archived the channel

I was previously an avid user of the https://github.com/cloudposse/terraform-null-label module to maintain good naming when doing stuff in AWS, but now have found myself working with a client that sits firmly in the Azure world, would it still be possible to use this module, and if not, can somebody recommend something similar that fits with Azure?

Many thanks!

Hi All,

I am trying to optimize Azure recovery services cost as that seems to be our second costlier service in our Azure estate.

Please share some of the effective optimization strategies which you have implemented and seen greater results.

Also, I am trying to understand the cost benefits by transitioning from GRS to ZRS in the recovery services. Not getting the pricing details for ZRS.

Your inputs in this matter is much appreciated.

Hi all,
I'm stuck in this issue since sometime:

query in Azure cloud-
- There is a AKS cluster in a subnet with a range 10.x.x.x/23 - basically available IPs would be 512.

- I should verify the used IPs now.

- one way is I went to the Azure portal and in Vnet - I went in connected devices and I see a list of IPs utilized which shows me around 185.

- this gave me a list of IPs utilized and from which nodepool but not the application or resources which is using it.

- so now I went into the cluster and did these
- k get pods -A -o wide
- k get svc -A -o wide
- k get ingress -A -o wide
- k get nodes -o wide
And noted all the IPs and summed up.
Now I get total ips as only around 117.

- basically my understanding was it both ways the IPs has to match but it isn't.

Few IPs are not showing up at all and not able to trace them.

- Also I have verified that there are no external services in the same subnet. Also accounted the reserved 5 IPs from Azure in a subnet for my calculation.

Anyone who knows how to query this with a data source ?

I try to query all the subscription id's from a specific management group and from the indiviual subscription I need to know the display_name and tenant_id

Hi all, I am looking at the azurerm_management_group and azurerm_subscription

Anybody got a decent story for deploying Azure Functions? Far as I can see there are lots of deployment options, but none that fit well my preferred pattern (build-from-source-to-versioned-and-environment-agnostic-package -> upload-to-artefacts-repo -> deploy-from-artefacts-repo-to-each-environment-with-terraform-by-specifying-package-version-uri-and-configuration-to-use)

How to find an under utilized resource group ?

I need assistance creating an alert dashboard.

I need assistance creating an alert dashboard in azure portal

👋 Hello all! Newbie question - related to managed disks and credits balance. I’ve created a standard ssd disk (100GB) and started data transfer in it. After about 10 minutes with 20MB/s perf start to be degraded and 15 minutes later it was 1MB/s. I’m trying to understand from a graph like AWS burst credits balance and consumption and I can not find any. Does anyone know where I can find such metrics/diagrams?

Did anyone have experience with Azure stack as a customer? Not hosting the stack but using it to provision resources? I have some generic questions like
• how do you connect to your stack tenant?
• does terraform work OK with it ?
• can you create/upload a machine template on it or do partners restrict that?
Any other experiences with it that are worth sharing?

Hey! I'm currently the only DevOps person volunteering at Equal Vote. If anyone here is interested in saving democracy with an elegant alternative electoral system, I could use some help. I'm specifically looking for assistance with Terraform, Azure, and Azure Container Apps. I'm considering switching things over to Kubernetes (AKS). We have to run in Azure for right now, because they've given us a grant to use their platform...

If you're interested, please DM me!

i’m looking at migration from Azure Container Instances to Azure Container Apps of a some services which are uptime-sensitive. does anyone have experience with ACA and can share some impressions?

check these repos: https://github.com/kumarvna?tab=repositories

Hello Team. I wonder if CloudPosee has some sort of premium Azure terraform repos? My company is looking to deploy their infra from AWS into Azure, and they are looking to buy/gain access to some already made modules. Any idea?

Hello team,

I am looking for a solution to create a traceability between Jira and AzureDevOps.
After the migration from Bitbucket to Azure Repos we are lacking the functionality of tracking development in Jira work items. This was natively supported between BB and Jira but now something custom is required.
I found that there are several paid solutions for this but i wonder if there any free option that can be used, or are there any tools which can be used to develop an extenson or script hooked that does the job.
The only one free solution that i found is : https://marketplace.atlassian.com/apps/1220515/azure-pipelines-for-jira?tab=overview&hosting=cloud but according to documentation it's noot covering the Azure Repos part.
Thanks in advance!

Hey community,
i am currently trying to execute terraform in a Devops pipeline using a custom Docker Image which looks like this:

FROM <http://mcr.microsoft.com/azure-cli:2.9.1|mcr.microsoft.com/azure-cli:2.9.1>

RUN apk --no-cache add sudo shadow nodejs npm

# Install tfenv
RUN git clone <https://github.com/tfutils/tfenv.git> ~/.tfenv
RUN ln -s ~/.tfenv/bin/* /usr/local/bin
RUN tfenv install 1.0.11

LABEL "com.azure.dev.pipelines.agent.handler.node.path"="/usr/bin/node"

When trying to execute /usr/local/bin/tfenv or /usr/local/bin/terraform within step, I get a permission denied. I know that the command are executed from the user vsts_azpcontainer when using a custom container image. But also tweaking the permissions of terraform or tfenv did not work. I have the feeling, I am on a wrong path on that one. Have any of you dealt with this before?

Hey guys,
quick question
i am trying spin up and destroy azure mysql flexible db on demand using terraform .So is there a way for me to create tables and seed the data into the db each time i spin up ,other than manually logging into the db and running the sql scripts. like user data in VM's

Hello Azure Gang 👋

I am coming from AWS and quite new to the azure world and would love to exchange about best practises on terraform managed azure.
I am currently trying to figure out the best way to run a right & role system on multiple subscriptions in azure. I have the following requirements in mind:
• a role that can be assumed (by users) to have Contribute Access in each of the subscriptions
• a role that can be assumed (by users) to have Owner Access in each of the subscriptions
• a role than can be a assumed (by terraform in cicd like devops) in each of the subscriptions
I saw Hashicorp recommending using a Service Principal or Managed Idendity when running in f.e. azure devops and using authenticating via azure cli for running terraform locally. So i guess, having a Service Principal for my third requirement is the way to go.
Still i have azure resources in mind that need like a initial first local apply. But if i do so while being authenticated via the cli my personal user in azure Active Directory is the Owner of these resources, which i see more like a anti pattern. Does this means i should also use a Service Principal to apply azure ressources locally?

Would be lovely if someone can answer my questions or point me the right direction 🙂 Thank you!

Hello #azure

Capacity shortage on GCW region o/
Are you impacted?

👋 Hello, Azure!

Hi Team,

I want to create Azure Container Registry, how should I design it for organization so it will be at best and easy to handle

Thanks

Hi all - I'm new to Azure functions and very familiar with AWS Lambdas. In Lambdas, there is a concept of "Lambda function versions". Is there a similar concept in Azure functions? I'm having a terrible time finding any documentation on that. I'm only finding docs based on "Azure Functions runtime versions overview". Thanks in advance!

Anyone here that has experience with leveraging the Partner Admin Link?

Hello, Anyone can explain and/or seen additional DataDisk LUNs create after running the re-config scripts for MIGRATED FCI SQL Servers on Azure VMs?? Post Migration, run the PS scripts to "create shared data disks" then run the PS script to attached the disks, however it creates double the disks. Supposed to be 5 data disks on each Node however there's now 10 data disks,

don't create VMs with public ips ! that should be a mantra !
A vulnerability on Azure vm Linux has been found:
https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azure

finally released ! "New Resources: azurerm_sql_managed_instance and azurerm_sql_managed_database"

https://github.com/hashicorp/terraform-provider-azurerm/pull/12431

Hello,
recently one of my coworker who have admin access has create a vm with public ip .

There is no way to prevent someone who have admin access to the subscription to create resources manually.

But there is azure policy that can be used to enforce compliance and prevent stupid things to be done.

Don't fear to set it up front.

https://blog.nillsf.com/index.php/2019/11/02/using-azure-policy-to-deny-public-ips-on-specific-vnets/

true, playing with the enterprise scale starter repo at the moment,

the issue with the CAF repo is nested modules and difficulty in pinning a version. So, if one module changes, it could disrupt any other module using that module. Not a risk worth taking IMO

@Tom Howarth FYI - after investing this CAF module a bit more, I may be abandoning the idea of using it and moving on to test the enterprise scale repo to deploy archetypes, management groups, and policies and using custom modules to deploy vnet resources and such

did it find the tfvars files?

I am wondering if there is an issue with the june release rover

may need to modify the path

yet I can do a cd in to that none existent directory

must not be finding it

check the path to the launchpad dir

well that is an interesting error message :

Error on or near line 778: Folder /tf/caf/configuration/sandpit/level0/launchpad does not have any tfvars files.; exiting with status 1

the azure community is a ghostown, so the more we put in public the better IMO

wow you got a response on Gitter

it may be a better idea to move this to DM's LOL

yep, the separation of TF States is good, but the documenation is so poor as to be non existant.

Rover does it make it easy to deploy. The separtation of TF configs from logic is sort of a good idea. The implementation of it is terrible though. No docs or mature process for using

CAF isn’t a collection of resources though, so more so a framework for how to deploy. The landingzone is my main deliverable, which is essentially a subscription with policies

completely unsustainable IMO…I can see how AWS pivoted to watchtower product

yep