From 72a00bbf00f3b4214f6f99724e55e24daf1c25d6 Mon Sep 17 00:00:00 2001 From: Aria Amini Date: Tue, 4 Feb 2025 12:41:37 -0500 Subject: [PATCH 01/13] Style changes AKS --- .../aks/learn/quick-kubernetes-deploy-cli.md | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/scenarios/azure-aks-docs/articles/aks/learn/quick-kubernetes-deploy-cli.md b/scenarios/azure-aks-docs/articles/aks/learn/quick-kubernetes-deploy-cli.md index fc8a881a8..ee711145c 100644 --- a/scenarios/azure-aks-docs/articles/aks/learn/quick-kubernetes-deploy-cli.md +++ b/scenarios/azure-aks-docs/articles/aks/learn/quick-kubernetes-deploy-cli.md @@ -82,15 +82,10 @@ az aks create \ To manage a Kubernetes cluster, use the Kubernetes command-line client, [kubectl][kubectl]. `kubectl` is already installed if you use Azure Cloud Shell. To install `kubectl` locally, use the [`az aks install-cli`][az-aks-install-cli] command. -1. Configure `kubectl` to connect to your Kubernetes cluster using the [az aks get-credentials][az-aks-get-credentials] command. This command downloads credentials and configures the Kubernetes CLI to use them. +1. Configure `kubectl` to connect to your Kubernetes cluster using the [az aks get-credentials][az-aks-get-credentials] command. This command downloads credentials and configures the Kubernetes CLI to use them. Then verify the connection to your cluster using the [kubectl get][kubectl-get] command. This command returns a list of the cluster nodes. ```azurecli-interactive az aks get-credentials --resource-group $MY_RESOURCE_GROUP_NAME --name $MY_AKS_CLUSTER_NAME - ``` - -1. Verify the connection to your cluster using the [kubectl get][kubectl-get] command. This command returns a list of the cluster nodes. - - ```azurecli-interactive kubectl get nodes ``` @@ -349,11 +344,9 @@ To deploy the application, you use a manifest file to create all the objects req kubectl apply -f aks-store-quickstart.yaml ``` -## Test the application - -You can validate that the application is running by visiting the public IP address or the application URL. +## Wait for cluster to startup -Get the application URL using the following commands: +Wait until the cluster is ready ```azurecli-interactive runtime="5 minutes" @@ -373,6 +366,12 @@ do done ``` +## Test the application + +You can validate that the application is running by visiting the public IP address or the application URL. + +Get the application URL using the following commands: + ```azurecli-interactive curl $IP_ADDRESS ``` From 38551367b39f5b576c762611a28b4c77b5214b8f Mon Sep 17 00:00:00 2001 From: Aria Amini Date: Tue, 4 Feb 2025 12:46:31 -0500 Subject: [PATCH 02/13] Fix styles for LEMP --- .../virtual-machines/linux/tutorial-lemp-stack.md | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/scenarios/azure-compute-docs/articles/virtual-machines/linux/tutorial-lemp-stack.md b/scenarios/azure-compute-docs/articles/virtual-machines/linux/tutorial-lemp-stack.md index f97cf388f..101666de0 100644 --- a/scenarios/azure-compute-docs/articles/virtual-machines/linux/tutorial-lemp-stack.md +++ b/scenarios/azure-compute-docs/articles/virtual-machines/linux/tutorial-lemp-stack.md @@ -813,11 +813,4 @@ Results: Azure hosted blog -``` -<<<<<<< HEAD:scenarios/azure-compute-docs/articles/virtual-machines/linux/tutorial-lemp-stack.md - -```bash -echo "You can now visit your web server at https://$FQDN" -``` -======= ->>>>>>> 28682995688e6031a0b0ef49f4418bd0aaa12bc0:scenarios/azure-docs/articles/virtual-machines/linux/tutorial-lemp-stack.md +``` \ No newline at end of file From 85a1872a732bf4ee286a9754df6e3529271863da Mon Sep 17 00:00:00 2001 From: Aria Amini Date: Tue, 4 Feb 2025 12:51:36 -0500 Subject: [PATCH 03/13] Fix style for AKS Web app --- scenarios/CreateAKSWebApp/create-aks-webapp.md | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/scenarios/CreateAKSWebApp/create-aks-webapp.md b/scenarios/CreateAKSWebApp/create-aks-webapp.md index 38988e16c..f3527485f 100644 --- a/scenarios/CreateAKSWebApp/create-aks-webapp.md +++ b/scenarios/CreateAKSWebApp/create-aks-webapp.md @@ -486,18 +486,18 @@ Cert-manager provides Helm charts as a first-class method of installation on Kub ```bash helm repo add jetstack https://charts.jetstack.io + helm repo update + helm install cert-manager jetstack/cert-manager --namespace cert-manager --version v1.7.0 ``` 2. Update local Helm Chart repository cache ```bash - helm repo update ``` 3. Install Cert-Manager addon via helm by running the following: ```bash - helm install cert-manager jetstack/cert-manager --namespace cert-manager --version v1.7.0 ``` 4. Apply Certificate Issuer YAML File @@ -538,9 +538,6 @@ Cert-manager provides Helm charts as a first-class method of installation on Kub nodeSelector: "kubernetes.io/os": linux EOF - ``` - - ```bash cluster_issuer_variables=$( Date: Tue, 4 Feb 2025 13:19:52 -0500 Subject: [PATCH 04/13] Style fixes perf --- .../obtain-performance-metrics-linux-system.md | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/scenarios/ObtainPerformanceMetricsLinuxSustem/obtain-performance-metrics-linux-system.md b/scenarios/ObtainPerformanceMetricsLinuxSustem/obtain-performance-metrics-linux-system.md index 55cf55bee..7e8499928 100644 --- a/scenarios/ObtainPerformanceMetricsLinuxSustem/obtain-performance-metrics-linux-system.md +++ b/scenarios/ObtainPerformanceMetricsLinuxSustem/obtain-performance-metrics-linux-system.md @@ -573,7 +573,7 @@ The metrics collected are: * Look for single processes with high read/write rates per second. This information is a guidance for processes with I/O more than identifying issues. Note: the `--human` option can be used to display numbers in human readable format (that is, `Kb`, `Mb`, `GB`). -### `ps` +### Top CPU processes Lastly `ps` command displays system processes, and can be either sorted by CPU or Memory. @@ -599,6 +599,7 @@ root 2186 42.0 0.0 73524 5836 pts/1 R+ 16:55 0:06 stress-ng --c root 2191 41.2 0.0 73524 5592 pts/1 R+ 16:55 0:06 stress-ng --cpu 12 --vm 2 --vm-bytes 120% --iomix 4 --timeout 240 ``` +## Top memory processes To sort by `MEM%` and obtain the top 10 processes: ```azurecli-interactive @@ -634,13 +635,4 @@ echo "$extracted" To run, you can create a file with the above contents, add execute permissions by running `chmod +x gather.sh`, and run with `sudo ./gather.sh`. -This script saves the output of the commands in a file located in the same directory where the script was invoked. - -Additionally, all the commands in the bash block codes covered in this document, can be run through `az-cli` using the run-command extension, and parsing the output through `jq` to obtain a similar output to running the commands locally: ` - -```azurecli-interactive -output=$(az vm run-command invoke -g $MY_RESOURCE_GROUP_NAME --name $MY_VM_NAME --command-id RunShellScript --scripts "ls -l /dev/disk/azure") -value=$(echo "$output" | jq -r '.value[0].message') -extracted=$(echo "$value" | awk '/\[stdout\]/,/\[stderr\]/' | sed '/\[stdout\]/d' | sed '/\[stderr\]/d') -echo "$extracted" -``` \ No newline at end of file +This script saves the output of the commands in a file located in the same directory where the script was invoked. \ No newline at end of file From 63132546351a5d9ccadf4bbd3ac57de0868b8767 Mon Sep 17 00:00:00 2001 From: Aria Amini Date: Tue, 4 Feb 2025 13:22:14 -0500 Subject: [PATCH 05/13] Fix python style --- .../ConfigurePythonContainer/configure-python-container.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/scenarios/ConfigurePythonContainer/configure-python-container.md b/scenarios/ConfigurePythonContainer/configure-python-container.md index ff8bcde1e..4ef412bc2 100644 --- a/scenarios/ConfigurePythonContainer/configure-python-container.md +++ b/scenarios/ConfigurePythonContainer/configure-python-container.md @@ -99,7 +99,7 @@ Results: } ``` -## Step 2: Show the current Python version +## Show the current Python version The following command retrieves the Python runtime version currently used by your Azure App Service. @@ -115,7 +115,7 @@ Results: "PYTHON|3.10" ``` -## Step 3: Set the desired Python version +## Set the desired Python version Update your Azure App Service instance to use a specific Python version. Replace the desired Python version (e.g., "PYTHON|3.11") as needed. @@ -124,6 +124,7 @@ export DESIRED_PYTHON_VERSION="PYTHON|3.11" az webapp config set --resource-group $RESOURCE_GROUP --name $APP_NAME --linux-fx-version $DESIRED_PYTHON_VERSION ``` +## Verify Version Verify the updated Python version: ```bash @@ -138,7 +139,7 @@ Results: "PYTHON|3.11" ``` -## Step 4: List all supported Python runtime versions +## List all supported Python runtime versions Use the following command to view all Python versions supported by Azure App Service on Linux. From 85c1e227ea562bc29b7049ddf205271b681af383 Mon Sep 17 00:00:00 2001 From: Aria Amini Date: Tue, 4 Feb 2025 14:12:53 -0500 Subject: [PATCH 06/13] Fix --- scenarios/PostgresRAGLLM/app.py | 45 -------- scenarios/PostgresRAGLLM/chat.py | 35 +++--- scenarios/PostgresRAGLLM/postgres-rag-llm.md | 101 ++---------------- scenarios/PostgresRAGLLM/requirements.txt | 3 +- scenarios/PostgresRAGLLM/templates/index.html | 13 --- 5 files changed, 19 insertions(+), 178 deletions(-) delete mode 100644 scenarios/PostgresRAGLLM/app.py delete mode 100644 scenarios/PostgresRAGLLM/templates/index.html diff --git a/scenarios/PostgresRAGLLM/app.py b/scenarios/PostgresRAGLLM/app.py deleted file mode 100644 index 87415512c..000000000 --- a/scenarios/PostgresRAGLLM/app.py +++ /dev/null @@ -1,45 +0,0 @@ -from flask import Flask, request, render_template, make_response -import subprocess -import os -import logging - -app = Flask(__name__) - -# Configure logging -logging.basicConfig(level=logging.DEBUG) - -@app.after_request -def add_header(response): - response.headers['Content-Type'] = 'text/html' - return response - -@app.route('/', methods=['GET']) -def home(): - logging.debug("Rendering home page") - return render_template("index.html") - -@app.route('/ask', methods=['POST']) -def ask(): - question = request.form['question'] - logging.debug(f"Received question: {question}") - result = subprocess.run([ - 'python3', 'chat.py', - '--api-key', os.getenv('API_KEY'), - '--endpoint', os.getenv('ENDPOINT'), - '--pguser', os.getenv('PGUSER'), - '--pghost', os.getenv('PGHOST'), - '--pgpassword', os.getenv('PGPASSWORD'), - '--pgdatabase', os.getenv('PGDATABASE'), - '--question', question - ], capture_output=True, text=True) - logging.debug(f"Subprocess result: {result}") - if result.returncode != 0: - logging.error(f"Subprocess error: {result.stderr}") - response_text = f"Error: {result.stderr}" - else: - response_text = result.stdout - logging.debug(f"Response: {response_text}") - return render_template('index.html', response=response_text) - -if __name__ == '__main__': - app.run(host='0.0.0.0', port=8000, debug=True) \ No newline at end of file diff --git a/scenarios/PostgresRAGLLM/chat.py b/scenarios/PostgresRAGLLM/chat.py index 8d3ad6cec..0b2cbaaa4 100644 --- a/scenarios/PostgresRAGLLM/chat.py +++ b/scenarios/PostgresRAGLLM/chat.py @@ -8,7 +8,7 @@ from db import VectorDatabase # Configure logging -logging.basicConfig(level=logging.DEBUG) +logging.basicConfig(level=logging.INFO) parser = argparse.ArgumentParser() parser.add_argument('--api-key', dest='api_key', type=str) @@ -18,13 +18,11 @@ parser.add_argument('--pgpassword', dest='pgpassword', type=str) parser.add_argument('--pgdatabase', dest='pgdatabase', type=str) parser.add_argument('--populate', dest='populate', action="store_true") -parser.add_argument('--question', dest='question', type=str, help="Question to ask the chatbot") args = parser.parse_args() class ChatBot: def __init__(self): - logging.debug("Initializing ChatBot") self.db = VectorDatabase(pguser=args.pguser, pghost=args.phhost, pgpassword=args.pgpassword, pgdatabase=args.pgdatabase) self.api = AzureOpenAI( azure_endpoint=args.endpoint, @@ -39,7 +37,7 @@ def __init__(self): ) def load_file(self, text_file: str): - logging.debug(f"Loading file: {text_file}") + logging.info(f"Loading file: {text_file}") with open(text_file, encoding="UTF-8") as f: data = f.read() chunks = self.text_splitter.create_documents([data]) @@ -47,13 +45,9 @@ def load_file(self, text_file: str): text = chunk.page_content embedding = self.__create_embedding(text) self.db.save_embedding(i, text, embedding) - - def __create_embedding(self, text: str): - logging.debug(f"Creating embedding for text: {text[:30]}...") - return self.api.embeddings.create(model="text-embedding-ada-002", input=text).data[0].embedding + logging.info("Done loading data.") def get_answer(self, question: str): - logging.debug(f"Getting answer for question: {question}") question_embedding = self.__create_embedding(question) context = self.db.search_documents(question_embedding) @@ -80,26 +74,21 @@ def get_answer(self, question: str): ) return response.choices[0].message.content + def __create_embedding(self, text: str): + return self.api.embeddings.create(model="text-embedding-ada-002", input=text).data[0].embedding + def main(): chat_bot = ChatBot() if args.populate: - logging.debug("Loading embedding data into database...") chat_bot.load_file("knowledge.txt") - logging.debug("Done loading data.") - return - - if args.question: - logging.debug(f"Question provided: {args.question}") - print(chat_bot.get_answer(args.question)) - return - - while True: - q = input("Ask a question (q to exit): ") - if q == "q": - break - print(chat_bot.get_answer(q)) + else: + while True: + q = input("Ask a question (q to exit): ") + if q == "q": + break + print(chat_bot.get_answer(q)) if __name__ == "__main__": diff --git a/scenarios/PostgresRAGLLM/postgres-rag-llm.md b/scenarios/PostgresRAGLLM/postgres-rag-llm.md index 3c7c748e5..faf359a2b 100644 --- a/scenarios/PostgresRAGLLM/postgres-rag-llm.md +++ b/scenarios/PostgresRAGLLM/postgres-rag-llm.md @@ -136,101 +136,12 @@ pip install -r requirements.txt python chat.py --populate --api-key $API_KEY --endpoint $ENDPOINT --pguser $PGUSER --phhost $PGHOST --pgpassword $PGPASSWORD --pgdatabase $PGDATABASE ``` -## Set up Web Interface +## Run Chat bot -Create a simple web interface for the chatbot using Flask. - -1. **Install Flask** - - ```bash - pip install Flask - ``` - -2. **Create `app.py`** - - Create a file named `app.py` in the `scenarios/PostgresRagLlmDemo` directory with the following content: - - ```python - from flask import Flask, request, render_template - import subprocess - import os - - app = Flask(__name__) - - @app.route('/', methods=['GET']) - def home(): - return render_template('index.html', response='') - - @app.route('/ask', methods=['POST']) - def ask(): - question = request.form['question'] - result = subprocess.run([ - 'python', 'chat.py', - '--api-key', os.getenv('API_KEY'), - '--endpoint', os.getenv('ENDPOINT'), - '--pguser', os.getenv('PGUSER'), - '--phhost', os.getenv('PGHOST'), - '--pgpassword', os.getenv('PGPASSWORD'), - '--pgdatabase', os.getenv('PGDATABASE'), - '--question', question - ], capture_output=True, text=True) - response = result.stdout - return render_template('index.html', response=response) - - if __name__ == '__main__': - app.run(host='0.0.0.0', port=5000) - ``` - -3. **Create `index.html`** - - Create a `templates` directory inside `scenarios/PostgresRagLlmDemo` and add an `index.html` file with the following content: - - ```html - - - - Chatbot Interface - - -

Ask about Zytonium

-
- - -
- 
{{ response }}
- - - ``` - -4. **Run the Web Server** - - Ensure that all environment variables are exported and then run the Flask application: - - ```bash - export API_KEY="$API_KEY" - export ENDPOINT="$ENDPOINT" - export PGUSER="$PGUSER" - export PGHOST="$PGHOST" - export PGPASSWORD="$PGPASSWORD" - export PGDATABASE="$PGDATABASE" - - python app.py - ``` - - The web interface will be accessible at `http://localhost:5000`. You can ask questions about Zytonium through the browser. - -## Next Steps - -- Explore more features of [Azure Cognitive Search](https://learn.microsoft.com/azure/search/search-what-is-azure-search). -- Learn how to [use Azure OpenAI with your data](https://learn.microsoft.com/azure/cognitive-services/openai/use-your-data). - +echo " +To run the chatbot, see the last step for more info. +" +``` \ No newline at end of file diff --git a/scenarios/PostgresRAGLLM/requirements.txt b/scenarios/PostgresRAGLLM/requirements.txt index 0ac38a4f6..c640a75ec 100644 --- a/scenarios/PostgresRAGLLM/requirements.txt +++ b/scenarios/PostgresRAGLLM/requirements.txt @@ -1,5 +1,4 @@ azure-identity==1.17.1 openai==1.55.3 psycopg2==2.9.9 -langchain-text-splitters==0.2.2 -Flask==2.3.2 \ No newline at end of file +langchain-text-splitters==0.2.2 \ No newline at end of file diff --git a/scenarios/PostgresRAGLLM/templates/index.html b/scenarios/PostgresRAGLLM/templates/index.html deleted file mode 100644 index c3870772f..000000000 --- a/scenarios/PostgresRAGLLM/templates/index.html +++ /dev/null @@ -1,13 +0,0 @@ - - - Chatbot Interface - - -

Ask about Zytonium

-
- - -
- 
{{ response }}
- - \ No newline at end of file From 1f70b2e8067d1360ec8129bab8b4b8bd101099df Mon Sep 17 00:00:00 2001 From: Aria Amini Date: Tue, 4 Feb 2025 14:19:32 -0500 Subject: [PATCH 07/13] Fix Linux container style --- .../azure-linux/quickstart-azure-cli.md | 595 +++++++++--------- 1 file changed, 290 insertions(+), 305 deletions(-) diff --git a/scenarios/azure-management-docs/articles/azure-linux/quickstart-azure-cli.md b/scenarios/azure-management-docs/articles/azure-linux/quickstart-azure-cli.md index 67a40130e..39db87e1a 100644 --- a/scenarios/azure-management-docs/articles/azure-linux/quickstart-azure-cli.md +++ b/scenarios/azure-management-docs/articles/azure-linux/quickstart-azure-cli.md @@ -78,334 +78,313 @@ To manage a Kubernetes cluster, use the Kubernetes command-line client, `kubectl ```azurecli-interactive az aks get-credentials --resource-group $MY_RESOURCE_GROUP_NAME --name $MY_AZ_CLUSTER_NAME - ``` - -1. Verify the connection to your cluster using the `kubectl get` command. This command returns a list of the cluster nodes. - - ```bash kubectl get nodes ``` ## Deploy the application To deploy the application, you use a manifest file to create all the objects required to run the [AKS Store application](https://github.com/Azure-Samples/aks-store-demo). A Kubernetes manifest file defines a cluster's desired state, such as which container images to run. The manifest includes the following Kubernetes deployments and services: - -:::image type="content" source="media/aks-store-architecture.png" alt-text="Screenshot of Azure Store sample architecture." lightbox="media/aks-store-architecture.png"::: - - **Store front**: Web application for customers to view products and place orders. - **Product service**: Shows product information. - **Order service**: Places orders. - **Rabbit MQ**: Message queue for an order queue. - -> [!NOTE] -> We don't recommend running stateful containers, such as Rabbit MQ, without persistent storage for production. These are used here for simplicity, but we recommend using managed services, such as Azure CosmosDB or Azure Service Bus. - -1. Create a file named `aks-store-quickstart.yaml` and copy in the following manifest: - - ```bash - cat < aks-store-quickstart.yaml - apiVersion: apps/v1 - kind: StatefulSet - metadata: - name: rabbitmq - spec: - serviceName: rabbitmq - replicas: 1 - selector: - matchLabels: - app: rabbitmq - template: - metadata: - labels: - app: rabbitmq - spec: - nodeSelector: - "kubernetes.io/os": linux - containers: - - name: rabbitmq - image: mcr.microsoft.com/mirror/docker/library/rabbitmq:3.10-management-alpine - ports: - - containerPort: 5672 - name: rabbitmq-amqp - - containerPort: 15672 - name: rabbitmq-http - env: - - name: RABBITMQ_DEFAULT_USER - value: "username" - - name: RABBITMQ_DEFAULT_PASS - value: "password" - resources: - requests: - cpu: 10m - memory: 128Mi - limits: - cpu: 250m - memory: 256Mi - volumeMounts: - - name: rabbitmq-enabled-plugins - mountPath: /etc/rabbitmq/enabled_plugins - subPath: enabled_plugins - volumes: - - name: rabbitmq-enabled-plugins - configMap: - name: rabbitmq-enabled-plugins - items: - - key: rabbitmq_enabled_plugins - path: enabled_plugins - --- - apiVersion: v1 - data: - rabbitmq_enabled_plugins: | - [rabbitmq_management,rabbitmq_prometheus,rabbitmq_amqp1_0]. - kind: ConfigMap - metadata: - name: rabbitmq-enabled-plugins - --- - apiVersion: v1 - kind: Service +NOTE: We don't recommend running stateful containers, such as Rabbit MQ, without persistent storage for production. These are used here for simplicity, but we recommend using managed services, such as Azure CosmosDB or Azure Service Bus. + +```bash +cat < aks-store-quickstart.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: rabbitmq +spec: + serviceName: rabbitmq + replicas: 1 + selector: + matchLabels: + app: rabbitmq + template: metadata: - name: rabbitmq - spec: - selector: + labels: app: rabbitmq - ports: - - name: rabbitmq-amqp - port: 5672 - targetPort: 5672 - - name: rabbitmq-http - port: 15672 - targetPort: 15672 - type: ClusterIP - --- - apiVersion: apps/v1 - kind: Deployment - metadata: - name: order-service spec: - replicas: 1 - selector: - matchLabels: - app: order-service - template: - metadata: - labels: - app: order-service - spec: - nodeSelector: - "kubernetes.io/os": linux - containers: - - name: order-service - image: ghcr.io/azure-samples/aks-store-demo/order-service:latest - ports: - - containerPort: 3000 - env: - - name: ORDER_QUEUE_HOSTNAME - value: "rabbitmq" - - name: ORDER_QUEUE_PORT - value: "5672" - - name: ORDER_QUEUE_USERNAME - value: "username" - - name: ORDER_QUEUE_PASSWORD - value: "password" - - name: ORDER_QUEUE_NAME - value: "orders" - - name: FASTIFY_ADDRESS - value: "0.0.0.0" - resources: - requests: - cpu: 1m - memory: 50Mi - limits: - cpu: 75m - memory: 128Mi - startupProbe: - httpGet: - path: /health - port: 3000 - failureThreshold: 5 - initialDelaySeconds: 20 - periodSeconds: 10 - readinessProbe: - httpGet: - path: /health - port: 3000 - failureThreshold: 3 - initialDelaySeconds: 3 - periodSeconds: 5 - livenessProbe: - httpGet: - path: /health - port: 3000 - failureThreshold: 5 - initialDelaySeconds: 3 - periodSeconds: 3 - initContainers: - - name: wait-for-rabbitmq - image: busybox - command: ['sh', '-c', 'until nc -zv rabbitmq 5672; do echo waiting for rabbitmq; sleep 2; done;'] - resources: - requests: - cpu: 1m - memory: 50Mi - limits: - cpu: 75m - memory: 128Mi - --- - apiVersion: v1 - kind: Service + nodeSelector: + "kubernetes.io/os": linux + containers: + - name: rabbitmq + image: mcr.microsoft.com/mirror/docker/library/rabbitmq:3.10-management-alpine + ports: + - containerPort: 5672 + name: rabbitmq-amqp + - containerPort: 15672 + name: rabbitmq-http + env: + - name: RABBITMQ_DEFAULT_USER + value: "username" + - name: RABBITMQ_DEFAULT_PASS + value: "password" + resources: + requests: + cpu: 10m + memory: 128Mi + limits: + cpu: 250m + memory: 256Mi + volumeMounts: + - name: rabbitmq-enabled-plugins + mountPath: /etc/rabbitmq/enabled_plugins + subPath: enabled_plugins + volumes: + - name: rabbitmq-enabled-plugins + configMap: + name: rabbitmq-enabled-plugins + items: + - key: rabbitmq_enabled_plugins + path: enabled_plugins +--- +apiVersion: v1 +data: + rabbitmq_enabled_plugins: | + [rabbitmq_management,rabbitmq_prometheus,rabbitmq_amqp1_0]. +kind: ConfigMap +metadata: + name: rabbitmq-enabled-plugins +--- +apiVersion: v1 +kind: Service +metadata: + name: rabbitmq +spec: + selector: + app: rabbitmq + ports: + - name: rabbitmq-amqp + port: 5672 + targetPort: 5672 + - name: rabbitmq-http + port: 15672 + targetPort: 15672 + type: ClusterIP +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: order-service +spec: + replicas: 1 + selector: + matchLabels: + app: order-service + template: metadata: - name: order-service - spec: - type: ClusterIP - ports: - - name: http - port: 3000 - targetPort: 3000 - selector: + labels: app: order-service - --- - apiVersion: apps/v1 - kind: Deployment - metadata: - name: product-service spec: - replicas: 1 - selector: - matchLabels: - app: product-service - template: - metadata: - labels: - app: product-service - spec: - nodeSelector: - "kubernetes.io/os": linux - containers: - - name: product-service - image: ghcr.io/azure-samples/aks-store-demo/product-service:latest - ports: - - containerPort: 3002 - env: - - name: AI_SERVICE_URL - value: "http://ai-service:5001/" - resources: - requests: - cpu: 1m - memory: 1Mi - limits: - cpu: 2m - memory: 20Mi - readinessProbe: - httpGet: - path: /health - port: 3002 - failureThreshold: 3 - initialDelaySeconds: 3 - periodSeconds: 5 - livenessProbe: - httpGet: - path: /health - port: 3002 - failureThreshold: 5 - initialDelaySeconds: 3 - periodSeconds: 3 - --- - apiVersion: v1 - kind: Service + nodeSelector: + "kubernetes.io/os": linux + containers: + - name: order-service + image: ghcr.io/azure-samples/aks-store-demo/order-service:latest + ports: + - containerPort: 3000 + env: + - name: ORDER_QUEUE_HOSTNAME + value: "rabbitmq" + - name: ORDER_QUEUE_PORT + value: "5672" + - name: ORDER_QUEUE_USERNAME + value: "username" + - name: ORDER_QUEUE_PASSWORD + value: "password" + - name: ORDER_QUEUE_NAME + value: "orders" + - name: FASTIFY_ADDRESS + value: "0.0.0.0" + resources: + requests: + cpu: 1m + memory: 50Mi + limits: + cpu: 75m + memory: 128Mi + startupProbe: + httpGet: + path: /health + port: 3000 + failureThreshold: 5 + initialDelaySeconds: 20 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /health + port: 3000 + failureThreshold: 3 + initialDelaySeconds: 3 + periodSeconds: 5 + livenessProbe: + httpGet: + path: /health + port: 3000 + failureThreshold: 5 + initialDelaySeconds: 3 + periodSeconds: 3 + initContainers: + - name: wait-for-rabbitmq + image: busybox + command: ['sh', '-c', 'until nc -zv rabbitmq 5672; do echo waiting for rabbitmq; sleep 2; done;'] + resources: + requests: + cpu: 1m + memory: 50Mi + limits: + cpu: 75m + memory: 128Mi +--- +apiVersion: v1 +kind: Service +metadata: + name: order-service +spec: + type: ClusterIP + ports: + - name: http + port: 3000 + targetPort: 3000 + selector: + app: order-service +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: product-service +spec: + replicas: 1 + selector: + matchLabels: + app: product-service + template: metadata: - name: product-service - spec: - type: ClusterIP - ports: - - name: http - port: 3002 - targetPort: 3002 - selector: + labels: app: product-service - --- - apiVersion: apps/v1 - kind: Deployment - metadata: - name: store-front spec: - replicas: 1 - selector: - matchLabels: - app: store-front - template: - metadata: - labels: - app: store-front - spec: - nodeSelector: - "kubernetes.io/os": linux - containers: - - name: store-front - image: ghcr.io/azure-samples/aks-store-demo/store-front:latest - ports: - - containerPort: 8080 - name: store-front - env: - - name: VUE_APP_ORDER_SERVICE_URL - value: "http://order-service:3000/" - - name: VUE_APP_PRODUCT_SERVICE_URL - value: "http://product-service:3002/" - resources: - requests: - cpu: 1m - memory: 200Mi - limits: - cpu: 1000m - memory: 512Mi - startupProbe: - httpGet: - path: /health - port: 8080 - failureThreshold: 3 - initialDelaySeconds: 5 - periodSeconds: 5 - readinessProbe: - httpGet: - path: /health - port: 8080 - failureThreshold: 3 - initialDelaySeconds: 3 - periodSeconds: 3 - livenessProbe: - httpGet: - path: /health - port: 8080 - failureThreshold: 5 - initialDelaySeconds: 3 - periodSeconds: 3 - --- - apiVersion: v1 - kind: Service + nodeSelector: + "kubernetes.io/os": linux + containers: + - name: product-service + image: ghcr.io/azure-samples/aks-store-demo/product-service:latest + ports: + - containerPort: 3002 + env: + - name: AI_SERVICE_URL + value: "http://ai-service:5001/" + resources: + requests: + cpu: 1m + memory: 1Mi + limits: + cpu: 2m + memory: 20Mi + readinessProbe: + httpGet: + path: /health + port: 3002 + failureThreshold: 3 + initialDelaySeconds: 3 + periodSeconds: 5 + livenessProbe: + httpGet: + path: /health + port: 3002 + failureThreshold: 5 + initialDelaySeconds: 3 + periodSeconds: 3 +--- +apiVersion: v1 +kind: Service +metadata: + name: product-service +spec: + type: ClusterIP + ports: + - name: http + port: 3002 + targetPort: 3002 + selector: + app: product-service +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: store-front +spec: + replicas: 1 + selector: + matchLabels: + app: store-front + template: metadata: - name: store-front - spec: - ports: - - port: 80 - targetPort: 8080 - selector: + labels: app: store-front - type: LoadBalancer - EOF - ``` - - If you create and save the YAML file locally, then you can upload the manifest file to your default directory in CloudShell by selecting the **Upload/Download files** button and selecting the file from your local file system. - -1. Deploy the application using the [`kubectl apply`][kubectl-apply] command and specify the name of your YAML manifest. - - ```bash - kubectl apply -f aks-store-quickstart.yaml - ``` - -## Test the application + spec: + nodeSelector: + "kubernetes.io/os": linux + containers: + - name: store-front + image: ghcr.io/azure-samples/aks-store-demo/store-front:latest + ports: + - containerPort: 8080 + name: store-front + env: + - name: VUE_APP_ORDER_SERVICE_URL + value: "http://order-service:3000/" + - name: VUE_APP_PRODUCT_SERVICE_URL + value: "http://product-service:3002/" + resources: + requests: + cpu: 1m + memory: 200Mi + limits: + cpu: 1000m + memory: 512Mi + startupProbe: + httpGet: + path: /health + port: 8080 + failureThreshold: 3 + initialDelaySeconds: 5 + periodSeconds: 5 + readinessProbe: + httpGet: + path: /health + port: 8080 + failureThreshold: 3 + initialDelaySeconds: 3 + periodSeconds: 3 + livenessProbe: + httpGet: + path: /health + port: 8080 + failureThreshold: 5 + initialDelaySeconds: 3 + periodSeconds: 3 +--- +apiVersion: v1 +kind: Service +metadata: + name: store-front +spec: + ports: + - port: 80 + targetPort: 8080 + selector: + app: store-front + type: LoadBalancer +EOF +kubectl apply -f aks-store-quickstart.yaml +``` -You can validate that the application is running by visiting the public IP address or the application URL. +## Wait for cluster to startup -Get the application URL using the following commands: +Wait for cluster to finish spinning up ```azurecli-interactive runtime="5 minutes" @@ -429,6 +408,12 @@ do done ``` +## Test the application + +You can validate that the application is running by visiting the public IP address or the application URL. + +Get the application URL using the following commands: + ```azurecli-interactive curl "http://$IP_ADDRESS" ``` From 62ed18a594fa2d944aff829def17438c2b74f983 Mon Sep 17 00:00:00 2001 From: Aria Amini Date: Tue, 4 Feb 2025 14:29:32 -0500 Subject: [PATCH 08/13] Clean style for accelerated networking --- ...-virtual-machine-accelerated-networking.md | 610 +++++------------- 1 file changed, 150 insertions(+), 460 deletions(-) diff --git a/scenarios/azure-docs/articles/virtual-network/create-virtual-machine-accelerated-networking.md b/scenarios/azure-docs/articles/virtual-network/create-virtual-machine-accelerated-networking.md index 39a6a9cb9..f6fe71b1d 100644 --- a/scenarios/azure-docs/articles/virtual-network/create-virtual-machine-accelerated-networking.md +++ b/scenarios/azure-docs/articles/virtual-network/create-virtual-machine-accelerated-networking.md @@ -13,295 +13,190 @@ ms.custom: fasttrack-edit, devx-track-azurecli, linux-related-content, innovatio This article describes how to create a Linux or Windows virtual machine (VM) with Accelerated Networking (AccelNet) enabled by using the Azure CLI command-line interface. -## Prerequisites +## Configure AZ CLI extensions -### [Portal](#tab/portal) - -- An Azure account with an active subscription. You can [create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F). - -### [PowerShell](#tab/powershell) - -- An Azure account with an active subscription. You can [create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F). - -[!INCLUDE [cloud-shell-try-it.md](~/reusable-content/ce-skilling/azure/includes/cloud-shell-try-it.md)] - -If you choose to install and use PowerShell locally, this article requires the Azure PowerShell module version 1.0.0 or later. Run `Get-Module -ListAvailable Az` to find the installed version. If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-azure-powershell). If you're running PowerShell locally, you also need to run `Connect-AzAccount` to create a connection with Azure. - -### [CLI](#tab/cli) - -[!INCLUDE [quickstarts-free-trial-note](~/reusable-content/ce-skilling/azure/includes/quickstarts-free-trial-note.md)] - -[!INCLUDE [azure-cli-prepare-your-environment-no-header.md](~/reusable-content/azure-cli/azure-cli-prepare-your-environment-no-header.md)] - -- This article requires version 2.0.28 or later of the Azure CLI. If using Azure Cloud Shell, the latest version is already installed. - ---- - -## Create a virtual network - -### [Portal](#tab/portal) - -[!INCLUDE [virtual-network-create-with-bastion.md](~/reusable-content/ce-skilling/azure/includes/virtual-network-create-with-bastion.md)] - -### [PowerShell](#tab/powershell) - -Before creating a virtual network, you have to create a resource group for the virtual network, and all other resources created in this article. Create a resource group with [New-AzResourceGroup](/powershell/module/az.resources/new-azresourcegroup). The following example creates a resource group named **test-rg** in the **eastus** location. - -```azurepowershell -$resourceGroup = @{ - Name = "test-rg" - Location = "EastUS2" -} -New-AzResourceGroup @resourceGroup -``` - -Create a virtual network with [New-AzVirtualNetwork](/powershell/module/az.network/new-azvirtualnetwork). The following example creates a virtual network named **vnet-1** with the address prefix **10.0.0.0/16**. - -```azurepowershell -$vnet1 = @{ - ResourceGroupName = "test-rg" - Location = "EastUS2" - Name = "vnet-1" - AddressPrefix = "10.0.0.0/16" -} -$virtualNetwork1 = New-AzVirtualNetwork @vnet1 -``` - -Create a subnet configuration with [Add-AzVirtualNetworkSubnetConfig](/powershell/module/az.network/add-azvirtualnetworksubnetconfig). The following example creates a subnet configuration with a **10.0.0.0/24** address prefix: +First, configure your Azure CLI settings to allow preview extensions: -```azurepowershell -$subConfig = @{ - Name = "subnet-1" - AddressPrefix = "10.0.0.0/24" - VirtualNetwork = $virtualNetwork1 -} -$subnetConfig1 = Add-AzVirtualNetworkSubnetConfig @subConfig +```bash +az config set extension.dynamic_install_allow_preview=true ``` -Create a subnet configuration for Azure Bastion with [Add-AzVirtualNetworkSubnetConfig](/powershell/module/az.network/add-azvirtualnetworksubnetconfig). The following example creates a subnet configuration with a **10.0.1.0/24** address prefix: +## Create Resource Group -```azurepowershell -$subBConfig = @{ - Name = "AzureBastionSubnet" - AddressPrefix = "10.0.1.0/24" - VirtualNetwork = $virtualNetwork1 -} -$subnetConfig2 = Add-AzVirtualNetworkSubnetConfig @subBConfig -``` +Use [az group create](/cli/azure/group#az-group-create) to create a resource group that contains the resources. Be sure to select a supported Windows or Linux region as listed in [Windows and Linux Accelerated Networking](https://azure.microsoft.com/updates/accelerated-networking-in-expanded-preview). -Write the subnet configuration to the virtual network with [Set-AzVirtualNetwork](/powershell/module/az.network/Set-azVirtualNetwork), which creates the subnet: +```bash +export RANDOM_SUFFIX=$(openssl rand -hex 3) +export RESOURCE_GROUP_NAME="test-rg$RANDOM_SUFFIX" +export REGION="eastus2" -```azurepowershell -$virtualNetwork1 | Set-AzVirtualNetwork +az group create \ + --name $RESOURCE_GROUP_NAME \ + --location $REGION ``` -### Create Azure Bastion - -Create a public IP address for the Azure Bastion host with [New-AzPublicIpAddress](/powershell/module/az.network/new-azpublicipaddress). The following example creates a public IP address named *public-ip-bastion* in the *vnet-1* virtual network. - -```azurepowershell -$publicIpParams = @{ - ResourceGroupName = "test-rg" - Name = "public-ip-bastion" - Location = "EastUS2" - AllocationMethod = "Static" - Sku = "Standard" -} -New-AzPublicIpAddress @publicIpParams -``` +Results: -Create an Azure Bastion host with [New-AzBastion](/powershell/module/az.network/new-azbastion). The following example creates an Azure Bastion host named *bastion* in the *AzureBastionSubnet* subnet of the *vnet-1* virtual network. Azure Bastion is used to securely connect Azure virtual machines without exposing them to the public internet. + -```azurepowershell -$bastionParams = @{ - ResourceGroupName = "test-rg" - Name = "bastion" - VirtualNetworkName = "vnet-1" - PublicIpAddressName = "public-ip-bastion" - PublicIpAddressRgName = "test-rg" - VirtualNetworkRgName = "test-rg" +```json +{ + "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/test-rg69e367", + "location": "eastus2", + "managedBy": null, + "name": "test-rg69e367", + "properties": { + "provisioningState": "Succeeded" + }, + "tags": null, + "type": "Microsoft.Resources/resourceGroups" } -New-AzBastion @bastionParams -AsJob ``` + +## Create VNET -### [CLI](#tab/cli) - -First, configure your Azure CLI settings to allow preview extensions: +Use [az network vnet create](/cli/azure/network/vnet#az-network-vnet-create) to create a virtual network with one subnet in the resource group: ```bash -az config set extension.dynamic_install_allow_preview=true +export RESOURCE_GROUP_NAME="test-rg$RANDOM_SUFFIX" +export VNET_NAME="vnet-1$RANDOM_SUFFIX" +export SUBNET_NAME="subnet-1$RANDOM_SUFFIX" +export VNET_ADDRESS_PREFIX="10.0.0.0/16" +export SUBNET_ADDRESS_PREFIX="10.0.0.0/24" + +az network vnet create \ + --resource-group $RESOURCE_GROUP_NAME \ + --name $VNET_NAME \ + --address-prefix $VNET_ADDRESS_PREFIX \ + --subnet-name $SUBNET_NAME \ + --subnet-prefix $SUBNET_ADDRESS_PREFIX ``` -1. Use [az group create](/cli/azure/group#az-group-create) to create a resource group that contains the resources. Be sure to select a supported Windows or Linux region as listed in [Windows and Linux Accelerated Networking](https://azure.microsoft.com/updates/accelerated-networking-in-expanded-preview). - - ```bash - export RANDOM_SUFFIX=$(openssl rand -hex 3) - export RESOURCE_GROUP_NAME="test-rg$RANDOM_SUFFIX" - export REGION="eastus2" - - az group create \ - --name $RESOURCE_GROUP_NAME \ - --location $REGION - ``` - - Results: - - - - ```json - { - "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/test-rg69e367", - "location": "eastus2", - "managedBy": null, - "name": "test-rg69e367", - "properties": { - "provisioningState": "Succeeded" - }, - "tags": null, - "type": "Microsoft.Resources/resourceGroups" - } - ``` - -1. Use [az network vnet create](/cli/azure/network/vnet#az-network-vnet-create) to create a virtual network with one subnet in the resource group: - - ```bash - export RESOURCE_GROUP_NAME="test-rg$RANDOM_SUFFIX" - export VNET_NAME="vnet-1$RANDOM_SUFFIX" - export SUBNET_NAME="subnet-1$RANDOM_SUFFIX" - export VNET_ADDRESS_PREFIX="10.0.0.0/16" - export SUBNET_ADDRESS_PREFIX="10.0.0.0/24" - - az network vnet create \ - --resource-group $RESOURCE_GROUP_NAME \ - --name $VNET_NAME \ - --address-prefix $VNET_ADDRESS_PREFIX \ - --subnet-name $SUBNET_NAME \ - --subnet-prefix $SUBNET_ADDRESS_PREFIX - ``` +Results: - Results: - - + - ```json - { - "newVNet": { - "addressSpace": { - "addressPrefixes": [ - "10.0.0.0/16" - ] - }, - "enableDdosProtection": false, +```json +{ + "newVNet": { + "addressSpace": { + "addressPrefixes": [ + "10.0.0.0/16" + ] + }, + "enableDdosProtection": false, + "etag": "W/\"300c6da1-ee4a-47ee-af6e-662d3a0230a1\"", + "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/test-rg69e367/providers/Microsoft.Network/virtualNetworks/vnet-169e367", + "location": "eastus2", + "name": "vnet-169e367", + "provisioningState": "Succeeded", + "resourceGroup": "test-rg69e367", + "resourceGuid": "3d64254d-70d4-47e3-a129-473d70ea2ab8", + "subnets": [ + { + "addressPrefix": "10.0.0.0/24", + "delegations": [], "etag": "W/\"300c6da1-ee4a-47ee-af6e-662d3a0230a1\"", - "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/test-rg69e367/providers/Microsoft.Network/virtualNetworks/vnet-169e367", - "location": "eastus2", - "name": "vnet-169e367", + "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/test-rg69e367/providers/Microsoft.Network/virtualNetworks/vnet-169e367/subnets/subnet-169e367", + "name": "subnet-169e367", + "privateEndpointNetworkPolicies": "Disabled", + "privateLinkServiceNetworkPolicies": "Enabled", "provisioningState": "Succeeded", "resourceGroup": "test-rg69e367", - "resourceGuid": "3d64254d-70d4-47e3-a129-473d70ea2ab8", - "subnets": [ - { - "addressPrefix": "10.0.0.0/24", - "delegations": [], - "etag": "W/\"300c6da1-ee4a-47ee-af6e-662d3a0230a1\"", - "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/test-rg69e367/providers/Microsoft.Network/virtualNetworks/vnet-169e367/subnets/subnet-169e367", - "name": "subnet-169e367", - "privateEndpointNetworkPolicies": "Disabled", - "privateLinkServiceNetworkPolicies": "Enabled", - "provisioningState": "Succeeded", - "resourceGroup": "test-rg69e367", - "type": "Microsoft.Network/virtualNetworks/subnets" - } - ], - "type": "Microsoft.Network/virtualNetworks", - "virtualNetworkPeerings": [] + "type": "Microsoft.Network/virtualNetworks/subnets" } - } - ``` + ], + "type": "Microsoft.Network/virtualNetworks", + "virtualNetworkPeerings": [] + } +} +``` -1. Create the Bastion subnet with [az network vnet subnet create](/cli/azure/network/vnet/subnet). +## Create Bastion Subnet - ```bash - export RESOURCE_GROUP_NAME="test-rg$RANDOM_SUFFIX" - export VNET_NAME="vnet-1$RANDOM_SUFFIX" - export SUBNET_NAME="AzureBastionSubnet" - export SUBNET_ADDRESS_PREFIX="10.0.1.0/24" +Create the Bastion subnet with [az network vnet subnet create](/cli/azure/network/vnet/subnet). - az network vnet subnet create \ - --vnet-name $VNET_NAME \ - --resource-group $RESOURCE_GROUP_NAME \ - --name AzureBastionSubnet \ - --address-prefix $SUBNET_ADDRESS_PREFIX - ``` - - Results: - - +```bash +export RESOURCE_GROUP_NAME="test-rg$RANDOM_SUFFIX" +export VNET_NAME="vnet-1$RANDOM_SUFFIX" +export SUBNET_NAME="AzureBastionSubnet" +export SUBNET_ADDRESS_PREFIX="10.0.1.0/24" + +az network vnet subnet create \ + --vnet-name $VNET_NAME \ + --resource-group $RESOURCE_GROUP_NAME \ + --name AzureBastionSubnet \ + --address-prefix $SUBNET_ADDRESS_PREFIX +``` - ```json - { - "addressPrefix": "10.0.1.0/24", - "delegations": [], - "etag": "W/\"a2863964-0276-453f-a104-b37391e8088b\"", - "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/test-rg69e367/providers/Microsoft.Network/virtualNetworks/vnet-169e367/subnets/AzureBastionSubnet", - "name": "AzureBastionSubnet", - "privateEndpointNetworkPolicies": "Disabled", - "privateLinkServiceNetworkPolicies": "Enabled", - "provisioningState": "Succeeded", - "resourceGroup": "test-rg69e367", - "type": "Microsoft.Network/virtualNetworks/subnets" - } - ``` +Results: + + + +```json +{ + "addressPrefix": "10.0.1.0/24", + "delegations": [], + "etag": "W/\"a2863964-0276-453f-a104-b37391e8088b\"", + "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/test-rg69e367/providers/Microsoft.Network/virtualNetworks/vnet-169e367/subnets/AzureBastionSubnet", + "name": "AzureBastionSubnet", + "privateEndpointNetworkPolicies": "Disabled", + "privateLinkServiceNetworkPolicies": "Enabled", + "provisioningState": "Succeeded", + "resourceGroup": "test-rg69e367", + "type": "Microsoft.Network/virtualNetworks/subnets" +} +``` ### Create Azure Bastion 1. Create a public IP address for the Azure Bastion host with [az network public-ip create](/cli/azure/network/public-ip). - ```bash - export RESOURCE_GROUP_NAME="test-rg$RANDOM_SUFFIX" - export PUBLIC_IP_NAME="public-ip-bastion$RANDOM_SUFFIX" - export REGION="eastus2" - export ALLOCATION_METHOD="Static" - export SKU="Standard" +```bash +export RESOURCE_GROUP_NAME="test-rg$RANDOM_SUFFIX" +export PUBLIC_IP_NAME="public-ip-bastion$RANDOM_SUFFIX" +export REGION="eastus2" +export ALLOCATION_METHOD="Static" +export SKU="Standard" + +az network public-ip create \ + --resource-group $RESOURCE_GROUP_NAME \ + --name $PUBLIC_IP_NAME \ + --location $REGION \ + --allocation-method $ALLOCATION_METHOD \ + --sku $SKU +``` - az network public-ip create \ - --resource-group $RESOURCE_GROUP_NAME \ - --name $PUBLIC_IP_NAME \ - --location $REGION \ - --allocation-method $ALLOCATION_METHOD \ - --sku $SKU - ``` - - Results: - - +Results: - ```json - { - "publicIp": { - "ddosSettings": { - "protectionMode": "VirtualNetworkInherited" - }, - "etag": "W/\"efa750bf-63f9-4c02-9ace-a747fc405d0f\"", - "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/test-rg69e367/providers/Microsoft.Network/publicIPAddresses/public-ip-bastion69e367", - "idleTimeoutInMinutes": 4, - "ipAddress": "203.0.113.173", - "ipTags": [], - "location": "eastus2", - "name": "public-ip-bastion69e367", - "provisioningState": "Succeeded", - "publicIPAddressVersion": "IPv4", - "publicIPAllocationMethod": "Static", - "resourceGroup": "test-rg69e367", - "resourceGuid": "fc809493-80c8-482c-9f5a-9d6442472a99", - "sku": { - "name": "Standard", - "tier": "Regional" - }, - "type": "Microsoft.Network/publicIPAddresses" - } - } - ``` + + +```json +{ + "publicIp": { + "ddosSettings": { + "protectionMode": "VirtualNetworkInherited" + }, + "etag": "W/\"efa750bf-63f9-4c02-9ace-a747fc405d0f\"", + "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/test-rg69e367/providers/Microsoft.Network/publicIPAddresses/public-ip-bastion69e367", + "idleTimeoutInMinutes": 4, + "ipAddress": "203.0.113.173", + "ipTags": [], + "location": "eastus2", + "name": "public-ip-bastion69e367", + "provisioningState": "Succeeded", + "publicIPAddressVersion": "IPv4", + "publicIPAllocationMethod": "Static", + "resourceGroup": "test-rg69e367", + "resourceGuid": "fc809493-80c8-482c-9f5a-9d6442472a99", + "sku": { + "name": "Standard", + "tier": "Regional" + }, + "type": "Microsoft.Network/publicIPAddresses" + } +} +``` 1. Create an Azure Bastion host with [az network bastion create](/cli/azure/network/bastion). Azure Bastion is used to securely connect Azure virtual machines without exposing them to the public internet. @@ -371,33 +266,6 @@ az config set extension.dynamic_install_allow_preview=true ## Create a network interface with Accelerated Networking -### [Portal](#tab/portal) - -Accelerated networking is enabled in the portal during virtual machine creation. Create a virtual machine in the following section. - -### [PowerShell](#tab/powershell) - -Use [New-AzNetworkInterface](/powershell/module/az.Network/New-azNetworkInterface) to create a network interface (NIC) with Accelerated Networking enabled, and assign the public IP address to the NIC. - -```azurepowershell -$vnetParams = @{ - ResourceGroupName = "test-rg" - Name = "vnet-1" - } -$vnet = Get-AzVirtualNetwork @vnetParams - -$nicParams = @{ - ResourceGroupName = "test-rg" - Name = "nic-1" - Location = "eastus2" - SubnetId = $vnet.Subnets[0].Id - EnableAcceleratedNetworking = $true - } -$nic = New-AzNetworkInterface @nicParams -``` - -### [CLI](#tab/cli) - 1. Use [az network nic create](/cli/azure/network/nic#az-network-nic-create) to create a network interface (NIC) with Accelerated Networking enabled. The following example creates a NIC in the subnet of the virtual network. ```bash @@ -469,86 +337,7 @@ $nic = New-AzNetworkInterface @nicParams ## Create a VM and attach the NIC -### [Portal](#tab/portal) - -[!INCLUDE [create-test-virtual-machine-linux.md](~/reusable-content/ce-skilling/azure/includes/create-test-virtual-machine-linux.md)] - -### [PowerShell](#tab/powershell) - -Use [Get-Credential](/powershell/module/microsoft.powershell.security/get-credential) to set a user name and password for the VM and store them in the `$cred` variable. - -```azurepowershell -$cred = Get-Credential -``` - -> [!NOTE] -> A username is required for the VM. The password is optional and won't be used if set. SSH key configuration is recommended for Linux VMs. - -Use [New-AzVMConfig](/powershell/module/az.compute/new-azvmconfig) to define a VM with a VM size that supports accelerated networking, as listed in [Windows Accelerated Networking](https://azure.microsoft.com/updates/accelerated-networking-in-expanded-preview). For a list of all Windows VM sizes and characteristics, see [Windows VM sizes](/azure/virtual-machines/sizes). - -```azurepowershell -$vmConfigParams = @{ - VMName = "vm-1" - VMSize = "Standard_DS4_v2" - } -$vmConfig = New-AzVMConfig @vmConfigParams -``` - -Use [Set-AzVMOperatingSystem](/powershell/module/az.compute/set-azvmoperatingsystem) and [Set-AzVMSourceImage](/powershell/module/az.compute/set-azvmsourceimage) to create the rest of the VM configuration. The following example creates an Ubuntu Server virtual machine: - -```azurepowershell -$osParams = @{ - VM = $vmConfig - ComputerName = "vm-1" - Credential = $cred - } -$vmConfig = Set-AzVMOperatingSystem @osParams -Linux -DisablePasswordAuthentication - -$imageParams = @{ - VM = $vmConfig - PublisherName = "Canonical" - Offer = "ubuntu-24_04-lts" - Skus = "server" - Version = "latest" - } -$vmConfig = Set-AzVMSourceImage @imageParams -``` - -Use [Add-AzVMNetworkInterface](/powershell/module/az.compute/add-azvmnetworkinterface) to attach the NIC that you previously created to the VM. - -```azurepowershell -# Get the network interface object -$nicParams = @{ - ResourceGroupName = "test-rg" - Name = "nic-1" - } -$nic = Get-AzNetworkInterface @nicParams - -$vmConfigParams = @{ - VM = $vmConfig - Id = $nic.Id - } -$vmConfig = Add-AzVMNetworkInterface @vmConfigParams -``` - -Use [New-AzVM](/powershell/module/az.compute/new-azvm) to create the VM with Accelerated Networking enabled. The command will generate SSH keys for the virtual machine for login. Make note of the location of the private key. The private key is needed in later steps for connecting to the virtual machine with Azure Bastion. - -```azurepowershell -$vmParams = @{ - VM = $vmConfig - ResourceGroupName = "test-rg" - Location = "eastus2" - SshKeyName = "ssh-key" - } -New-AzVM @vmParams -GenerateSshKey -``` - -### [CLI](#tab/cli) - -Use [az vm create](/cli/azure/vm#az-vm-create) to create the VM, and use the `--nics` option to attach the NIC you created. Ensure you select a VM size and distribution listed in [Windows and Linux Accelerated Networking](https://azure.microsoft.com/updates/accelerated-networking-in-expanded-preview). For a list of all VM sizes and characteristics, see [Sizes for virtual machines in Azure](/azure/virtual-machines/sizes). - - -The following example creates a VM with a size that supports Accelerated Networking, Standard_DS4_v2. The command will generate SSH keys for the virtual machine for login. Make note of the location of the private key. The private key is needed in later steps for connecting to the virtual machine with Azure Bastion. +Use [az vm create](/cli/azure/vm#az-vm-create) to create the VM, and use the `--nics` option to attach the NIC you created. Ensure you select a VM size and distribution listed in [Windows and Linux Accelerated Networking](https://azure.microsoft.com/updates/accelerated-networking-in-expanded-preview). For a list of all VM sizes and characteristics, see [Sizes for virtual machines in Azure](/azure/virtual-machines/sizes). The following example creates a VM with a size that supports Accelerated Networking, Standard_DS4_v2. The command will generate SSH keys for the virtual machine for login. Make note of the location of the private key. The private key is needed in later steps for connecting to the virtual machine with Azure Bastion. ```bash export RESOURCE_GROUP_NAME="test-rg$RANDOM_SUFFIX" @@ -568,9 +357,6 @@ az vm create \ --nics $NIC_NAME ``` -> [!NOTE] -> To create a Windows VM, replace `--image Ubuntu2204` with `--image Win2019Datacenter`. - Results: @@ -589,102 +375,6 @@ Results: } ``` ---- - -## Confirm that accelerated networking is enabled - -### Linux - -1. In the [Azure portal](https://portal.azure.com), search for and select *virtual machines*. - -1. On the **Virtual machines** page, select your new VM. - -1. On the VM's **Overview** page, select **Connect** then **Connect via Bastion**. - -1. In the Bastion connection screen, change **Authentication Type** to **SSH Private Key from Local File**. - -1. Enter the **Username** that you used when creating the virtual machine. In this example, the user is named **azureuser**, replace with the username you created. - -1. In **Local File**, select the folder icon and browse to the private key file that was generated when you created the VM. The private key file is typically named `id_rsa` or `id_rsa.pem`. - -1. Select **Connect**. - -1. A new browser window opens with the Bastion connection to your VM. - -1. From a shell on the remote VM, enter `uname -r` and confirm that the kernel version is one of the following versions, or greater: - - - **Ubuntu 16.04**: 4.11.0-1013. - - **SLES SP3**: 4.4.92-6.18. - - **RHEL**: 3.10.0-693, 2.6.32-573. RHEL 6.7-6.10 are supported if the Mellanox VF version 4.5+ is installed before Linux Integration Services 4.3+. - - > [!NOTE] - > Other kernel versions might be supported. For an updated list, see the compatibility tables for each distribution at [Supported Linux and FreeBSD virtual machines for Hyper-V](/windows-server/virtualization/hyper-v/supported-linux-and-freebsd-virtual-machines-for-hyper-v-on-windows), and confirm that SR-IOV is supported. You can find more details in the release notes for [Linux Integration Services for Hyper-V and Azure](https://www.microsoft.com/download/details.aspx?id=55106). * - -1. Use the `lspci` command to confirm that the Mellanox VF device is exposed to the VM. The returned output should be similar to the following example: - - ```output - 0000:00:00.0 Host bridge: Intel Corporation 440BX/ZX/DX - 82443BX/ZX/DX Host bridge (AGP disabled) (rev 03) - 0000:00:07.0 ISA bridge: Intel Corporation 82371AB/EB/MB PIIX4 ISA (rev 01) - 0000:00:07.1 IDE interface: Intel Corporation 82371AB/EB/MB PIIX4 IDE (rev 01) - 0000:00:07.3 Bridge: Intel Corporation 82371AB/EB/MB PIIX4 ACPI (rev 02) - 0000:00:08.0 VGA compatible controller: Microsoft Corporation Hyper-V virtual VGA - 0001:00:02.0 Ethernet controller: Mellanox Technologies MT27500/MT27520 Family [ConnectX-3/ConnectX-3 Pro Virtual Function] - ``` - -1. Use the `ethtool -S eth0 | grep vf_` command to check for activity on the virtual function (VF). If accelerated networking is enabled and active, you receive output similar to the following example: - - ```output - vf_rx_packets: 992956 - vf_rx_bytes: 2749784180 - vf_tx_packets: 2656684 - vf_tx_bytes: 1099443970 - vf_tx_dropped: 0 - ``` - -1. Close the Bastion connection to the VM. - -### Windows - -Once you create the VM in Azure, connect to the VM and confirm that the Ethernet controller is installed in Windows. - -1. In the [Azure portal](https://portal.azure.com), search for and select *virtual machines*. - -1. On the **Virtual machines** page, select your new VM. - -1. On the VM's **Overview** page, select **Connect** then **Connect via Bastion**. - -1. Enter the credentials you used when you created the VM, and then select **Connect**. - -1. A new browser window opens with the Bastion connection to your VM. - -1. On the remote VM, right-click **Start** and select **Device Manager**. - -1. In the **Device Manager** window, expand the **Network adapters** node. - -1. Confirm that the **Mellanox ConnectX-4 Lx Virtual Ethernet Adapter** appears, as shown in the following image: - - ![Mellanox ConnectX-3 Virtual Function Ethernet Adapter, new network adapter for accelerated networking, Device Manager](./media/create-vm-accelerated-networking/device-manager.png) - - The presence of the adapter confirms that Accelerated Networking is enabled for your VM. - -1. Verify the packets are flowing over the VF interface from the output of the following command: - ```powershell - PS C:\ > Get-NetAdapter | Where-Object InterfaceDescription –like "*Mellanox*Virtual*" | Get-NetAdapterStatistics - - Name ReceivedBytes ReceivedUnicastPackets SentBytes SentUnicastPackets - ---- ------------- ---------------------- --------- ------------------ - Ethernet 2 492447549 347643 7468446 34991 - - ``` - - > [!NOTE] - > If the Mellanox adapter fails to start, open an administrator command prompt on the remote VM and enter the following command: - > - > `netsh int tcp set global rss = enabled` - - -1. Close the Bastion connection to the VM. - ## Next steps - [How Accelerated Networking works in Linux and FreeBSD VMs](./accelerated-networking-how-it-works.md) From 834ade0660a3e6c47d639596d175e83ed2e85169 Mon Sep 17 00:00:00 2001 From: Aria Amini Date: Tue, 4 Feb 2025 14:58:35 -0500 Subject: [PATCH 09/13] Fix wordpress style --- .../tutorial-deploy-wordpress-on-aks.md | 131 +++++++----------- 1 file changed, 49 insertions(+), 82 deletions(-) diff --git a/scenarios/azure-databases-docs/articles/mysql/flexible-server/tutorial-deploy-wordpress-on-aks.md b/scenarios/azure-databases-docs/articles/mysql/flexible-server/tutorial-deploy-wordpress-on-aks.md index 9d90402b3..7abe980b7 100644 --- a/scenarios/azure-databases-docs/articles/mysql/flexible-server/tutorial-deploy-wordpress-on-aks.md +++ b/scenarios/azure-databases-docs/articles/mysql/flexible-server/tutorial-deploy-wordpress-on-aks.md @@ -121,14 +121,10 @@ Results: Azure Database for MySQL flexible server is a managed service that you can use to run, manage, and scale highly available MySQL servers in the cloud. Create an Azure Database for MySQL flexible server instance with the [az mysql flexible-server create](/cli/azure/mysql/flexible-server) command. A server can contain multiple databases. The following command creates a server using service defaults and variable values from your Azure CLI's local context: -```bash -export MY_MYSQL_ADMIN_USERNAME="dbadmin$RANDOM_ID" -export MY_WP_ADMIN_PW="$(openssl rand -base64 32)" -``` - ```bash export MY_DNS_LABEL="mydnslabel$RANDOM_ID" export MY_MYSQL_DB_NAME="mydb$RANDOM_ID" +export MY_MYSQL_ADMIN_USERNAME="dbadmin$RANDOM_ID" export MY_MYSQL_ADMIN_PW="$(openssl rand -base64 32)" export MY_MYSQL_SN_NAME="myMySQLSN$RANDOM_ID" az mysql flexible-server create \ @@ -266,22 +262,22 @@ To manage a Kubernetes cluster, use [kubectl](https://kubernetes.io/docs/referen if ! [ -x "$(command -v kubectl)" ]; then az aks install-cli; fi ``` -Next, configure `kubectl` to connect to your Kubernetes cluster using the [az aks get-credentials](/cli/azure/aks#az-aks-get-credentials) command. This command downloads credentials and configures the Kubernetes CLI to use them. The command uses `~/.kube/config`, the default location for the [Kubernetes configuration file](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/). You can specify a different location for your Kubernetes configuration file using the **--file** argument. +## Load credentials -> [!WARNING] -> This command will overwrite any existing credentials with the same entry. +Next, configure `kubectl` to connect to your Kubernetes cluster using the [az aks get-credentials](/cli/azure/aks#az-aks-get-credentials) command. This command downloads credentials and configures the Kubernetes CLI to use them. The command uses `~/.kube/config`, the default location for the [Kubernetes configuration file](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/). You can specify a different location for your Kubernetes configuration file using the **--file** argument. ```bash az aks get-credentials --resource-group $MY_RESOURCE_GROUP_NAME --name $MY_AKS_CLUSTER_NAME --overwrite-existing ``` +## Verify Connection To verify the connection to your cluster, use the [kubectl get]( https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#get) command to return a list of the cluster nodes. ```bash kubectl get nodes ``` -## Install NGINX ingress controller +## Setup FQDN You can configure your ingress controller with a static public IP address. The static public IP address remains if you delete your ingress controller. The IP address doesn't remain if you delete your AKS cluster. When you upgrade your ingress controller, you must pass a parameter to the Helm release to ensure the ingress controller service is made aware of the load balancer that will be allocated to it. For the HTTPS certificates to work correctly, use a DNS label to configure a fully qualified domain name (FQDN) for the ingress controller IP address. Your FQDN should follow this form: $MY_DNS_LABEL.AZURE_REGION_NAME.cloudapp.azure.com. @@ -291,6 +287,8 @@ export MY_PUBLIC_IP_NAME="myPublicIP$RANDOM_ID" export MY_STATIC_IP=$(az network public-ip create --resource-group MC_${MY_RESOURCE_GROUP_NAME}_${MY_AKS_CLUSTER_NAME}_${REGION} --location ${REGION} --name ${MY_PUBLIC_IP_NAME} --dns-name ${MY_DNS_LABEL} --sku Standard --allocation-method static --version IPv4 --zone 1 2 3 --query publicIp.ipAddress -o tsv) ``` +## Install NGINX ingress controller + Next, you add the ingress-nginx Helm repository, update the local Helm Chart repository cache, and install ingress-nginx addon via Helm. You can set the DNS label with the **--set controller.service.annotations."service\.beta\.kubernetes\.io/azure-dns-label-name"=""** parameter either when you first deploy the ingress controller or later. In this example, you specify your own public IP address that you created in the previous step with the **--set controller.service.loadBalancerIP="" parameter**. ```bash @@ -312,60 +310,37 @@ At this point in the tutorial, you have an AKS web app with NGINX as the ingress ### Set Up Cert Manager To add HTTPS, we're going to use Cert Manager. Cert Manager is an open source tool for obtaining and managing SSL certificates for Kubernetes deployments. Cert Manager obtains certificates from popular public issuers and private issuers, ensures the certificates are valid and up-to-date, and attempts to renew certificates at a configured time before they expire. - 1. In order to install cert-manager, we must first create a namespace to run it in. This tutorial installs cert-manager into the cert-manager namespace. You can run cert-manager in a different namespace, but you must make modifications to the deployment manifests. - - ```bash - kubectl create namespace cert-manager - ``` - 2. We can now install cert-manager. All resources are included in a single YAML manifest file. Install the manifest file with the following command: - - ```bash - kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.7.0/cert-manager.crds.yaml - ``` - 3. Add the `certmanager.k8s.io/disable-validation: "true"` label to the cert-manager namespace by running the following. This allows the system resources that cert-manager requires to bootstrap TLS to be created in its own namespace. - ```bash - kubectl label namespace cert-manager certmanager.k8s.io/disable-validation=true - ``` +```bash +kubectl create namespace cert-manager +kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.7.0/cert-manager.crds.yaml +kubectl label namespace cert-manager certmanager.k8s.io/disable-validation=true +``` ## Obtain certificate via Helm Charts Helm is a Kubernetes deployment tool for automating the creation, packaging, configuration, and deployment of applications and services to Kubernetes clusters. - Cert-manager provides Helm charts as a first-class method of installation on Kubernetes. - 1. Add the Jetstack Helm repository. This repository is the only supported source of cert-manager charts. There are other mirrors and copies across the internet, but those are unofficial and could present a security risk. - - ```bash - helm repo add jetstack https://charts.jetstack.io - ``` - 2. Update local Helm Chart repository cache. - - ```bash - helm repo update - ``` - 3. Install Cert-Manager addon via Helm. - - ```bash - helm upgrade --install --cleanup-on-fail --atomic \ - --namespace cert-manager \ - --version v1.7.0 \ - --wait --timeout 10m0s \ - cert-manager jetstack/cert-manager - ``` - 4. Apply the certificate issuer YAML file. ClusterIssuers are Kubernetes resources that represent certificate authorities (CAs) that can generate signed certificates by honoring certificate signing requests. All cert-manager certificates require a referenced issuer that is in a ready condition to attempt to honor the request. You can find the issuer we're in the `cluster-issuer-prod.yml file`. - ```bash - export SSL_EMAIL_ADDRESS="$(az account show --query user.name --output tsv)" - cluster_issuer_variables=$( @@ -455,10 +423,7 @@ To access your WordPress site from outside the cluster follow the steps below: ## Browse your AKS deployment secured via HTTPS -Run the following command to get the HTTPS endpoint for your application: - -> [!NOTE] -> It often takes 2-3 minutes for the SSL certificate to propagate and about 5 minutes to have all WordPress POD replicas ready and the site to be fully reachable via https. +Wait for the cluster to setup. It often takes 2-3 minutes for the SSL certificate to propagate and about 5 minutes to have all WordPress POD replicas ready and the site to be fully reachable via https. ```bash runtime="5 minute" @@ -474,6 +439,7 @@ while [[ $(date -u +%s) -le $endtime ]]; do done ``` +## Verify Site works Check that WordPress content is delivered correctly using the following command: ```bash @@ -500,6 +466,7 @@ Results: } ``` +## Visit Application Visit the website through the following URL: ```bash From 23449efed0af4becea86a201e7d5306ad8a42ef4 Mon Sep 17 00:00:00 2001 From: Aria Amini Date: Tue, 4 Feb 2025 15:44:34 -0500 Subject: [PATCH 10/13] Fix identity doc --- ...load-identity-migrate-from-pod-identity.md | 284 +++++------------- 1 file changed, 83 insertions(+), 201 deletions(-) diff --git a/scenarios/azure-aks-docs/articles/aks/workload-identity-migrate-from-pod-identity.md b/scenarios/azure-aks-docs/articles/aks/workload-identity-migrate-from-pod-identity.md index 6ba1d4082..43c5fd88e 100644 --- a/scenarios/azure-aks-docs/articles/aks/workload-identity-migrate-from-pod-identity.md +++ b/scenarios/azure-aks-docs/articles/aks/workload-identity-migrate-from-pod-identity.md @@ -11,208 +11,115 @@ ms.author: nickoman # Migrate from pod managed-identity to workload identity -This article focuses on migrating from a pod-managed identity to Microsoft Entra Workload ID for your Azure Kubernetes Service (AKS) cluster. It also provides guidance depending on the version of the [Azure Identity][azure-identity-supported-versions] client library used by your container-based application. +## Create resource group +Set your subscription to be the current active subscription using the `az account set` command. Then, create a random suffix to ensure unique resource names. -If you aren't familiar with Microsoft Entra Workload ID, see the [Overview][workload-identity-overview] article. - -## Before you begin - -Ensure you have the Azure CLI version 2.47.0 or later installed. Run the `az --version` command to find the version - -If you need to install or upgrade, see [Install Azure CLI][install-azure-cli]. - -## Migration scenarios - -This section explains the migration options available depending on what version of the Azure Identity SDK is installed. - -For either scenario, you need to have the federated trust set up before you update your application to use the workload identity. The following are the minimum steps required: - -- Create a managed identity credential. -- Associate the managed identity with the Kubernetes service account already used for the pod-managed identity or create a new Kubernetes service account and then associate it with the managed identity. -- Establish a federated trust relationship between the managed identity and Microsoft Entra ID. - -### Migrate from latest version - -If your application is already using the latest version of the Azure Identity SDK, perform the following steps to complete the authentication configuration: - -- Deploy workload identity in parallel with pod-managed identity. You can restart your application deployment to begin using the workload identity, where it injects the OIDC annotations into the application automatically. -- After verifying the application is able to authenticate successfully, you can remove the pod-managed identity annotations from your application and then remove the pod-managed identity add-on. - -### Migrate from older version - -If your application isn't using the latest version of the Azure Identity SDK, you have two options: - -- Use a migration sidecar that we provide within your Linux applications, which proxies the IMDS transactions your application makes over to [OpenID Connect][openid-connect-overview] (OIDC). The migration sidecar isn't intended to be a long-term solution, but a way to get up and running quickly on workload identity. Perform the following steps: - - - Deploy the workload with migration sidecar to proxy the application IMDS transactions. - - Verify the authentication transactions are completing successfully. - - Schedule the work for the applications to update their SDKs to a supported version. - - Once the SDKs are updated to the supported version, you can remove the proxy sidecar and redeploy the application. - - > [!NOTE] - > The migration sidecar is **not supported for production use**. This feature is meant to give you time to migrate your application SDKs to a supported version, and not meant or intended to be a long-term solution. - > The migration sidecar is only available for Linux containers, due to only providing pod-managed identities with Linux node pools. - -- Rewrite your application to support the latest version of the [Azure Identity][azure-identity-supported-versions] client library. Afterwards, perform the following steps: - - - Restart your application deployment to begin authenticating using the workload identity. - - Once you verify the authentication transactions are completing successfully, you can remove the pod-managed identity annotations from your application and then remove the pod-managed identity add-on. - -## Create a managed identity - -If you don't have a managed identity created and assigned to your pod, perform the following steps to create and grant the necessary permissions to storage, Key Vault, or whatever resources your application needs to authenticate with in Azure. - -1. Set your subscription to be the current active subscription using the `az account set` command. Then, create a random suffix to ensure unique resource names. - - ```bash - export RANDOM_SUFFIX=$(openssl rand -hex 3) - ``` - -3. Create a resource group. - - ```bash - export RESOURCE_GROUP_NAME="myResourceGroup$RANDOM_SUFFIX" - export LOCATION="WestUS2" - az group create --name "$RESOURCE_GROUP_NAME" --location "$LOCATION" - ``` - - Results: - - - - ```json - { - "id": "/subscriptions/xxxxx/resourceGroups/myResourceGroupxxx", - "location": "", - "managedBy": null, - "name": "myResourceGroupxxx", - "properties": { - "provisioningState": "Succeeded" - }, - "tags": null, - "type": "Microsoft.Resources/resourceGroups" - } - ``` - -4. Create a managed identity. - - ```bash - export IDENTITY_NAME="userAssignedIdentity$RANDOM_SUFFIX" - az identity create --name "$IDENTITY_NAME" --resource-group "$RESOURCE_GROUP_NAME" --location "$LOCATION" - ``` - - Results: - - - - ```json - { - "clientId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", - "id": "/subscriptions/xxxxx/resourceGroups/myResourceGroupxxx/providers/Microsoft.ManagedIdentity/userAssignedIdentities/userAssignedIdentityxxx", - "location": "", - "name": "userAssignedIdentityxxx", - "principalId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", - "resourceGroup": "myResourceGroupxxx", - "tags": {}, - "type": "Microsoft.ManagedIdentity/userAssignedIdentities" - } - ``` - -5. Save the client ID of the managed identity to an environment variable. - - ```bash - export USER_ASSIGNED_CLIENT_ID="$(az identity show --resource-group "$RESOURCE_GROUP_NAME" --name "$IDENTITY_NAME" --query 'clientId' -o tsv)" - ``` - -6. Grant the managed identity the permissions required to access the resources in Azure it requires. For information on how to do this, see [Assign a managed identity access to a resource][assign-rbac-managed-identity]. - -7. Get the OIDC Issuer URL and save it to an environment variable. Replace the default values for the cluster name and the resource group name. +```bash +export RANDOM_SUFFIX=$(openssl rand -hex 3) +export RESOURCE_GROUP_NAME="myResourceGroup$RANDOM_SUFFIX" +export LOCATION="WestUS2" +az group create --name "$RESOURCE_GROUP_NAME" --location "$LOCATION" +``` - ```bash - export AKS_CLUSTER_NAME=$MY_AKS_CLUSTER_NAME - export AKS_RESOURCE_GROUP=$MY_AKS_RESOURCE_GROUP - export AKS_OIDC_ISSUER="$(az aks show --name "$AKS_CLUSTER_NAME" --resource-group "$AKS_RESOURCE_GROUP" --query "oidcIssuerProfile.issuerUrl" -o tsv)" - ``` +Results: + + + +```json +{ + "id": "/subscriptions/xxxxx/resourceGroups/myResourceGroupxxx", + "location": "", + "managedBy": null, + "name": "myResourceGroupxxx", + "properties": { + "provisioningState": "Succeeded" + }, + "tags": null, + "type": "Microsoft.Resources/resourceGroups" +} +``` - The variable should contain the Issuer URL similar to the following example: +## Create a managed identity. - ```bash - echo "$AKS_OIDC_ISSUER" - ``` +```bash +export IDENTITY_NAME="userAssignedIdentity$RANDOM_SUFFIX" +az identity create --name "$IDENTITY_NAME" --resource-group "$RESOURCE_GROUP_NAME" --location "$LOCATION" +``` - Results: +Results: + + + +```json +{ + "clientId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", + "id": "/subscriptions/xxxxx/resourceGroups/myResourceGroupxxx/providers/Microsoft.ManagedIdentity/userAssignedIdentities/userAssignedIdentityxxx", + "location": "", + "name": "userAssignedIdentityxxx", + "principalId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", + "resourceGroup": "myResourceGroupxxx", + "tags": {}, + "type": "Microsoft.ManagedIdentity/userAssignedIdentities" +} +``` - +## Get Client ID - ```output - https://eastus.oic.prod-aks.azure.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/ - ``` +Save the client ID of the managed identity to an environment variable. - By default, the Issuer is set to use the base URL `https://{region}.oic.prod-aks.azure.com/{uuid}`, where the value for `{region}` matches the location the AKS cluster is deployed in. The value `{uuid}` represents the OIDC key. +```bash +export USER_ASSIGNED_CLIENT_ID="$(az identity show --resource-group "$RESOURCE_GROUP_NAME" --name "$IDENTITY_NAME" --query 'clientId' -o tsv)" +``` -## Create Kubernetes service account +## Save OIDC Issuer URL +Get the OIDC Issuer URL and save it to an environment variable.By default, the Issuer is set to use the base URL `https://{region}.oic.prod-aks.azure.com/{uuid}`, where the value for `{region}` matches the location the AKS cluster is deployed in. The value `{uuid}` represents the OIDC key. -If you don't have a dedicated Kubernetes service account created for this application, perform the following steps to create and then annotate it with the client ID of the managed identity created in the previous step. +```bash +export AKS_CLUSTER_NAME=$MY_AKS_CLUSTER_NAME +export AKS_RESOURCE_GROUP=$MY_AKS_RESOURCE_GROUP +export AKS_OIDC_ISSUER="$(az aks show --name "$AKS_CLUSTER_NAME" --resource-group "$AKS_RESOURCE_GROUP" --query "oidcIssuerProfile.issuerUrl" -o tsv)" +``` -1. Get the Kubernetes credentials for your cluster. +## Load credentials - ```bash - az aks get-credentials --name "$AKS_CLUSTER_NAME" --resource-group "$AKS_RESOURCE_GROUP" - ``` +Get the Kubernetes credentials for your cluster. -2. Create a namespace if you don't have one. +```bash +az aks get-credentials --name "$AKS_CLUSTER_NAME" --resource-group "$AKS_RESOURCE_GROUP" +``` - ```bash - export SERVICE_ACCOUNT_NAMESPACE="mynamespace$RANDOM_SUFFIX" - kubectl create namespace "$SERVICE_ACCOUNT_NAMESPACE" - ``` +## Create Namespace -3. Create the service account and annotate it with the client ID of the managed identity. +Create a namespace. - ```bash - export SERVICE_ACCOUNT_NAME="myserviceaccount$RANDOM_SUFFIX" - kubectl create serviceaccount "$SERVICE_ACCOUNT_NAME" -n "$SERVICE_ACCOUNT_NAMESPACE" - kubectl annotate serviceaccount "$SERVICE_ACCOUNT_NAME" --namespace "$SERVICE_ACCOUNT_NAMESPACE" azure.workload.identity/client-id="$USER_ASSIGNED_CLIENT_ID" - ``` +```bash +export SERVICE_ACCOUNT_NAMESPACE="mynamespace$RANDOM_SUFFIX" +kubectl create namespace "$SERVICE_ACCOUNT_NAMESPACE" +``` - The following output resembles successful creation of the service account: +## Create Service Account +Create the service account and annotate it with the client ID of the managed identity. - ```output - serviceaccount/ annotated - ``` +```bash +export SERVICE_ACCOUNT_NAME="myserviceaccount$RANDOM_SUFFIX" +kubectl create serviceaccount "$SERVICE_ACCOUNT_NAME" -n "$SERVICE_ACCOUNT_NAMESPACE" +kubectl annotate serviceaccount "$SERVICE_ACCOUNT_NAME" --namespace "$SERVICE_ACCOUNT_NAMESPACE" azure.workload.identity/client-id="$USER_ASSIGNED_CLIENT_ID" +``` ## Establish federated identity credential trust Establish a federated identity credential between the managed identity, the service account issuer, and the subject. -1. Create the federated identity credential. Replace the values `federated-identity-name`, `service-account-namespace`, and `service-account-name`. - - ```bash - export FEDERATED_CREDENTIAL_NAME="myFederatedCredentialName$RANDOM_SUFFIX" - az identity federated-credential create --name "$FEDERATED_CREDENTIAL_NAME" --identity-name "$IDENTITY_NAME" --resource-group "$RESOURCE_GROUP_NAME" --issuer "$AKS_OIDC_ISSUER" --subject "system:serviceaccount:$SERVICE_ACCOUNT_NAMESPACE:$SERVICE_ACCOUNT_NAME" --audience "api://AzureADTokenExchange" - ``` - - > [!NOTE] - > It takes a few seconds for the federated identity credential to be propagated after being initially added. If a token request is made immediately after adding the federated identity credential, it might lead to failure for a couple of minutes as the cache is populated in the directory with old data. To avoid this issue, you can add a slight delay after adding the federated identity credential. +```bash +export FEDERATED_CREDENTIAL_NAME="myFederatedCredentialName$RANDOM_SUFFIX" +az identity federated-credential create --name "$FEDERATED_CREDENTIAL_NAME" --identity-name "$IDENTITY_NAME" --resource-group "$RESOURCE_GROUP_NAME" --issuer "$AKS_OIDC_ISSUER" --subject "system:serviceaccount:$SERVICE_ACCOUNT_NAMESPACE:$SERVICE_ACCOUNT_NAME" --audience "api://AzureADTokenExchange" +``` ## Deploy the workload with migration sidecar -If your application is using managed identity and still relies on IMDS to get an access token, you can use the workload identity migration sidecar to start migrating to workload identity. This sidecar is a migration solution and in the long-term, applications should modify their code to use the latest Azure Identity SDKs that support client assertion. - -To update or deploy the workload, add the following pod annotations to use the migration sidecar in your pod specification: - -- `azure.workload.identity/inject-proxy-sidecar` - value is `"true"` or `"false"` -- `azure.workload.identity/proxy-sidecar-port` - value is the desired port for the proxy sidecar. The default value is `"8000"`. - -When a pod with the above annotations is created, the Azure Workload Identity mutating webhook automatically injects the init-container and proxy sidecar to the pod spec. - -Here's an example of the mutated pod spec: - ```bash export POD_NAME="httpbin-pod" -``` -```bash cat < pod.yaml apiVersion: v1 kind: Pod @@ -237,44 +144,19 @@ spec: - name: IMDS_ENDPOINT value: "http://169.254.169.254" EOF -``` - -After updating or deploying your application, verify the pod is in a running state using the [kubectl describe pod][kubectl-describe] command. Replace `$POD_NAME` with the name of your deployed pod. - -Apply the pod specification: - -```bash kubectl apply -f pod.yaml kubectl wait --for=condition=Ready pod/httpbin-pod -n "$SERVICE_ACCOUNT_NAMESPACE" --timeout=120s -``` - -```bash - kubectl describe pods $POD_NAME -n "$SERVICE_ACCOUNT_NAMESPACE" -``` - -To verify that the pod is passing IMDS transactions, use the [kubectl logs][kubelet-logs] command. - -```bash kubectl logs $POD_NAME -n "$SERVICE_ACCOUNT_NAMESPACE" ``` -The following log output resembles successful communication through the proxy sidecar. Verify that the logs show a token is successfully acquired and the GET operation is successful. - -```output -I0926 00:29:29.968723 1 proxy.go:97] proxy "msg"="starting the proxy server" "port"=8080 "userAgent"="azure-workload-identity/proxy/v0.13.0-12-gc8527f3 (linux/amd64) c8527f3/2022-09-26-00:19" -I0926 00:29:29.972496 1 proxy.go:173] proxy "msg"="received readyz request" "method"="GET" "uri"="/readyz" -I0926 00:29:30.936769 1 proxy.go:107] proxy "msg"="received token request" "method"="GET" "uri"="/metadata/identity/oauth2/token?resource=https://management.core.windows.net/api-version=2018-02-01&client_id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -I0926 00:29:31.101998 1 proxy.go:129] proxy "msg"="successfully acquired token" "method"="GET" "uri"="/metadata/identity/oauth2/token?resource=https://management.core.windows.net/api-version=2018-02-01&client_id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -``` - ## Remove pod-managed identity After you've completed your testing and the application is successfully able to get a token using the proxy sidecar, you can remove the Microsoft Entra pod-managed identity mapping for the pod from your cluster, and then remove the identity. -1. Remove the identity from your pod. This should only be done after all pods in the namespace using the pod-managed identity mapping have migrated to use the sidecar. - - Use the `az aks pod-identity delete` command to delete the pod-managed identity. Ensure you replace `` with the name of the pod-managed identity you wish to delete. +```bash +az aks pod-identity delete $IDENTITY_NAME +``` ## Next steps From d51e70e0e351a163de8008d4a9e22c4b4198f416 Mon Sep 17 00:00:00 2001 From: Aria Amini Date: Tue, 4 Feb 2025 16:00:40 -0500 Subject: [PATCH 11/13] Fix Confidential --- ...fidential-enclave-nodes-aks-get-started.md | 73 +++++-------------- 1 file changed, 20 insertions(+), 53 deletions(-) diff --git a/scenarios/azure-docs/articles/confidential-computing/confidential-enclave-nodes-aks-get-started.md b/scenarios/azure-docs/articles/confidential-computing/confidential-enclave-nodes-aks-get-started.md index e342c39ad..fefa977d9 100644 --- a/scenarios/azure-docs/articles/confidential-computing/confidential-enclave-nodes-aks-get-started.md +++ b/scenarios/azure-docs/articles/confidential-computing/confidential-enclave-nodes-aks-get-started.md @@ -45,6 +45,8 @@ Use the following instructions to create an AKS cluster with the Intel SGX add-o Intel SGX AKS Addon "confcom" exposes the Intel SGX device drivers to your containers to avoid added changes to your pod YAML. +## Create Resource Group + First, create a resource group for the cluster by using the `az group create` command. ```bash @@ -72,26 +74,23 @@ Results: } ``` -Now create an AKS cluster with the confidential computing add-on enabled. +## Create Cluster with Confidential Computing Add-on +Now create an AKS cluster with the confidential computing add-on enabled. This command deploys a new AKS cluster with a system node pool of non-confidential computing nodes. Confidential computing Intel SGX nodes are not recommended for system node pools. ```bash export AKS_CLUSTER="myAKSCluster$RANDOM_SUFFIX" az aks create -g $RESOURCE_GROUP --name $AKS_CLUSTER --generate-ssh-keys --enable-addons confcom ``` -This command deploys a new AKS cluster with a system node pool of non-confidential computing nodes. Confidential computing Intel SGX nodes are not recommended for system node pools. - -### Add a user node pool with confidential computing capabilities to the AKS cluster +## Add a user node pool with confidential computing capabilities to the AKS cluster -Run the following command to add a user node pool of `Standard_DC4s_v3` size with two nodes to the AKS cluster. +Run the following command to add a user node pool of `Standard_DC4s_v3` size with two nodes to the AKS cluster. After you run the command, a new node pool with DCsv3 should be visible with confidential computing add-on DaemonSets. ```bash az aks nodepool add --cluster-name $AKS_CLUSTER --name confcompool1 --resource-group $RESOURCE_GROUP --node-vm-size Standard_DC4s_v3 --node-count 2 ``` -After you run the command, a new node pool with DCsv3 should be visible with confidential computing add-on DaemonSets. - -### Verify the node pool and add-on +## Get Credentials Get the credentials for your AKS cluster. @@ -99,6 +98,8 @@ Get the credentials for your AKS cluster. az aks get-credentials --resource-group $RESOURCE_GROUP --name $AKS_CLUSTER ``` +## Verify the node pool and add-on + Use the `kubectl get pods` command to verify that the nodes are created properly and the SGX-related DaemonSets are running on DCsv3 node pools: ```bash @@ -114,30 +115,16 @@ NAMESPACE NAME READY STATUS RESTARTS kube-system sgx-device-plugin-xxxxx 1/1 Running 0 5m ``` -If the output matches the preceding code, your AKS cluster is now ready to run confidential applications. - -You can go to the Deploy Hello World from an isolated enclave application section in this quickstart to test an app in an enclave. - -## Add a confidential computing node pool to an existing AKS cluster - -This section assumes you're already running an AKS cluster that meets the prerequisite criteria listed earlier in this quickstart. - -### Enable the confidential computing AKS add-on on the existing cluster +## Enable the confidential computing AKS add-on on the existing cluster To enable the confidential computing add-on, use the `az aks enable-addons` command with the `confcom` add-on, specifying your existing AKS cluster name and resource group. -### Add a DCsv3 user node pool to the cluster -> [!NOTE] -> To use the confidential computing capability, your existing AKS cluster needs to have a minimum of one node pool that's based on a DCsv2/DCsv3 VM SKU. To learn more about DCsv2/DCsv3 VM SKUs for confidential computing, see the available SKUs and supported regions. - -To create a node pool, add a new node pool to your existing AKS cluster with the name *confcompool1*. Ensure that this node pool has two nodes and uses the `Standard_DC4s_v3` VM size. - -Verify that the new node pool with the name *confcompool1* has been created by listing the node pools in your AKS cluster. +```bash +az aks enable-addons --addons confcom --name $AKS_CLUSTER --resource-group $RESOURCE_GROUP +``` ### Verify that DaemonSets are running on confidential node pools -Sign in to your existing AKS cluster to perform the following verification: - ```bash kubectl get nodes ``` @@ -151,28 +138,9 @@ NAME STATUS ROLES AGE VERSION aks-confcompool1-xxxxx-vmss000000 Ready agent 5m v1.xx.x ``` -You might also see other DaemonSets. - -```bash -kubectl get pods --all-namespaces -``` - -Results: - - - -```text -NAMESPACE NAME READY STATUS RESTARTS AGE -kube-system sgx-device-plugin-xxxxx 1/1 Running 0 5m -``` - -If the output matches the preceding code, your AKS cluster is now ready to run confidential applications. - ## Deploy Hello World from an isolated enclave application -You're now ready to deploy a test application. - -Create a file named `hello-world-enclave.yaml` and paste in the following YAML manifest. This deployment assumes that you've deployed the *confcom* add-on. +Deploy a file named `hello-world-enclave.yaml`. This deployment assumes that you've deployed the *confcom* add-on. ```bash cat < hello-world-enclave.yaml @@ -205,11 +173,6 @@ spec: path: /var/run/aesmd backoffLimit: 0 EOF -``` - -Now use the `kubectl apply` command to create a sample job that will run in a secure enclave. - -```bash kubectl apply -f hello-world-enclave.yaml ``` @@ -221,6 +184,8 @@ Results: job.batch/oe-helloworld created ``` +## Check Jobs + You can confirm that the workload successfully created a Trusted Execution Environment (enclave) by running the following commands: ```bash @@ -236,6 +201,8 @@ NAME COMPLETIONS DURATION AGE oe-helloworld 1/1 1s 23s ``` +## Check Pods + ```bash kubectl get pods -l app=oe-helloworld ``` @@ -249,6 +216,8 @@ NAME READY STATUS RESTARTS AGE oe-helloworld-xxxxx 0/1 Completed 0 25s ``` +## Wait for Pod to finish deploying. + ```bash while [[ $(kubectl get pods -l app=oe-helloworld -o 'jsonpath={..status.phase}') != "Succeeded" ]]; do sleep 2 @@ -266,8 +235,6 @@ Hello world from the enclave Enclave called into host to print: Hello World! ``` -If the output matches the preceding code, your application is running successfully in a confidential computing environment. - ## Next steps - Run Python, Node, or other applications through confidential containers using ISV/OSS SGX wrapper software. Review [confidential container samples in GitHub](https://github.com/Azure-Samples/confidential-container-samples). From 6e536f10380ee379ec96966fef43a3b36f1e58e3 Mon Sep 17 00:00:00 2001 From: Aria Amini Date: Tue, 4 Feb 2025 16:13:20 -0500 Subject: [PATCH 12/13] Fix missing accelerated --- ...-virtual-machine-accelerated-networking.md | 112 +++++++++--------- 1 file changed, 56 insertions(+), 56 deletions(-) diff --git a/scenarios/azure-docs/articles/virtual-network/create-virtual-machine-accelerated-networking.md b/scenarios/azure-docs/articles/virtual-network/create-virtual-machine-accelerated-networking.md index f6fe71b1d..046ac780c 100644 --- a/scenarios/azure-docs/articles/virtual-network/create-virtual-machine-accelerated-networking.md +++ b/scenarios/azure-docs/articles/virtual-network/create-virtual-machine-accelerated-networking.md @@ -198,71 +198,71 @@ Results: } ``` -1. Create an Azure Bastion host with [az network bastion create](/cli/azure/network/bastion). Azure Bastion is used to securely connect Azure virtual machines without exposing them to the public internet. +## Create Azure Bastion Host - ```bash - export RESOURCE_GROUP_NAME="test-rg$RANDOM_SUFFIX" - export BASTION_NAME="bastion$RANDOM_SUFFIX" - export VNET_NAME="vnet-1$RANDOM_SUFFIX" - export PUBLIC_IP_NAME="public-ip-bastion$RANDOM_SUFFIX" - export REGION="eastus2" - - az network bastion create \ - --resource-group $RESOURCE_GROUP_NAME \ - --name $BASTION_NAME \ - --vnet-name $VNET_NAME \ - --public-ip-address $PUBLIC_IP_NAME \ - --location $REGION - ``` +Create an Azure Bastion host with [az network bastion create](/cli/azure/network/bastion). Azure Bastion is used to securely connect Azure virtual machines without exposing them to the public internet. - Results: - - +```bash +export RESOURCE_GROUP_NAME="test-rg$RANDOM_SUFFIX" +export BASTION_NAME="bastion$RANDOM_SUFFIX" +export VNET_NAME="vnet-1$RANDOM_SUFFIX" +export PUBLIC_IP_NAME="public-ip-bastion$RANDOM_SUFFIX" +export REGION="eastus2" - ```json +az network bastion create \ + --resource-group $RESOURCE_GROUP_NAME \ + --name $BASTION_NAME \ + --vnet-name $VNET_NAME \ + --public-ip-address $PUBLIC_IP_NAME \ + --location $REGION +``` + +Results: + + + +```json +{ + "disableCopyPaste": false, + "dnsName": "bst-cc1d5c1d-9496-44fa-a8b3-3b2130efa306.bastion.azure.com", + "enableFileCopy": false, + "enableIpConnect": false, + "enableKerberos": false, + "enableSessionRecording": false, + "enableShareableLink": false, + "enableTunneling": false, + "etag": "W/\"229bd068-160b-4935-b23d-eddce4bb31ed\"", + "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/test-rg69e367/providers/Microsoft.Network/bastionHosts/bastion69e367", + "ipConfigurations": [ { - "disableCopyPaste": false, - "dnsName": "bst-cc1d5c1d-9496-44fa-a8b3-3b2130efa306.bastion.azure.com", - "enableFileCopy": false, - "enableIpConnect": false, - "enableKerberos": false, - "enableSessionRecording": false, - "enableShareableLink": false, - "enableTunneling": false, "etag": "W/\"229bd068-160b-4935-b23d-eddce4bb31ed\"", - "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/test-rg69e367/providers/Microsoft.Network/bastionHosts/bastion69e367", - "ipConfigurations": [ - { - "etag": "W/\"229bd068-160b-4935-b23d-eddce4bb31ed\"", - "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/test-rg69e367/providers/Microsoft.Network/bastionHosts/bastion69e367/bastionHostIpConfigurations/bastion_ip_config", - "name": "bastion_ip_config", - "privateIPAllocationMethod": "Dynamic", - "provisioningState": "Succeeded", - "publicIPAddress": { - "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/test-rg69e367/providers/Microsoft.Network/publicIPAddresses/public-ip-bastion69e367", - "resourceGroup": "test-rg69e367" - }, - "resourceGroup": "test-rg69e367", - "subnet": { - "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/test-rg69e367/providers/Microsoft.Network/virtualNetworks/vnet-169e367/subnets/AzureBastionSubnet", - "resourceGroup": "test-rg69e367" - }, - "type": "Microsoft.Network/bastionHosts/bastionHostIpConfigurations" - } - ], - "location": "eastus2", - "name": "bastion69e367", + "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/test-rg69e367/providers/Microsoft.Network/bastionHosts/bastion69e367/bastionHostIpConfigurations/bastion_ip_config", + "name": "bastion_ip_config", + "privateIPAllocationMethod": "Dynamic", "provisioningState": "Succeeded", + "publicIPAddress": { + "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/test-rg69e367/providers/Microsoft.Network/publicIPAddresses/public-ip-bastion69e367", + "resourceGroup": "test-rg69e367" + }, "resourceGroup": "test-rg69e367", - "scaleUnits": 2, - "sku": { - "name": "Standard" + "subnet": { + "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/test-rg69e367/providers/Microsoft.Network/virtualNetworks/vnet-169e367/subnets/AzureBastionSubnet", + "resourceGroup": "test-rg69e367" }, - "type": "Microsoft.Network/bastionHosts" + "type": "Microsoft.Network/bastionHosts/bastionHostIpConfigurations" } - ``` - ---- + ], + "location": "eastus2", + "name": "bastion69e367", + "provisioningState": "Succeeded", + "resourceGroup": "test-rg69e367", + "scaleUnits": 2, + "sku": { + "name": "Standard" + }, + "type": "Microsoft.Network/bastionHosts" +} +``` ## Create a network interface with Accelerated Networking From 2392954aee0bc732d41c23e6750af45741a5f51c Mon Sep 17 00:00:00 2001 From: Aria Amini Date: Tue, 4 Feb 2025 16:45:42 -0500 Subject: [PATCH 13/13] Rename --- .../.openpublishing.redirection.virtual-machine-scale-sets.json | 0 .../articles/virtual-machine-scale-sets/TOC.yml | 0 .../articles/virtual-machine-scale-sets/breadcrumb/toc.yml | 0 .../flexible-virtual-machine-scale-sets-cli.md | 0 .../articles/virtual-machine-scale-sets/index.yml | 0 .../virtual-machine-scale-sets/tutorial-use-custom-image-cli.md | 0 .../virtual-machine-scale-sets/virtual-machine-scale-sets-faq.yml | 0 .../articles/virtual-machines/linux/quick-create-cli.md | 0 .../articles/virtual-machines/linux/tutorial-lemp-stack.md | 0 9 files changed, 0 insertions(+), 0 deletions(-) rename scenarios/{azure-compute-docs => azure-docs}/articles/virtual-machine-scale-sets/.openpublishing.redirection.virtual-machine-scale-sets.json (100%) rename scenarios/{azure-compute-docs => azure-docs}/articles/virtual-machine-scale-sets/TOC.yml (100%) rename scenarios/{azure-compute-docs => azure-docs}/articles/virtual-machine-scale-sets/breadcrumb/toc.yml (100%) rename scenarios/{azure-compute-docs => azure-docs}/articles/virtual-machine-scale-sets/flexible-virtual-machine-scale-sets-cli.md (100%) rename scenarios/{azure-compute-docs => azure-docs}/articles/virtual-machine-scale-sets/index.yml (100%) rename scenarios/{azure-compute-docs => azure-docs}/articles/virtual-machine-scale-sets/tutorial-use-custom-image-cli.md (100%) rename scenarios/{azure-compute-docs => azure-docs}/articles/virtual-machine-scale-sets/virtual-machine-scale-sets-faq.yml (100%) rename scenarios/{azure-compute-docs => azure-docs}/articles/virtual-machines/linux/quick-create-cli.md (100%) rename scenarios/{azure-compute-docs => azure-docs}/articles/virtual-machines/linux/tutorial-lemp-stack.md (100%) diff --git a/scenarios/azure-compute-docs/articles/virtual-machine-scale-sets/.openpublishing.redirection.virtual-machine-scale-sets.json b/scenarios/azure-docs/articles/virtual-machine-scale-sets/.openpublishing.redirection.virtual-machine-scale-sets.json similarity index 100% rename from scenarios/azure-compute-docs/articles/virtual-machine-scale-sets/.openpublishing.redirection.virtual-machine-scale-sets.json rename to scenarios/azure-docs/articles/virtual-machine-scale-sets/.openpublishing.redirection.virtual-machine-scale-sets.json diff --git a/scenarios/azure-compute-docs/articles/virtual-machine-scale-sets/TOC.yml b/scenarios/azure-docs/articles/virtual-machine-scale-sets/TOC.yml similarity index 100% rename from scenarios/azure-compute-docs/articles/virtual-machine-scale-sets/TOC.yml rename to scenarios/azure-docs/articles/virtual-machine-scale-sets/TOC.yml diff --git a/scenarios/azure-compute-docs/articles/virtual-machine-scale-sets/breadcrumb/toc.yml b/scenarios/azure-docs/articles/virtual-machine-scale-sets/breadcrumb/toc.yml similarity index 100% rename from scenarios/azure-compute-docs/articles/virtual-machine-scale-sets/breadcrumb/toc.yml rename to scenarios/azure-docs/articles/virtual-machine-scale-sets/breadcrumb/toc.yml diff --git a/scenarios/azure-compute-docs/articles/virtual-machine-scale-sets/flexible-virtual-machine-scale-sets-cli.md b/scenarios/azure-docs/articles/virtual-machine-scale-sets/flexible-virtual-machine-scale-sets-cli.md similarity index 100% rename from scenarios/azure-compute-docs/articles/virtual-machine-scale-sets/flexible-virtual-machine-scale-sets-cli.md rename to scenarios/azure-docs/articles/virtual-machine-scale-sets/flexible-virtual-machine-scale-sets-cli.md diff --git a/scenarios/azure-compute-docs/articles/virtual-machine-scale-sets/index.yml b/scenarios/azure-docs/articles/virtual-machine-scale-sets/index.yml similarity index 100% rename from scenarios/azure-compute-docs/articles/virtual-machine-scale-sets/index.yml rename to scenarios/azure-docs/articles/virtual-machine-scale-sets/index.yml diff --git a/scenarios/azure-compute-docs/articles/virtual-machine-scale-sets/tutorial-use-custom-image-cli.md b/scenarios/azure-docs/articles/virtual-machine-scale-sets/tutorial-use-custom-image-cli.md similarity index 100% rename from scenarios/azure-compute-docs/articles/virtual-machine-scale-sets/tutorial-use-custom-image-cli.md rename to scenarios/azure-docs/articles/virtual-machine-scale-sets/tutorial-use-custom-image-cli.md diff --git a/scenarios/azure-compute-docs/articles/virtual-machine-scale-sets/virtual-machine-scale-sets-faq.yml b/scenarios/azure-docs/articles/virtual-machine-scale-sets/virtual-machine-scale-sets-faq.yml similarity index 100% rename from scenarios/azure-compute-docs/articles/virtual-machine-scale-sets/virtual-machine-scale-sets-faq.yml rename to scenarios/azure-docs/articles/virtual-machine-scale-sets/virtual-machine-scale-sets-faq.yml diff --git a/scenarios/azure-compute-docs/articles/virtual-machines/linux/quick-create-cli.md b/scenarios/azure-docs/articles/virtual-machines/linux/quick-create-cli.md similarity index 100% rename from scenarios/azure-compute-docs/articles/virtual-machines/linux/quick-create-cli.md rename to scenarios/azure-docs/articles/virtual-machines/linux/quick-create-cli.md diff --git a/scenarios/azure-compute-docs/articles/virtual-machines/linux/tutorial-lemp-stack.md b/scenarios/azure-docs/articles/virtual-machines/linux/tutorial-lemp-stack.md similarity index 100% rename from scenarios/azure-compute-docs/articles/virtual-machines/linux/tutorial-lemp-stack.md rename to scenarios/azure-docs/articles/virtual-machines/linux/tutorial-lemp-stack.md