, or [2] a pull request is made or [3] updated, to a [4] Git repository in GitHub or [5] Azure DevOps Services.
For example, configure a build task with the Azure CLI command az acr task create by specifying a Git repository and optionally a branch and Dockerfile. When your team updates code in the repository, an ACR Tasks-created webhook triggers a build of the container image defined in the repo.
In Azure Container Registry ACR Tasks, when would you want to schedule a task and how would you implement it? [4]
Optionally schedule a task [1] by setting up one or more timer triggers when you create or update the task. [2] Scheduling a task is useful for running container workloads on a defined schedule, [3] or running maintenance operations or [4] tests on images pushed regularly to your registry.
In Azure Container Registry ACR Tasks, what operating systems does it build images in? [2]
[1] Windows and [2] Linux
In Azure Container Registry ACR Tasks, when would you Trigger on base image update? [2]
You can set up an ACR task to track a dependency on a base image when it builds an application image. [1] When the updated base image is pushed to your registry, or [2] a base image is updated in a public repo such as in Docker Hub, ACR Tasks can automatically build any application images based on it.
What is a Dockerfile and where does it come from? [2]
[1] It comes from a Docker Image. [2] A Dockerfile is a script that contains a series of instructions that are used to build a Docker image.
When creating a Dockerfile, the first step in creating a Dockerfile is choosing a base image that serves as the foundation for your application. What steps/commands do you need to follow to do this? [5]
Use the .NET 6 runtime as a base image
FROM mcr.microsoft.com/dotnet/runtime:6.0
Set the working directory to /app
WORKDIR /app
Copy the contents of the published app to the container’s /app directory
COPY bin/Release/net6.0/publish/ .
Expose port 80 to the outside world
EXPOSE 80
Set the command to run when the container starts
CMD [“dotnet”, “MyApp.dll”]
//////////////////////////////////////////////////////////////////
FROM mcr.microsoft.com/dotnet/runtime:6.0: This command sets the base image to the .NET 6 runtime, which is needed to run .NET 6 apps.
WORKDIR /app: Sets the working directory to /app, which is where app files are copied.
COPY bin/Release/net6.0/publish/ .: Copies the contents of the published app to the container’s /app directory. We assume that the .NET 6 app has already been built and published to the bin/Release/net6.0/publish directory.
EXPOSE 80: Exposes port 80, which is the default HTTP port, to the outside world. Change this line accordingly if your app listens on a different port.
CMD [“dotnet”, “MyApp.dll”]: The command to run when the container starts. In this case, we’re running the dotnet command with the name of our app’s DLL file (MyApp.dll). Change this line to match your apps name and entry point.
What is the Bash command to create a resource group?
az group create –name az204-acr-rg –location <myLocation></myLocation>
What is the Bash command to create an Azure Container Registry?
az acr create –resource-group az204-acr-rg –name <myContainerRegistry> --sku Basic</myContainerRegistry>
What is the Bash command to create a Dockerfile?
echo FROM mcr.microsoft.com/hello-world > Dockerfile
In Azure Container Registry ACR Tasks, when would you want to use Multi-step tasks and how would you implement it? [4]
Multi-step tasks, [1] defined in a YAML file [2] specify individual build and push operations for container images or [3] other artifacts. [4] They can also define the execution of one or more containers, with each step using the container as its execution environment.
- Build a web application image
- Run the web application container
- Build a web application test image
- Run the web application test container, which performs tests against the running application container
- If the tests pass, build a Helm chart archive package
- Perform a helm upgrade using the new Helm chart archive package
What information do Dockerfiles typically contain? [5]
- The base or parent image we use to create the new image
- Commands to update the base OS and install other software
- Build artifacts to include, such as a developed application
- Services to expose, such a storage and network configuration
- Command to run when the container is launched
What does the key word ‘echo’ mean? [1]
[1] When you use the echo command, it simply prints the text you provide as arguments to the terminal screen.
When writing the following Bash command, what does the \ and . mean? [2]
az acr build –image sample/hello-world:v1 \
–registry <myContainerRegistry> \
--file Dockerfile .</myContainerRegistry>
[1] The . at the end of the command tells the az acr build command that the current directory should be used as the build context, and it’s where the command will look for the specified Dockerfile and any other files needed for the build process.
[2] The backslash at the end of each line indicates to the shell that the command is not yet complete and continues on the next line.
In bash commands, what does show-tags do? [2]
az acr repository show-tags –name <myContainerRegistry> \
--repository sample/hello-world --output table</myContainerRegistry>
[1] A “tag” is a label applied to a specific version of an image. [2] Tags are used to identify and differentiate different versions of the same image within a container registry. They’re particularly useful for managing and referencing different states or variations of an application or service.
In bash commands, what does /dev/null mean?
[1] az acr run –registry <myContainerRegistry> --cmd '$Registry/sample/hello-world:v1' /dev/null</myContainerRegistry>
/dev/null: This is used as the input file for the command. [1] When a command’s input is redirected from /dev/null, it effectively means that the command won’t receive any input. It’s like sending an empty stream to the command.
True or false - Multi-container groups currently support only Linux containers. For Windows containers, Azure Container Instances only supports deployment of a single instance?
True
In bash commands, what does –no-wait mean? [1] az group delete –name az204-acr-rg –no-wait
The –no-wait flag is used to instruct the Azure CLI to not wait for the completion of the resource group deletion operation before returning control to the user. In other words, [1] when you include the –no-wait flag, the command will initiate the deletion of the specified resource group and immediately return to the command prompt, allowing you to continue working without waiting for the deletion process to finish.
What is the Bash command to list the tags on a repository?
az acr repository show-tags –name <myContainerRegistry> \
--repository sample/hello-world --output table</myContainerRegistry>