Azure Monitor -enable continuous monitoring across all resource deployed to azure.

Able to view
the health of the cluster/underlying VMs
Azure Advisor -Recommendation Engine
Azure Artifact -Package Management System
Azure Alerts -IT team will be informed of any issues regarding the deployed resources. (In Azure
Monitor)
Azure Logic Apps -Work flow based service, can automate alerts via email
Azure Functions -Server-less compute service
Azure DevOps Services - Build and Release pipelines
Azure Key Vault Services - can be used for certificate management
Azure Log Analytics -IT Service Management Connector -On any issue ticket is generated.
-KUSTO querying language used.
Availability Tests in Azure Application Insight - can send email to internal devops team when
any service fails to give a 200 ok response.
Azure Event Hubs- Big data ingestion service.
Azure Express Route -Hybrid dedicated connection which provides high speed connectivity.
Azure Scanner -any non whitelisted public endpoint/port detected will create a bug.

Terms:
Agent -Installable software that runs one build or deployment job at a time.
Agent always initiates the communication with the pipeline.To determine which jobs, logs and
alerts.(over HTTPS)
Agent on an on-premise machine behind firewall -port 443 | Register an agent with the pipeline
through agent pool. (identity of agent pool admin is reqd only at this time)
-Uses OAuth token and listens to job queue (asymmetric encryption, public private key pair)
When a new job is available, the agent downloads the job and job specific OAuth token.
Listener is used to listen to jobs in pipeline.
agent to deploy artifacts require line of sight, if firewall- req self hosted agents on premise (as a
conduit b/w target servers and TFS/Pipeline)
Authenticate agent to azure pipeline through PAT -only used for registering not subsequent
communication.
To register an agent you need to be a member of the administrator role in the agent pool
Agent can be run either as service or interactive
Service- ensure that the agent starts automatically.can use the service manager of the OS to
manage the life cycle of the agent. Auto Upgrade is available.
tscon command to exit remote desktop-for ui test not to close abruptly.

Job -A job represents an execution boundary of a set of steps. A build contain one or more jobs,
each job runs on an agent.All the steps run together on the same agent
GIT/CI:
CI when code is checked in- from triggers tab (Batch changes -to build a batch of changes)
On premise Git Repo protected by firewall - Access through self hosted agents and External Git
Connection.
SQUASH Merge -Allows consolidation of all commit histories ,merge the changes into single
commit.
GIT -used when developers want to use the source code versioning from 3rd party IDE
GITHUB Enterprise -can be installed on premise as standalone, and has a lot of security
features.
Subversion -is centralized -developers need to work with the most recent version
TFVC -Restrict access to individual files and folders, last build should be successful for checkin,
should also associate with at least one work item. Release branch is viewable only to project
leads.
Branch Filter can be used to EXCLUDE, specific folders from triggering build on changes.
Branch Filter can be used to INCLUDE, specific folders.

REPORTING:
Cumulative Flow Diagram -Count of work items over time in each column of kanban board. -to
identify any bottlenecks in process/are delivery consistent.
Burndown -trend of completed work across multiple team and multiple sprints. -will work be
completed by the targeted date if not the projected date.
Burnup - trend of completed work across multiple team and sprints. -when completed work
meets total scope, project is done.
Cycle Time -Amount of time from Active to Closed state of work item.
Lead Time -Amt of time reqd to deliver work from backlog.
Velocity -how much work team can complete in a sprint. -avg vel /how much work can be
delivered in upcoming sprints.

Project Backlog and Bugs on Kanban- as task on task board -SCRUM -Impediments
User Stories and Bugs on Kanban -as task on task board -AGILE -Issues
Requirement/Review/Change Req/Risk/Reviews -CMMI

YAML:
- 'include' -to specify the branch that need to be included in build queue/trigger.
- 'exclude' -to exclude path from the build process.
- 'tag' -to add tags to the build.
- 'Batch' -queue build when changes are commited whilst any existing build is running.
DOCKER:
- Docker Compose - can be used to run containers (run even multiple container and tests on
them at the same time)
- Docker Multi-Stage Build - to have multiple builds in one file.
- Swarm service to scale the docker containers.
- Docker stack deploy -to pull docker images.

-Linux Container -Require Bash and No definition of an ENTRYPOINT (install docker and
permission given to the agent for docker daemon)

DSC:
- Upload config into the automation account- Run the
import-AzureRmAutomationDscConfiguration powershell command.
- Custom Script Extension is used for installing custom applications in VMs
- Azure Automation -to maintain the config of the VMs consistent- Use state configuration of AZ
Automation.
- Configuration Management using customs tools -Puppet and Chef.
- Tasks are NOT used to create VMs
- Azure DevTest Labs Extension- to manage the creation of VMs
- ARM Templates -to deploy resources.
- DSC -to maintain consistency of VMs.
- Configuration mode - Apply only -will apply only once-hence chance for inconsistency.
- Azure Policies can be used for the governance of deployment of VMs.
- Gate can also be used for security and compliance assessment for the stage. -VM to be of
particular SKU size.

Steps for onboarding machines into Azure Automation state configuration:

1.Import existing Configuration
2.Compile the configuration
3.Onboard the set of virtual machines to Az Automation state configuration
4.Ensure to assign node configuration
5.Check the status of the nodes

DEPLOYMENT:
Blue green deployments - Azure Traffic Manager is the ideal service for deployment -uses
routing methods (weighted routing methods)
Blue Green Deployment - used when the req is to reduce the time between application versions
(this mode will have the 2 versions of the application in usual - switch deployment)
A/B Testing - Deployment to a subset of users UNDER SPECIFIC CONDITIONS.
Rolling Deployment - Gradual Deployment or Phase deployment of new version
Canary Deployments - rolls out releases to a subset of users, before rolling the changes to rest
of the servers/users.
All Agent Pools -By default build/release/project admins are added to administrator role.
nuget.exe push -Source <> to publish nuget package to feed.
Azure Job timeout set to zero -MS hosted agents along with public repo -how long will the job
run -360 Mns.
Deploy to a set of servers at once - through deployment groups.

APP CENTER:
SDK Packages reqd for Mobile apps in App center -MicroSoft.AppCenter.Analytics and
MicroSoft.AppCenter.Crashes
Distribution Groups -Manages access to app builds at organization level. (Type -Shared)
AppCenter.Start("iusadnfksdnfk",
typeof(Analytics), typeof(Crashes) -- to be added to the starting code for the OnCreate()
iOS distribution certificate through app center format -.p12

Static Code Analyzers -PMD (java) Find Bugs, SonarQube

Open Source Licensing issues - WhiteSource Bolt, BlackDuck by Synopsis.
Cobertura - Code coverage tool for java -has the ability to publish results to azure devops.
Visual Studio Code Analysis and the Roslyn Security Analyzers.
Checkmarx -A static application security testing tool.
BinSkim - A binary static analysis tool that provides security and correctness result for windows
portable executables.

Runbook for automation account are stored in azure repos - configure source control integration
in azure automation.
Gradual deployment to servers - can be achieved through deployment group job
All artifacts are present for release pipeline - Publish Build Artifacts task
Highlighted lightning symbol indicates automation is NOT available/set
Release pipeline deploys the source to target - through task item.
Erlang and Hack -Azure DevTest Labs
Feed -to make private -remove the upstream -set the dev team package source url to the
package feed url.
The delay before evaluation -will give enough time for the alerts to be in a state which can be
communicated with the gates.
The timeout after which gate fails-can be configured for setting the timeout for gate.
/azpipelines subscribe to get build notifications in slack.
SonarQube to be set up as an extension in Azure DevOps at an organization level, set up as a
service connection in project level.
Code to staging stage is released through job/task section. (Job/Task Section >>Add task
'Deploy Azure App Service' >> select type as 'web app on windows')
Deployment pool -Organization level - for deployment purpose
App Service - Connection string section - connection string in prod
App Service - Authentication/Authorization section -when app needs to connect using external
identity providers
App Service - Identity Section - to authenticate to other resources in azure.
Penetration Test - At the Continuous delivery phase.
Threat Modeling - At the design Phase.
Manager Role- Only role available for marketplace extension. Can install extension and respond
to req for extension to be installed.

Basic or higher - can request for feedback.

Stakeholder or higher - to provide or review feedback
contributor - view or modify response.
Public Projects -Stakeholder has the same role as Basic user for request feedback feature.

KeyVault: Monitor Access through:

- Archive to storage account
- Stream to an event hub
- send the logs to Log Analytics

CODE:
kubernetes -to enable monitor.
az group create --name whizlabs-rg --location eastus
az aks create \ ...
--enable-addons monitoring \..

Deploy resource using resource manager template

az group create --name whizlabs-rg --location eastus
az group deployment create\ ..
--template-file localtemplate.json

AZ container service for storing private docker images.

az acr create --resource-group whizlabs-rg --name whizlabacr --sku Standard --location eastus
az acr build --registry whizlabacr --image whizlabapp:v1

to scale numner of front end pods to 5 in AKS

kubectl scale -replicas=5 deployment/frontend

resource manager template to create VMs, key vault for storing the VM account password (code
to recover the same)
parameters:{
whizlabLogin:{
value:whizlabadmin},
whizlabpassword:{
reference: {
KEYVAULT:{
ID:
/subscription/zsjldngesnrgke/resourcegroup/whizlarb-rg/providers/misrosofrt-key-vault/vault/whiz
labvault},
SECRETNAME:vmpassword
}}}

KeyVault Dynamic
resources: [
{apiversion:<>,
name: <>
type: Microsoft.Resources/deployments
properties: {
mode:<>
templateLink: {
..

To Scale AKS Node count

az aks scale --resource-group mResourceGroup --name MyAKSCluster --node-count 3

Secret for VM in KeyVault

az keyvault create --name "whizlab-vault" --resource-group "whizlab-rg" --location eastus
az keyvault secret set --value-name "Contoso-vault" --name"VMpassword" --value"sfdzfgdz"

Deploy Kubernetes to Azure

Create Resource Group
az group create --name akslab --location <region>

Create AKS using the latest version

az aks create --resource-group akslab --name<unique-aks-cluster-name> --enable-addons
monitoring --kubernetes-version
$version --generate-ssh-keys --location <region>

Deploy Azure Container Registry

az acr create --resource-group akslab --name<unique-acr-name> --sku standard
--location<region>

Authorize AKS cluster to connect to ACR using AKS generated SERVICE PRINCIPAL

create azure SQL server and database

az sql server create -l <region> -g akslab -n<unique-sql-server-name> -u <username> -p<pwd>
az sql db create -g akslab -s<unique-sql-server-name> -n mhcdb --service-objective S0

go to build pipeline >> inside the run services >>add the VS subscription >> this creates an
Azure Resource Manager Service Endpoint
which defines a secure connection to MS Azure Subscription, using Service Principal
Authentication (SPA)

Azure DevOps and Azure - through subscription - Azure Resource Manager Service Endpoint
-using Service Principal Authentication.

kubectl create secret happens background when secret is created in AKS (release pipe-aks
deployment stage) for pulling image from acr

Azure cloud shell run => az aks get-credentials --rg --aks name for access credentials of
kubernetes cluster
kubectl get pods
to access the app => kubectl get service mhc-front --watch

kubectl create configmap vault/kvuri/clientid

kubectl create secret generic clientsecret --from