Get best practices on how to monitor your Kubernetes clusters from field experts in this episode of the Kubernetes Best Practices Series. In this intermediate level deep dive, you will learn about monitoring and logging in Kubernetes from Dennis Zielke, Technology Solutions Professional in the Global Black Belts Cloud Native Applications team at Microsoft.
Multi-cluster view from Azure Monitor
Azure Monitor provides a multi-cluster view showing the health status of all monitored AKS clusters deployed across resource groups in your subscriptions. It shows AKS clusters discovered that are not monitored by the solution. Immediately you can understand cluster health, and from here you can drill down to the node and controller performance page, or navigate to see performance charts for the cluster. For AKS clusters discovered and identified as unmonitored, you can enable monitoring for that cluster at any time.
Container Live Logs provides a real-time view into your Azure Kubernetes Service (AKS) container logs (stdout/stderr) without having to run kubectl commands. When you select this option, new pane appears below the containers performance data table on the Containers view, and it shows live logging generated by the container engine to further assist in troubleshooting issues in real time.
Live logs supports three different methods to control access to the logs:
AKS without Kubernetes RBAC authorization enabled
AKS enabled with Kubernetes RBAC authorization
AKS enabled with Azure Active Directory (AD) SAML based single-sign on
You even can search in the Container Live Logs for Troubleshooting and history.
Configure continuous integration (CI) and continuous delivery (CD) for your IoT Edge application with DevOps Projects. DevOps Projects simplifies the initial configuration of a build and release pipeline in Azure Pipelines.
In the following steps you can see how easy it is to build your Continuous integration and continuous deployment to Azure IoT Edge with DevOps Project :
Select Simple IoT
Click on Next.
From here you set your Azure DevOps organization to your Azure IoT Hub. Click on additional settings
In additional settings you can set :
Azure Resource Group
Location ( region)
Container Registry
Container Registry name
Container registry SKU
Container Location
IoT Hub of Edge Devices
IoT Hub Location
Select Container Registry Plan
Azure Container Registry allows you to store images for all types of container deployments including DC/OS, Docker Swarm, Kubernetes, and Azure services such as App Service, Batch, Service Fabric, and others. Your DevOps team can manage the configuration of apps isolated from the configuration of the hosting environment.
More information about Azure Container Registry and pricing
Azure DevOps Project will do the rest of the deployment.
Of course Infrastructure as Code (IaC) is possible by ARM JSON Template.
Save the template for later.
here you got your ARM Templates.
Later you will see when you complete the deployment, that your JSON ARM template is in Azure DevOps Repo.
You can connect your Azure DevOps Repo via the portal but also via Visual Studio and Visual Studio Code.
The resources coming into myiotpipeline-rg
MyIOTPipeline-IoTHub is created.
MyIOTPipelineACR Container Registry is created.
MyIOTPipeline with Azure DevOps is created 🙂
Your Continuous integration and continuous deployment to Azure IoT Edge is deployed and active. Now you have your Azure Pipeline in place to continuously update your IoT Device App. From here you can go to Azure DevOps Project Homepage.
Via Agent phase you can see all the jobs of the deployment.
Azure DevOps Pipeline Release
here we have Azure DevOps Repos
Azure DevOps Services includes free unlimited private Git repos, so Azure Repos is easy to try out. Git is the most commonly used version control system today and is quickly becoming the standard for version control. Git is a distributed version control system, meaning that your local copy of code is a complete version control repository. These fully functional local repositories make it easy to work offline or remotely. You commit your work locally, and then sync your copy of the repository with the copy on the server.
Git in Azure Repos is standard Git. You can use the clients and tools of your choice, such as Git for Windows, Mac, partners’ Git services, and tools such as Visual Studio and Visual Studio Code.
All the Azure Resources for the IoT Edge Pipeline with Azure DevOps.
When you have your Azure DevOps Pipeline with IoT Edge devices running, you can monitor your pipeline with Analytics inside Azure DevOps.
Click Next.
Click on Install Analytics.
Select the right Azure DevOps Organization for your IoT Edge Pipeline.
Done !
Analytics is now active, you can make automated test plans in Azure DevOps and see the results via Analytics.
Azure DevOps Overview Dashboard.
There are a lot of predefined Analytics Views for you shared.
An Analytics view provides a simplified way to specify the filter criteria for a Power BI report based on the Analytics Service data store. The Analytics Service provides the reporting platform for Azure DevOps. More information about Analytics in Azure DevOps here
Easy to start with Powerbi and Azure DevOps Connector.
Planned manual testing
Plan, execute, and track scripted tests with actionable defects and end-to-end traceability. Assess quality throughout the development lifecycle by testing your desktop or web applications.
More information about making your testplan for your IoT Edge Devices Azure DevOps Pipeline
Conclusion :
When you connect Microsoft Azure IoT Edge – HUB with your Internet of Things Devices and combine it with Microsoft Azure DevOps Team to develop your Azure IoT Pipeline, then you are in fully control of Continuous integration and continuous deployment to Azure IoT Edge. From here you can make your innovations and Intelligent Cloud & Edge with Artificial Intelligence and Machine Learning to your Devices. You will see that this combination will be Awesome for HealthCare, Smart Cities, Smart Buildings, Infrastructure, and the Tech Industry.
In this Microsoft article, you learn how to use the built-in Azure IoT Edge tasks for Azure Pipelines to create two pipelines for your IoT Edge solution. The first takes your code and builds the solution, pushing your module images to your container registry and creating a deployment manifest. The second deploys your modules to targeted IoT Edge devices.
When you have your Hybrid Cloud Enterprise Design ready in a Microsoft HUB-Spoke model and your Security in place, you can do your optimize on your Azure workloads and keep up-to-date for your compliancy. Microsoft Azure Security Center can support you in Security and Compliancy (GDPR). Here you see my former blogposts about Microsoft Azure HUB-Spoke model architecture and Security by design :
Security in software is always on the move and changing in this world, when you think you are ready something has changed already. That’s why I love Microsoft Azure Security Center to keep you posted and giving you advise on Security but also on Compliancy.
From here you see a high-level overview of these new possibilities in Microsoft Azure Security Center :
Security Center Overview
Microsoft Azure Security Center is working with the following navigation menu’s on the left :
General
Policy & Compliance
Resource Security Hygiene
Advanced Cloud Defense
Threat Protection
Automation & Orchestration
Microsoft Azure Secure Score Dashboard
Microsoft Azure Security Center is working with Overall Secure Score. In my Test LAB we have some work to do 😉
The Azure secure score reviews your security recommendations and prioritizes them for you, so you know which recommendations to perform first. This helps you find the most serious security vulnerabilities so you can prioritize investigation. Secure score is a tool that helps you assess your workload security posture. Improve your secure score in Azure Security Center
Azure Security Center Recommendations
Microsoft Azure Security Center gives you advise to make your Security Score higher and you can improve immediately.
Open Subnet without NSG.
From here you can Enable a Network Security Group (NSG) on the Subnet and make your network more secure.
Creating NSG from Azure Security Center.
A subnet with NSG.
Azure Security Center Advise on Disk Encryption
Description on Applying Disk Encryption on your Virtual Machines
General Information, with Impact and Implementation Cost.
Threats, what can happen when you don’t implement the security.
Security is a on-going process 24 hours -365 days to monitor, analyze, and prevent security issues. Working on Compliancy for your Business and making your own Security policies is important. Microsoft Azure Security Center can support you in this journey. When you Optimize your Azure workloads or make new solutions in Azure, keep it secure with Microsoft Azure Security Center.
Security and compliance–basic elements of the trusted cloud–are top priorities for organizations today. This paper is designed to help customers ensure that their data is handled in a manner that meets their data protection, regulatory, and sovereignty requirements on the global cloud architecture of Microsoft Azure. Transparency and control are also essential to establishing and maintaining trust in cloud technology. Microsoft recognizes that restricted and regulated industries require additional details for their risk management and to ensure compliance at all times. Microsoft provides an industry-leading security and compliance portfolio. Security is built into the Azure platform, beginning with the development process, which is conducted in accordance with the Security Development Lifecycle (SDL), and includes technologies, controls and tools that address data management and governance, Active Directory identity and access controls, network and infrastructure security technologies and tools, threat protection, and encryption to protect data in transit and at rest. Microsoft also provides customers with choices to select and limit the types and locations of data storage on Azure. With the innovation of the security and compliance frameworks, customers in regulated industries can successfully run mission-critical workloads in the cloud and leverage all the advantages of the Microsoft hyperscale cloud. This simple approach can assist customers in meeting the data protection requirements of government regulations or company policies by helping them to:
Understand data protection obligations.
Understand the services and controls that Azure provides to help its customers meet those obligations.
Understand the evidence that customers need to assert compliance.
The paper is structured into these three sections, with each diving deeper into the security and technologies that help Microsoft customers to meet data protection requirements. The final section discusses specific requirements to which industries and organizations in selected European markets are subject.
Azure Monitor for VMs monitors your Azure virtual machines (VM) and virtual machine scale sets at scale. The service analyzes the performance and health of your Windows and Linux VMs, monitoring their processes and their dependencies on other resources and external processes.
As a solution, Azure Monitor for VMs includes support for monitoring performance and application dependencies for VMs that are hosted on-premises or in another cloud provider. Three key features deliver in-depth insight:
Logical components of Azure VMs that run Windows and Linux: Are measured against pre-configured health criteria, and they alert you when the evaluated condition is met.
Pre-defined, trending performance charts: Display core performance metrics from the guest VM operating system.
Dependency map: Displays the interconnected components with the VM from various resource groups and subscriptions.
The features are organized into three perspectives:
Health
Performance
Map
Here we have a look at Azure Monitor Service map of my local machine :
Here in the Event you see two Configuration Changes.
What is awesome to see, when you double click on the link marked with a arrow, then It will start log analytics with the right query to see what those changes are 🙂
You see some Changes in Windows Services and Updates on my local Machine
Communications of the local machine on-premisses
Workbooks combine text, Analytics queries, Azure Metrics, and parameters into rich interactive reports. Workbooks are editable by any other team members who have access to the same Azure resources.
First of all Thank you for following me and Sharing Microsoft Cloud and Datacenter Management content on Social Media 🙂 Sharing & Learning Together is Better.
Welcome 577 New Followers on Twitter of the 5904 Followers 🙂
More then 2.807.000 Tweet impressions in One year !
Started with Friday is MVPbuzz Day for Education to get Azure Cloud in the Classroom, working together with Teachers and Students in my Free time.
Working with Microsoft Learn in Teams for the Students.
Meetings and Speaking for Education, all about Azure and AzureStack Technologies.
Conferences, like the Global MVP Summit 2018, DevOps Amsterdam, Community Group meetings.
Microsoft Ignite, Microsoft Build, Microsoft Connect events.
Almost every week Microsoft Product Group Intervention (PGI) sessions Online.
Sharing the News every Day via Twitter, Facebook, LinkedIn, Microsoft Tech Community, Blog
But what is coming in 2019 ?
Rocking with Azure in the Classroom !
I will continue every day sharing knowledge with the Community and continue my Free work on MVPbuzz Friday for Education to get Azure Cloud Technology in the Classroom for Teachers and Students.
The trend I see for 2019 is more Infrastructure and Security by Code with Microsoft Azure DevOps
and of course you have to be in Control with Microsoft Azure Monitor
I will write a blogpost in January 2019 about Microsoft Azure Hub-Spoke model by Enterprise Design 4 of 4: Optimize your Azure Workload.
More Items in 2019 to come :
Microsoft Azure Security Center for Hybrid IT
Windows Server 2019 in combination with Azure Cloud Services.
More on Containers in the Cloud
Azure Stack and ASDK
Integration with Azure Cloud.
API Management
Azure DevOps Pipelines and Collabration
Azure IoT for Smart Cities and Buildings combined with AI Technology
2019 will be a Great year again with New Microsoft Technologies and Features for your business.
Azure DevOps Services is a cloud service for collaborating on code development. It provides an integrated set of features that you access through your web browser or IDE client. The features are included, as follows:
Git repositories for source control of your code
Build and release services to support continuous integration and delivery of your apps
Agile tools to support planning and tracking your work, code defects, and issues using Kanban and Scrum methods
Many tools to test your apps, including manual/exploratory testing, load testing, and continuous testing
Highly customizable dashboards for sharing progress and trends
Built-in wiki for sharing information with your team
The Azure DevOps ecosystem also provides support for adding extensions and integrating with other popular services, such as: Campfire, Slack, Trello, UserVoice, and more, and developing your own custom extensions.
