Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Using DuploCloud with Microsoft Azure
The DuploCloud platform installs a Virtual Machine resource within your Azure Subscription. It can be accessed using a web interface, API, or a Terraform provider. Login to the DuploCloud Portal via SSO through your GSuite or O365 login.
Read through the DuploCloud Platform Overview and learn about DuploCloud terms such as Infrastructure, Plan, and Tenant.
Before you begin, ensure that:
DuploCloud Portal has been set up and you have access to it.
You have access to your individual Slack channel for 24x7 support from the DuploCloud team.
Behind the scenes, a topology is created similar to the following low-level configuration in Azure.
Key concepts for using DuploCloud with Docker and Azure
While deploying Dockerized applications, familiarize yourself with some key concepts and terminologies.
See Use Cases for a description of DuploCloud Infrastructures and Tenants.
These are virtual machines. In AKS deployments, they are also called Worker nodes. By default, apps within a Tenant are pinned to VMs in the same Tenant.
Service is a DuploCloud term. DuploCloud Services are not Kubernetes Services. Services are microservices that are defined by a Name, DockerImage, and number of replicas in addition to many other optional parameters. Behind the scenes, a DuploCloud Service maps 1:1 either to a Kubernetes deployment set or to a StatefulSet depending on whether the microservice has stateful volumes or not. There are many optional configurations associated with a DuploCloud Service that represent various ways Docker containers can be run. A few of these are:
Environment variables
Host Network Mode
Volume mounts
Entrypoint or command overrides
Resource caps
Health Checks
If a service needs to be pinned to run only a specific set of Hosts, set an Allocation Tag on the Hosts as well as on the Service. The Allocation Tag is a case-insensitive substring match. For example, an Allocation Tag specified on a Service is usually a substring of the tag specified on the Host. If a Host is tagged HighCpu;HighMem, a Service tagged highcpu can be allocated on it. However, if the Service is tagged highcpu;gpu then it won't be allocated; it would need a Host tagged highcpu;gpu. If a Service does not have any tag set, it can be placed on any Host.
If the Host is tagged with a specific value and you have Services with the same tag, the Host is available for any Service that has no tags. If you want the exclusive assignment of a Host to a set of Services, ensure that every Service in the Tenant is tagged with some value.
In the case of Kubernetes deployments, the concept of Allocation Tags maps to labels on nodes, and on node selectors on the deployment set or StatefulSet.
Host Networking: By default, Docker containers have their own network addresses. you may want these containers to use the same network interface as the VM. This is called Host Network Mode.
Load Balancer: If a service must be accessed by other services, it needs to be exposed using a Load Balancer. Supported Load Balancers include:
A Network Load Balancer (NLB). An NLB distributes traffic across several servers by using the TCP/IP networking protocol. By combining two or more computers that are running applications into a single virtual cluster, NLB provides reliability and performance for web servers and other mission-critical servers.
An Application Load Balancer (ALB). An ALB provides outbound connections to cluster nodes inside the AKS virtual network, translating the private IP address to a public IP address as part of its Outbound Pool.
Orchestration across multiple Cloud providers
The majority of workloads deployed on DuploCloud are in Docker containers.
DuploCloud supports virtually all orchestration techniques across multiple cloud providers, using a simplified and cloud-neutral interface. On Microsoft Azure, orchestration includes support for Managed Kubernetes Service (AKS), and WebApps in Azure, and native Docker Containers.
In addition, the DuploCloud platform has a built-in container management platform that provides an alternative to Kubernetes, which can be complex to implement.
DuploCloud supports many types of applications in Azure, including but not limited to:
Dockerized apps constitute about 90% of our user workloads. The platform orchestrates containerized application deployments using AKS or built-in container orchestrations as defined in the Container orchestration features section.
If you need other services, please get in touch with your DuploCloud support team. The typical turnaround time for creating a custom service is a business week.
Tasks to perform before you use Azure with DuploCloud
Before using DuploCloud, ensure the following prerequisites are met.
Read the Access Control section to ensure at least one person has administrator access.
Multiple container orchestration technologies for ease of consumption
DuploCloud abstracts the complexity of container orchestration technologies, allowing you to focus on the deployment, updating, and debugging of your containerized application.
Among the technologies supported are:
Azure Kubernetes Service [AKS]: The DuploCloud platform uses AKS, providing you with a user-friendly interface that conceals the complexities of Kubernetes (K8s). Using the UI, you can add K8S configurations around Pods, Containers, Secrets, and so on.
Built-in (DuploCloud): DuploCloud platform's built-in container management has the same interface as the docker run
command, except that it can be scaled to hundreds of containers across many hosts, providing capabilities such as associated load balancers, DNS, and more.
Use the feature matrix below to compare the features of the orchestration technologies that DuploCloud supports. Whatever option you choose, DuploCloud helps you implement it through the Portal or the Terraform API.
One dot indicates a low rating, two dots indicate a medium rating, and three dots indicate a high rating. For example, Kubernetes has a low ease-of-use rating, but a high rating for stateful application support.
Use the definitions below to understand how each feature in the matrix above is rated in relation to each of the three listed technologies (Kubernetes, Built-In).
Ease of Use:
Kubernetes is extensible and customizable, but not without a cost in ease of use. The DuploCloud platform reduces the complexities of Kubernetes, making it comparable with other container orchestration technologies in ease of adoption.
DuploCloud's Built-in orchestration mirrors docker run
. You can SSH into a virtual machine (VM) and run docker
commands to debug and diagnose. If you have an application with a few stateless microservices; or configurations that use environment variables or Azure VM extensions, Azure Blob, or Azure Key Vault, consider using DuploCloud's Built-in container orchestration.
Features and Ecosystem Tools: Kubernetes is rich in many additional built-in features and ecosystem tools, most notably Secrets Management and ConfigMaps. Built-In and AKS rely on native Azure services. While Kubernetes features have an equivalent in Azure, third parties tend to publish their software as Kubernetes packages (Helm Charts). Some examples are Influx DB, Time Series DB, Prefect, etc.
Suitability for Stateful apps: Stateful applications should be avoided in Azure. Instead, cloud-managed storage solutions should be leveraged for the best availability and SLA compliance. In scenarios where this is undesirable due to cost, Kubernetes offers the best solution. Kubernetes uses StatefulSets and Volumes to implicitly manage Azure Storage volumes. With Built-in and AKS, you must use a shared drive, which may not have feature parity with Kubernetes volume management.
Stability and Maintenance: Even though Kubernetes is highly stable, it is an open-source product. The native customizability and extensibility of Kubernetes can lead to points of failure when a mandatory cluster upgrade is needed, for example. This complexity often leads to support costs from third-party vendors. Maintenance can be especially costly with AKS, as versions are deprecated frequently and you are required to upgrade the control plane and data nodes. While DuploCloud automates this upgrade process, it still requires careful planning and execution.
Azure Cost: While the Azure control plane cost is relatively low, it is not recommended to operate an AKS environment without business support at an additional premium. If you are a small business, you may be able to add the support tier when you need it and then turn it off to reduce costs.
Multi-Cloud: For many enterprises and independent software vendors this is a requirement, either immediately or in the future. While Kubernetes provides this benefit, DuploCloud's implementation is much easier to maintain and easier to implement.
Feature | Kubernetes | Built-In |
---|---|---|
Ease of use
Features and ecosystem Tools
Suitability for stateful apps
Stability and maintenance
Azure cost
Multi-cloud (w/o DuploCloud)
Add DNS entries for DuploCloud Services to use your domain names
Before you use DuploCloud for Azure, a subdomain-hosted zone must be created to program DNS entries so that DuploCloud services can access your specific domain names. In addition, keys must be added to the DuploCloud configuration that map to the needed DNS entries. With your assistance, the DuploCloud support staff can accomplish this task
Once the configuration of the DNS entries is complete, you can use your existing domain names with DuploCloud.
In order to add your DNS entries, contact DuploCloud via email or by using your private Slack channel. Our support staff guides you through the process and assists you with completing other prerequisites in this section, such as providing CRT files and private keys for importing SSL certificates.
Import SSL certs to establish secure access to the DuploCloud Portal
Establish secure access to the DuploCloud portal by importing SSL certificates, and creating and configuring the certificates in DuploCloud.
If you haven't already done so, contact the DuploCloud support staff via email or by using your private Slack channel. They will provide you with everything you need to accomplish this task and assist you with other needed prerequisites to set up DuploCloud for Azure.
Contact the DuploCloud support staff via email or by using your private Slack channel to request the following for SSL certificate setup and configuration:
Security Certificate (.crt
) file
Certificate Private Key
Certificate Bundle (.crt
) containing the Intermediate and Root Certificates. You can download the Certificate Bundle from https://support.globalsign.com/ca-certificates/intermediate-certificates/alphassl-intermediate-certificates.
Because Azure supports only PFX files for SSL certificates, you must convert the CRT file that DuploCloud provides you to PFX format.
To do this, enter the following using the command line:
When running this command, you will be asked for a password to protect the PFX file. Note this password and store it in a secure place as you will need to provide it when importing the certificate to Azure KeyVault.
After you generate the PFX file, sign in to the Azure Portal and access Azure Key Vault.
Select the respective Azure Key Vault for your environment (for example, production versus test) to import the PFX file as shown below.
In Azure Key Vault, navigate to Objects -> Certificates and click Generate/Import.
When you click Generate/Import, the Create a Certificate form displays. In the Method of Certificate Creation field, select Import.
Name the Certificate, using the Certificate Name field.
Browse for a file to upload, using the Upload Certificate File field.
In the Password field, enter the password you set when you generated the PFX file.
Click Create. Even though the certificate is created, notice that the certificate is not yet successfully imported into the vault, as indicated by the No certificates available message, as shown below. To import the certificate, you must obtain the Secret Identifier ARN of this certificate and then configure it in DuploCloud.
On the Certificates page, select the certificate from the list, and open the CURRENT VERSION of the certificate, as shown below, to obtain the Secret Identifier.
You will paste the ARN when you configure the certificate in DuploCloud.
With the Secret Identifier in your Clipboard, you are now ready to configure the certificate in the DuploCloud Portal and
In the DuploCloud Portal, navigate to Administrator -> Plans.
Select the Plan to which you want to add the certificate from the Name column. The Plans page displays.
Click the Certificates tab.
Click Add. The Add a Certificate pane displays.
Enter a Name for the certificate.
Paste the Secret Identifier that you obtained from the Azure Portal (it should be in your Clipboard) into the Certificate ARN field.
Click Create.
Before attaching certificates with K8S Ingress in the DuploCloud Portal, create and configure an azure-application-gateway.
If you use Kubernetes Ingress, you can attach the certificate to the appropriate DuploCloud service in the DuploCloud portal by using the Kubernetes -> Ingress option.
In the DuploCloud Portal, navigate to Kubernetes -> Ingress.
On the Ingress page, select the Ingress instance for the azure- application-gateway.
Click the Ingress Rules tab.
From the Actions menu, select Edit.
On the Edit Kubernetes Ingress page, select the certificate that you want to attach from the Certificate ARN list box.
Click Update.
The certificate is attached to the Ingress application gateway and is available to the service.
In the Certificate Version form, copy the Secret Identifier using the Copy Icon ().
Connecting to the DuploCloud VPN with the OpenVPN client
DuploCloud integrates natively with OpenVPN by provisioning VPN users added to the Duplocloud portal. As a DuploCloud user, you can access resources in the private network by connecting to the VPN with the OpenVPN client.
The OpenVPN Access Server is set to forward only traffic destined for network resources in the DuploCloud-managed private networks. Traffic accessing other resources on the internet does not pass through the tunnel.
User VPN credentials are accessible on the user profile page. It can be accessed through the menu on the upper right of the page or through the Administrator -> Users menu option on the left.
Click the VPN URL link in the VPN Details section of your user profile. Browsers will call the link unsafe since it is using a self-signed certificate. Proceed to it.
Open the .ovpn file and click OK in the Import .ovpn profile dialog.
Set the default AKS cluster version to enable Kubernetes cluster creation
DuploCloud contains many features that leverage Kubernetes in your cloud environment. In order to create Kubernetes clusters with DuploCloud Azure, you must set the default version of your AKS cluster in DuploCloud's configuration.
If you do not set the default AKS cluster version, or keep it updated to your current AKD cluster version release, DuploCloud may be unable to create Kubernetes clusters.
Failure to create Kubernetes clusters is often indicated by empty values for Server Endpoint and Token.
For example, in the DuploCloud Portal, navigate to Administrator -> Infrastructure. Select your Infrastructure Name and click the Kubernetes tab. If the Server Endpoint and Token fields are empty, this indicates a failure occurred when attempting to create a Kubernetes cluster.
To set the default AKS cluster version and enable Kubernetes cluster creation:
In the DuploCloud Portal, navigate to Administrator -> System Settings.
Click the System Config tab.
In the System Configs section, click Add. The Add Config pane displays.
Select Other from the Config Type list box.
Select AppConfig from the Other Config Type list box.
In the Key list box, type AKS_DEFAULT_CLUSTER_VERSION.
In the Value field, enter the default AKS cluster version number (for example, 1.23.12). When you upgrade your AKS cluster, you will need to update the value of AKS_DEFAULT_CLUSTER_VERSION.
Click Submit. The key and value are displayed in the System Config tab.
Get up and running with DuploCloud running inside a Microsoft Azure cloud environment; harness the power of generating application infrastructures.
This Quick Start tutorial shows you how to set up an end-to-end cloud deployment. You will create Azure infrastructure and tenants and, by the end of this tutorial, you can view a deployed sample web application.
Estimated time to complete tutorial: 90-100 minutes.
Integrate with OpenVPN by provisioning VPN users
DuploCloud integrates natively with OpenVPN by provisioning VPN users that you add to the Duplocloud Portal. OpenVPN setup is a two-step process.
Accept OpenVPN in the Azure marketplace and follow the instructions in the Quick Start Guide.
In the DuploCloud Portal, navigate to Administrator -> System Settings.
Click the VPN tab.
Click Provision VPN.
After the OpenVPN is provisioned, it is ready to use. Behind the scenes, DuploCloud launches a cloud formation script to provision the OpenVPN.
You can find the OpenVPN admin password in the cloud formation stack in your Azure console.
Provision a VPN while creating a user:
In the DuploCloud Portal, navigate to Administrator -> Users.
Click Add. The Create User pane displays.
Enter a valid email address in the Username field.
In the Roles field, select the appropriate role for the User.
Select Provision VPN.
Click Submit.
For information about removing VPN access for a user, see Deleting a VPN user. To delete VPN access, you must have administrator privileges.
By default, users connected to a VPN can SSH or RDP into virtual machines (VMs). Users can also connect to internal load balancers and endpoints of the applications. However, to connect to other services, such as databases and elastic cache, you must open the port to the VPN:
In the DuploCloud Portal, navigate to Administrator -> Tenant.
Select the Tenant in the Name column.
Click the Security tab.
Click Add. The Add Tenant Security pane displays.
In the Source Type field, select Ip Address.
In the IP CIDR field, enter the name of your VPN.
Click Add.
Creating the DuploCloud Infrastructure and a Plan
Each DuploCloud Infrastructure is a connection to a unique Virtual Private Cloud (VPC) network that resides in a region that can host Kubernetes clusters. An Infrastructure can reside On-Premises (On-Prem) or in a Public Cloud.
After you supply a few basic inputs DuploCloud creates an Infrastructure for you, within Azure and within DuploCloud, with a few clicks. Behind the scenes, DuploCloud does a lot with what little you supply—generating subnets, NAT gateway, routes, and a cluster in the region.
With the Infrastructure as your foundation, you can customize an extensible, versatile Platform Engineering development environment by adding Tenants, Hosts, Services, and more.
Estimated time to complete Step 1: 40 minutes. Much of this time is consumed by DuploCloud's creation of the Infrastructure and enabling your AKS cluster with Kubernetes.
Before starting this tutorial:
Learn more about DuploCloud Infrastructures, Plans, and Tenants.
Reference the Access Control documentation to create User IDs with the Administrator role. In order to perform the tasks in this tutorial, you must have Administrator privileges.
In the DuploCloud Portal, navigate to Administrator -> Infrastructure.
Click Add. The Add Infrastructure page displays.
From the table below, enter the values that correspond to the fields on the Add Infrastructure page. Accept all other default values for fields not specified.
Click Create to create the Infrastructure. It may take up to half an hour to create the Infrastructure. When creation completes, a status of Complete displays.
In the DuploCloud Portal, navigate to Administrator -> Infrastructure.
Select the Infrastructure you created.
Click the AKS tab.
Select the Click Here link. The Configure AKS Cluster pane displays.
Enter a Cluster Name.
Select the Node VM Size from the list box.
Click Create. It may take some time for enablement to complete. Use the Kubernetes card in the Infrastructure screen to monitor the status, which should display as Enabled when completed. You can also monitor progress by using the Kubernetes tab, as DuploCloud generates your Cluster Name, Default VM Size, Server Endpoint, and Token.
Every DuploCloud Infrastructure generates a Plan. Plans are sets of templates that are used to configure the Tenants or workspaces, in your Infrastructure. You will set up Tenants in the next tutorial step.
Before proceeding, confirm that a Plan exists that corresponds to your newly created Infrastructure.
In the DuploCloud Portal, navigate to Administrator -> Plans. The Plans page displays.
Verify that a Plan exists with the name NONPROD, the name that you gave to the Infrastructure you created.
DuploCloud begins creating and configuring an AKS cluster using Kubernetes. You receive an alert message when the Infrastructure has been updated.
You previously verified that your Infrastructure and Plan were created. Now, verify that AKS is Enabled before proceeding to Create a Tenant.
From the Infrastructure page, select the Infrastructure (NONPROD) that you created. When AKS has been Enabled, details are listed in the Kubernetes tab on the Infrastructure page. This page also displays the Enabled status on the Kubernetes card.
Creating Azure Agent Pools as shared resources across Tenants
Estimated time to complete Step 3: 10 minutes.
Selected Tenant DEV01 in the Tenant list box, at the top of the DuploCloud Portal.
In the DuploCloud Portal, navigate to Cloud Services -> Hosts.
Click the Azure Agent Pool tab.
Click Add. The Azure Agent Pool page displays.
From the table below, enter the values corresponding to the fields and options on the Azure Agent Pool page. Accept the defaults for fields that are not listed.
Click Add. After a few minutes, the Azure Agent Pool is created.
On the Azure Agent Pool page, verify that the created agent pool (with a Name generated by DuploCloud) has a Status of Succeeded.
Log in to the OpenVPN Access Server user portal using the credentials from the DuploCloud user profile section.
Install the OpenVPN Connect app on your local machine.
Download the OpenVPN user profile for your account from the link labeled Yourself (user-locked profile).
Click Connect.
Add Infrastructure page field | Value |
---|---|
So far you have created an , a , and a Now you need to create Agent Pools to serve computing and storage resources to your Tenants, using agents that monitor resource allocation.
Instead of managing each agent individually, agents are grouped into for maximum efficiency. You share Azure Agent Pools across workloads defined by the Tenants that you set up. Azure Agent Pools are scoped to a Host (Virtual Machine or VM) or a group of Hosts by . In this tutorial, you won't be creating specific Hosts, but you will create an Azure Agent Pool to which a group of VMs has already been defined by DuploCloud.
DuploCloud ensures that your application development platform conforms to Azure best practices. While you provide only high-level specifications, DuploCloud does the rest, configuring encryption, linking to managed identity, and logging you into a virtual Linux workstation to access Kubernetes constructs like , , and .
Before creating Azure Agent Pools, verify that you accomplished the tasks in of this tutorial. In DuploCloud Portal, in the Administrator navigation group, confirm that you have:
An named NONPROD.
A named NONPROD.
A named DEV01
Azure Agent Pool page fields and options | Value or action |
---|
Name
nonprod
Subscription
YOUR_AZURE_SUBSCRIPTION_NAME
VNET CIDR
10.23.0.0/16
Subnet CIDR
10.23.0.0/20
Cloud
Azure
Region
YOUR_GEOGRAPHIC_REGION
Id |
|
Instance Type |
|
Creating a DuploCloud Tenant that segregates your workloads
Now that the Infrastructure and Plan exist and AKS has been enabled, create one or more Tenants that use the configuration DuploCloud created.
Tenants in DuploCloud are similar to projects or workspaces and have a subordinate relationship to the Infrastructure. Think of the Infrastructure as a virtual "house" (cloud), with Tenants conceptually "residing" in the Infrastructure performing specific workloads that you define. As Infrastructure is an abstraction of a Virtual Private Cloud. Tenants abstract the segregation created by a Kubernetes Namespace, although Kubernetes Namespaces are only one component that Tenants can contain.
In Azure, Microsoft cloud features such as Azure resource groups, Azure managed identity, Azure application security groups (ASG), and KMS keys are exposed in Tenants, which reference these feature configurations.
Estimated time to complete Step 2: 10 minutes.
DuploCloud customers often create at least two Tenants for their production and non-production cloud environments (Infrastructures).
For example:
Production Infrastructure
Pre-production Tenant - for preparing or reviewing production code
Production Tenant - for deploying tested code
Non-production Infrastructure
Development Tenant - for writing and reviewing code
Quality Assurance Tenant - for automated testing
In larger organizations, some customers create Tenants based on application environments, such as creating one Tenant for Data Science applications and another Tenant for web applications, and so on.
Tenants are sometimes created to isolate a single customer workload, allowing more granular performance monitoring, scaling flexibility, or tighter security. This is referred to as a single-Tenant setup.
Before creating a Tenant, verify that you accomplished the tasks in Step 1 of this tutorial. Using the DuploCloud Portal, confirm that:
An Infrastructure and Plan exist, both with the name NONPROD.
The NONPROD infrastructure has Azure Kubernetes Service (AKS) Enabled.
Create a Tenant for your Infrastructure and Plan:
In the DuploCloud Portal, navigate to Administrator -> Tenants.
Click Add. The Create a Tenant pane displays.
Enter dev01 in the Name field.
Select the Plan that you created in the previous step (NONPROD).
Click Create.
Navigate to Administrator -> Tenants and verify that the dev01 Tenant displays in the list.
Navigate to Administrator -> Infrastructure and select dev01 from the Tenant list box at the top left in the DuploCloud Portal. The NONPROD Infrastructure appears in the list of Infrastructures, indicating that the dev01 Tenant is associated with Infrastructure NONPROD.
Create a DuploCloud Service for application deployment
With all of the core components of your Duplocloud platform configured, enabled, and running, you're ready to deploy applications with Azure, using AKG and Kubernetes.
Estimated time to complete Step 4: 15 minutes.
Before creating your DuploCloud Service, ensure that:
Tenant DEV01 is selected in the Tenant list box, at the top of the DuploCloud Portal.
In the DuploCloud Portal, navigate to Kubernetes -> Services.
Click Add. The Add Service page displays.
In the Service Name field, enter nginx-service.
Specify the Docker image that you use to run the application. In the Docker Image field, enter nginx:latest.
Click Next, accepting all other defaults. The Advanced Options page displays.
Scroll down if needed and click Create.
After a few minutes, the Service initializes and starts up. Shortly afterward, you can see the service and the containers running.
Test the application to ensure you get the results you expect
Estimated time to complete Step 6 and finish tutorial: 10 minutes.
Before testing your application, ensure that:
Tenant dev01 is selected in the Tenant list box, at the top of the DuploCloud Portal.
Display the web page that the application creates:
In the DuploCloud Portal, navigate to Kubernetes -> Ingress.
Select the VIEWWEBSITE Ingress from the Name column.
Click the Configuration tab.
In the Application Gateway IP card, copy the displayed IP address to your clipboard. In this example, the IP address is 20.84.11.154.
Open a web browser and paste the copied IP address in your browser's URL field.
Press Enter. Your application runs and your web page renders as shown below. Congratulations! You just launched your first web service with Azure on DuploCloud!
In this tutorial, your objective was to create a cloud environment to deploy an application for testing purposes, and to understand how the various components of DuploCloud work together.
The application rendered a simple web page with text, coded in JavaScript, from software application code residing in a Docker container. You can use this same procedure to deploy much more complex cloud applications.
In the previous steps, you:
In this tutorial, you created many artifacts for testing purposes. When you are ready, clean them up so that another person can run this tutorial from the start, using the same names for Infrastructure and Tenant.
The NONPROD Infrastructure is deleted and you have completed the clean-up of your test environment.
Thanks for completing this tutorial and proceed to the next section to learn more about using DuploCloud with Microsoft Azure.
In order to deploy applications, you must first create a DuploCloud Service to connect to the Docker containers and images where your application code exists. Once you create a service from the DuploCloud Portal, you can also perform tasks that you might perform when working with a . For example, you can view container logs, container state, and container shell, as well as get access to kubectl
, which allows you to work directly with Kubernetes constructs such as Pods.
In this step, we create a service to connect a container image with code that displays text on a web page. The Docker container and image name is nginx:latest. nginx is the image name and :latest indicates that the latest version of that image will be used.
See the Docker documentation for an .
All previous steps in this tutorial to create an , , are complete.
The is enabled.
You can test the sample web page application directly from the VIEWWEBSITE Ingress .
Previous steps in this tutorial to create an , , , , and are complete.
is enabled.
.
You for your DuploCloud Service to listen on port 80, enabled the , and configured a Load Balancer Listener that uses .
named NONPROD, a Virtual Private Cloud instance, backed by an AKS-enabled Kubernetes cluster.
named dev01 in Infrastructure NONPROD. While generating the Infrastructure, DuploCloud created a set of templates () to configure multiple Azure and Kubernetes components needed for your environment.
backed by pre-existing hosts (VMs), so that your application has storage resources with which to run.
to connect the Docker containers and associated images, in which your application code resides, to the DuploCloud Tenant environment.
and a Kubernetes Node Port to expose your application via ports and backend network configurations. You enabled an Azure application gateway and created a Kubernetes Ingress to communicate with the node port and the AKS-enabled Kubernetes cluster in the Infrastructure.
as expected by testing the IP address exposed by the Kubernetes Ingress.
To delete the dev01 tenant and then return to this page. As you learned, the Tenant segregates all work in one isolated environment, so deleting the Tenant that you created cleans up most of your artifacts.
Finish by deleting the NONPROD Infrastructure. In the DuploCloud Portal, navigate to Administrator -> Infrastructure. Click the Action menu icon () for the NONPROD row and select Delete.
Create a load balancer to access your application
Now that your DuploCloud Service is running, you have a mechanism to expose the containers and images in which your application resides. But because your containers are running inside a private network, you also need a load balancer to listen on the correct ports in order to access the application.
In this step, we add a Load Balancer Listener to complete this network configuration.
Estimated time to complete Step 5: 20 minutes.
Before creating your DuploCloud load balancer, ensure that:
All previous steps in this tutorial to create an Infrastructure and Plan, Tenant, Azure Agent Pool, and Service are complete.
AKS Kubernetes cluster is enabled.
dev01 is selected in the Tenant list box, at the top of the DuploCloud Portal.
Add a load balancer for your running service that listens on port 80:
In the DuploCloud Portal, navigate to Kubernetes -> Services.
On the Services page, select the nginx-service you started when creating a service in the previous step.
Click the Load Balancers tab.
Click the Configure Load Balancer link. The Add Load Balancer Listener pane displays.
Select K8S Node Port from the Select Type list box.
Enter 80 in the Container port field.
Enter 30008 in the External port field.
Type / (forward-slash) in the Health Check field to indicate that the cluster we want Kubernetes to perform Health Checks on is located at the root
level.
Select TCP from the Backend Protocol list box.
Click Add. The Load Balancer is created and started. After a few minutes, the LB Status card displays a status of Ready, indicating that the Load Balancer is ready for use.
When we created the Load Balancer Listener, we used the K8S Node Port type, which leverages the capabilities of the Kubernetes Ingress object.
Ingress is an entry point that front-ends multiple services in a cluster. It can be defined as a collection of routing rules that governs how external users access services running inside a Kubernetes cluster. One of the greatest benefits of Ingress is its ability to secure the network traffic to your application. With Ingress, you can define a TLS private key and certificates by leveraging Kubernetes Secrets, instead of directly defining TLS details in the Ingress resource.
To use Ingress, you first enable the Kubernetes Ingress Controller to open the application gateway for Ingress.
In the DuploCloud Portal, navigate to Administrator -> Infrastructure.
Select your Infrastructure from the Name column.
Click the Settings tab.
Click Add. The Infra-Set Custom Data pane displays.
In the Setting Name field, select Enable App Gateway Ingress Controller.
Click Enable.
Click Set. In the Settings tab, the Enable App Gateway Ingress Controller setting now contains the true in the Value column.
Now that your gateway is established and opened, you add Kubernetes Ingress to expose the backend HTTP routes outside the cluster to your service.
The Ingress object communicates with the Kubernetes NodePort that your Load Balancer Listener uses. Ingress objects are flexible constructs in Kubernetes, and their use here is an example of how DuploCloud leverages the power of Kubernetes constructs while abstracting away their native complexity. To manually create these components (and maintain them) in Kubernetes, takes a significant amount of developer time.
In the DuploCloud Portal, navigate to Kubernetes -> Ingress.
Click Add. The Add Kubernetes Ingress page displays.
In the Ingress Name field, type viewwebsite.
In the Ingress Controller list box, select azure-application-gateway.
In the Visibility list box, select Public.
Click Add Rule. The Add Ingress Rule pane displays.
In the Path field, type / (forward-slash).
In the Service Name field, select nginx-service:80.
Click Add Rule to add the rule and to close the Add Ingress Rule pane. You should be back to viewing the Add Kubernetes Ingress page.
On the Add Kubernetes Ingress page, click Add to add Ingress. On the Ingress page, the VIEWWEBSITE Ingress that you defined, with an Ingress Class of azure-application-gateway, displays.
Before you proceed to the final step and run your application, ensure that you:
Configured a Load Balancer Listener that uses K8S Node Port.
Enabled the App Gateway Ingress Controller.
Defined an Ingress and a rule for your DuploCloud Service to listen on port 80.
How Infrastructures and Plans work together to create a VPC
Infrastructures are abstractions that allow you to create a Virtual Private Cloud (VPC) instance in the DuploCloud Portal. When you create an Infrastructure, a Plan is automatically generated to supply the network configuration necessary for your Infrastructure to run.
DuploCloud creates a VNET with a default subnet and a default Network Security Group (NSG). The creation of an Infrastructure takes about ten (10) minutes.
When you create a DuploCloud Infrastructure, you create an isolated environment that maps to a Kubernetes cluster.
When creating an Infrastructure, you specify the number of availability zones, the region, VPC Classless Inter-Domain Routing (CIDR), and a subnet mask. DuploCloud creates two subnets in each availability zone, one private and one public, and sets up routes and a NAT gateway.
Create a DuploCloud Infrastructure in the DuploCloud Portal:
Select Administrator -> Infrastructure from the navigation menu.
Click Add.
Define the Infrastructure by completing the fields on the Add Infrastructure form.
Click Create. The Infrastructure is created and is listed on the Infrastructure page.
Up to one instance (0 or 1) of an AKS is supported for each DuploCloud Infrastructure.
When you create the Infrastructure, DuploCloud creates the following components:
VPC with 2 subnets (private, public) in each availability zone
Required security groups
NAT Gateway
Internet Gateway
Route tables
Cloud providers limit the number of Infrastructures that can run in each region. If you have completed the steps to create an Infrastructure and it doesn't show a Status of Complete, try selecting a different region.
Use Cases supported for DuploCloud Azure
Topics in this section are covered in the order of typical usage. Use cases that are foundational to DuploCloud such as Infrastructure, Tenant, and Hosts are listed at the beginning of this section; while supporting use cases such as Logs, Metrics, and Faults and alerts appear near the end.
In DuploCloud, an maps one-to-one to a VPC in a specified region. It also maps to an cluster that you use for container orchestration.
To enable an AKS cluster for Azure, follow .
with the master VPC, which is initially configured in DuploCloud
You can choose to by configuring a Key/Value pair in the Infrastructure.
Once the Infrastructure is created, a (with the same Infrastructure name) is automatically created and populated with the Infrastructure configuration. The Plan is used to create .
Encrypt an Azure storage account
Secure your Azure cloud data by enabling Azure storage encryption for data at rest, using Encryption Key Management. Configuring this feature for your DuploCloud Infrastructure enables you to specify customer-managed keys or customer-provided keys for your existing Blob storage.
In the DuploCloud Portal, navigate to Administrator -> System Settings.
Click the System Config tab.
In the System Configs area, click Add. The Add Config pane displays.
From the Config Type list box, select Flags.
From the Key list box, select Enable Storage Account Infra Encryption.
From the Value list box, select true.
Click Submit.
The Key/Value pair configuration is displayed in the System Configs area.
Using Tenants in DuploCloud
In Azure, Microsoft cloud features such as Azure resource groups, Azure managed identity, Azure application security groups (ASG), KMS keys, as well as Kubernetes Namespaces, are exposed in Tenants which reference their configurations.
When you create Tenants in an Infrastructure, a namespace is created in the Kubernetes cluster with the name duploservices-TENANT_NAME.
DuploCloud creates the Network Security Group (NSG) for the Tenant which acts as a security boundary.
At the logical level, the Tenant is:
A Container of resources: All resources (except ones corresponding to the Infrastructure) are created within the Tenant. If a tenant is deleted, all the resources in the Tenant are terminated.
A Security Boundary: All resources within a Tenant can talk to each other. For example, a Docker container deployed in an AKG instance within the tenant will have access to Azure Blob storage and Azure SQL databases within the same tenant. SQL database instances in another tenant cannot be reached, for example, by default. Tenants expose endpoints to each other using load balancers or explicit inter-Tenant security groups and identity management policies.
User Access Control: Self-service is the bedrock of the DuploCloud platform. To that end, users can be granted Tenant level access. For example, John and Jim are developers who can be granted access to the DEV01 tenant, Joe is an administrator who has access to all tenants, and Anna is a data scientist who has access only to the DATASCI tenant.
A Billing Unit: Because the Tenant is a container of resources, all resources in the Tenant are tagged with the Tenant's name in the cloud provider, making it easy to segregate usage by Tenant.
A mechanism for alerting: All alerts represent Faults in any resource within the Tenants.
A mechanism for logging: Each Tenant has its unique set of logs.
A mechanism for metrics: Each Tenant has its unique set of metrics.
Many DuploCloud customers create at least two Tenants for both their production and non-production cloud environments (Infrastructures).
You can map Tenants in each or all of your development, testing, staging, Quality Assurance (QA), and production environments.
For example:
Production Infrastructure
Pre-production Tenant - for preparing or reviewing production code
Production Tenant - for deploying tested code
Non-production Infrastructure
Development Tenant - for writing and reviewing code
Quality Assurance Tenant - for automated testing
In larger organizations, some customers create Tenants based on application environments, such as creating a tenant for Data Science applications, another for web applications, etc.
Tenants are sometimes created to isolate a single customer workload, allowing more granular monitoring of performance, the flexibility of scaling, or tighter security. This is referred to as a single-Tenant setup. In this case, a DuploCloud Tenant maps to an environment used exclusively by the end client.
When you have a large set of applications that different teams access, it is helpful to map Tenants to team workloads. For example, you could create Tenants for Dev-analytics, Stage-analytics, and so on.
While Infrastructure provides abstraction and isolation at the Virtual Private Cloud (VPC) and Kubernetes/AKG Cluster level, the Tenant supplies the next level of isolation implemented in AKS by segregating Tenants using the following construct per Tenant
A set of security groups
An identity management role and profile
A Kubernetes Namespace, a read-only service account, and a write service account
KMS Key
PEM file
AKS Worker nodes or virtual machines (VMs) created within a Tenant are given a label with the Tenant Name, as are the node selectors and namespaces. Consequently, even at the worker node level, two tenants achieve complete isolation and independence, even though they may be sharing the same Kubernetes cluster by a shared Infrastructure.
To add a Tenant, navigate to Administrator -> Tenant in the DuploCloud Portal and click Add.
Each Tenant is mapped to a Namespace in Kubernetes. For example, if a Tenant is called Analytics in DuploCloud, the Kubernetes Namespace is called duploservices-analytics
.
All application components within the Analytics Tenant are placed in the duploservices-analytics
namespace. Since nodes cannot be part of a Kubernetes Namespace, DuploCloud creates a tenantname
label for all the nodes that are launched within the Tenant. For example, a node launched in the Analytics Tenant is labeledtenantname: duploservices-analytics
.
Any Pods that are launched using the DuploCloud UI have an appropriate Kubernetes nodeSelector
that ties the Pod to the nodes within the Tenant. If you are deploying via kubectl,
ensure that your deployment is using the proper nodeSelector
.
Upgrade the Azure Kubernetes Service (AKS) version
Microsoft frequently updates the version of AKS based on new features that are available in the Kubernetes platform.
DuploCloud pushes AKS upgrades to the DuploCloud Portal code, but we request that you contact the DuploCloud Support staff on your Slack channel or by email when upgrading, for the moment.
In future releases, this upgrade will be available for customers to install.
Using Hosts in DuploCloud
Once we have the Infrastructure (Networking, Kubernetes cluster, and other common configurations) and an environment (Tenant) set up, the next step is to create VMs. These could be meant for:
AKS Worker Nodes
Worker Nodes (Docker Hosts) if built-in container orchestration is used.
Regular nodes that are not part of any container orchestration, where a user manually connects and installs applications. For example, when using a Microsoft SQL Server in a VM, when running an IIS application and in other custom use cases.
For ease of use, create a link to the Azure Console from a Host page Action Menu.
Add a Virtual Machine Host. DuploCloud AWS supports Host (Azure Host) and BYOH (Bring Your Own Host) types. Use BYOH for any VM that is not an Azure Host.
Ensure you have selected the appropriate Tenant from the Tenant list box at the top of the DuploCloud Portal.
In the DuploCloud Portal, navigate to Cloud Services -> Hosts.
Click the tab that corresponds to the type of Host you want to create (HOST or BYOH).
Click Add.
It is not necessary to explicitly define Hosts. Instead, you can use Azure Agent Pools and VM Scale Sets.
See Kubernetes StorageClass and PVC.
While lower-level details such as IAM roles and security groups are abstracted, deriving instead from the Tenant, only the most application-centric inputs are required to set up Hosts.
Most of these inputs are optional and some are available as list box selections, set by the administrator in the Plan (for example, Image ID, in Host Advanced Options).
There are two additional parameters
Fleet: This is applicable if the VM is to be used as a host for container orchestration by the platform. The choices are:
Linux Docker/Native: To be used for hosting Linux containers using the Built-in Container orchestration.
Docker Windows: To be used for hosting Windows containers using the Built-in Container orchestration.
None: To be used for non-Container Orchestration purposes and contents inside the VM are self-managed by the user.
Allocation Tags (Optional): If the VM is used for containers, you can optionally set a label on the VM. This label is specified during Docker application deployment to ensure that the application containers are pinned to a specific set of nodes, giving you the ability to split a tenant further into separate pools of servers and deploy applications on them.
If a VM is used for container orchestration, ensure that the Image ID corresponds to the Image in the container. Any name that begins with Duplo is an image that DuploCloud generates for Built-in container orchestration
Manage Tenant expiry settings in the DuploCloud Portal
In the DuploCloud Portal, configure an expiration time for a Tenant. At the set expiration time, the Tenant and associated resources are deleted.
In the DuploCloud Portal, navigate to Administrator -> Tenants. The Tenants page displays.
From the Name column, select the Tenant for which you want to configure an expiration time.
From the Actions list box, select Set Tenant Expiration. The Tenant - Set Tenant Expiration pane displays.
Select the date and time (using your local time zone) when you want the Tenant to expire.
Click Set. At the configured day and time, the Tenant and associated resources will be deleted.
The Set Tenant Expiration option is not available for Default or Compliance Tenants.
Dynamically configure Azure agent pools for optimum performance
When you use autoscaling for Azure agent pools, you allow DuploCloud to manage your application's capacity requirements within your limits.
In the DuploCloud Portal, create an Azure agent pool with the Enable Autoscaling option selected. Each agent pool contains nodes backed by the virtual host machines.
In addition to the visibility of faults in the UI, DuploCloud also supports sending these notifications to the following systems:
Sentry
PagerDuty
NewRelic
AWS WorkDocs
OpsGenie
Refer to the link here for the detailed configuration.
Backup your hosts (VMs)
Create Virtual Machine (VM) snapshots in the DuploCloud Portal.
In the DuploCloud Portal, navigate to Cloud Services -> Hosts. The Hosts page displays.
Select the Host you want to backup from the Name column.
Click Actions and select Snapshot.
Once you take a VM Snapshot, the snapshot displays as an available Image Id when you create a Host.
Autoscaling with Azure Agent Pools and Kubernetes
DuploCloud supports various ways to scale the workload, depending on the underlying Azure services being used.
Checking Faults and Alerts in the DuploCloud Portal
Faults that happen in the system be it Infrastructure creation, Container deployments, or Application health checks can be tracked in the DuploCloud portal under Faults Menu.
You can look at Tenant specific faults under Observability -> Faults or all the faults in the system under Administrator -> Faults. In addition to notifying you about the faults, DuploCloud integrates with Sentry, which will send an Email alert for the fault and act as a single place to look at all the events.
You can create Azure alerts for the resources from the DuploCloud portal. The supported resource has Alerts Tab. Click on Add. Metrics are listed as per the resource. Select the required Threshold and configure the Alerts.
Alerts can also be configured from the Observability -> Alerts option.
When the alert Threshold is crossed, a Fault is generated in the DuploCloud portal.
All the activity in the DuploCloud is logged which can be used for auditing. All the logs are saved into Elasticsearch and can be visualized in Kibana. The URL for the Kibana is available under Diagnostics.
The Elasticsearch & Kibana will be sitting inside the VPC and cannot be accessed from outside. Connect to the VPN and access these URL.
Metrics of the resources created/managed in DuploCloud can be tracked under Observability -> Metrics.
Separate Tabs are available to view the metrics resource type wise.
Create a link to the Azure Portal from DuploCloud
Creating a direct link to the Azure Portal from your DuploCloud Infrastructure saves your time when you work with DuploCloud Azure resources. Instead of toggling between the DuploCloud Portal and the Microsoft Azure Portal, get instant access to the Azure Portal from DuploCloud.
Failure to follow these steps when creating a link to the Azure Portal from the DuploCloud Portal results in the error message:
Error while fetching Azure portal link: Portal url config does not exist
In the DuploCloud Portal, navigate to Administrator -> Infrastructure. The Infrastructure page displays.
From the Name column, select the Infrastructure for which you want to add a link to the Azure Console.
Click the Metadata tab.
Click Add. The Add Infrastructure Tag pane displays.
In the Key field, enter AzurePortalLink.
In the Value field, enter the URL for your Azure Portal.
Click Create.
The Value in the example above is DuploCloud's internal Azure Portal link.
After you configure Azure Portal link to an Infrastructure, access the Azure Console from the DuploCloud Portal in the Actions menu for Azure Hosts.
In the DuploCloud Portal, navigate to Cloud Services -> Hosts. The Hosts page displays.
From the Name column, select the Host you are working with.
From the Actions menu, select Connect -> Azure Portal.
Manage costs for billing and resources
Usage costs for resources can be viewed and managed in the DuploCloud Portal, by month or week, and by Tenant. You can also explore historical resource costs.
To view the Billing page for Azure in the DuploCloud Portal, click Administrator -> Billing.
You can view usage by:
Time
Select the Spend by Month tab and click More Details to display monthly and weekly spending options.
Tenant
Select the Spend by Tenant tab.
Managing Azure services and related components
DuploCloud provides a number of configurable components when running Microsoft Azure's Managed Kubernetes Service (AKS).
Applications involve many Azure Services like Storage Account, RDS for RDBS (MySQL), Redis, VM Scale Sets, Ingress, ALB/NLB load balancers, and so on. While each of their configurations needs a few application-centric inputs, there are scores of lower-level nuances around access control, security, and compliance.
Using DuploCloud you can create virtually any service within the Tenant using basic application-centric inputs. At the same time, the platform will make sure the lower-level nuances are programmed to best practices for security and compliance.
Supported Services are listed in alphabetical order, following the core services: Containers, Load Balancers, and Storage.
Set Docker registry credentials
In the DuploCloud Portal, navigate to Docker -> Services. Docker registry credentials are passed to the Kubernetes cluster as kubernetes.io/dockerconfigjson
.
Click Docker Credentials. The Set Docker registry Creds pane displays.
Supply the credentials and click Submit.
Enable the Docker Shell Service by clicking Enable Docker Shell.
You can pull images from multiple Docker registries by adding multiple Docker Registry Credentials.
In the DuploCloud Portal, click Administrator -> Plan. The Plans page displays.
Select the Plan in the Name column.
Click the Config tab.
Click Add. The Add Config pane displays.
See the Prerequisite section for details.
Using containers and DuploCloud Services with Azure AKS
You can deploy any native Docker container in a virtual machine (VM) with the DuploCloud platform. Adding a Service in the DuploCloud Platform is not the same as adding a Kubernetes service.
Deploying DuploCloud Services, by clicking the Add button in the Services page, implicitly converts services into either a deployment set or a StatefulSet. If there are no volume mappings, then the service is mapped to a deployment set. Otherwise, it is mapped to a StatefulSet. Most configuration values are self-explanatory, such as Images, Replicas, and Environmental Variables.
You can supply advanced configuration options in the Other K8s Config field. The content of this field maps one-to-one with the Kubernetes API. Configurations for deployment are StatefulSets and are supported by placing the appropriate JSON code in the Other K8s Config section. For example, to reference Kubernetes Secrets using a YAML config map, create the following JSON code:
In the DuploCloud Portal, Navigate to Kubernetes -> Services from the navigation pane.
Click Add. The Add Service page displays.
Complete the fields on the page, including Service Name, Docker Image name, and number of Replicas. Use Allocation Tags to deploy the container in a specific set of Hosts.
Do not use spaces when creating Service or Docker image names.
The number of Replicas that you define must be less than or equal to the number of hosts in the fleet.
Using the Kubernetes -> Containers page in the DuploCloud Portal, you can display and manage the Containers you have defined.
Once the deployment commands run successfully, click the Services tile on the Tenants page. Your deployments are displayed and you can now attach for the services.
Use the Options Menu ( ) in each Container row to display Logs, State, Container Shell, Host Shell, and Delete options.
Option | Functionality |
---|
Logs | Displays container logs. |
State | Displays container state configuration, in YAML code, in a separate window. |
Container Shell |
Host Shell | Accesses the Host Shell. |
Delete | Deletes the container. |
Add and configure Load Balancers with DuploCloud Azure
Load Balancers are essential when running a service. They expose the containers and images in which your application resides. When your containers are run inside a private network, you need a load balancer to listen on the correct ports to access the application.
If you need to create an Ingress Load Balancer, refer to the AKS Ingress page in the DuploCloud Kubernetes User Guide.
DuploCloud allows no more than one (0 or 1) Load Balancer per DuploCloud Service.
Add a load balancer listener that uses the Kubernetes NodePort (K8S NodePort).
Several Load Balancers are available for Azure. See the Azure Documentation for a comparison of each option.
Application LB (Standard load balancer)
Shared App Gateway
Classic (Basic load balancer)
Health Check - Selecting this load balancer allows the Application LB (Standard load balancer) to use Kubernetes Health Check to determine whether your service is running properly.
You must create Services before adding load balancers and listeners. In this example, we name these services s1-alb and s4-nlb, respectively.
In the DuploCloud Portal, navigate Kubernetes -> Services.
On the Services page, select the Service name in the Name column.
Click the Load Balancers tab.
Click Configure Load Balancer. The Add Load Balancer Listener pane appears.
Select a type (such as K8S Node Port) in the Select Type field.
Add the Kubernetes Health Check URL for this container in the Health Check field.
Complete the other fields in the Add Load Balancer Listener and click Add.
Rules specify specific configurations for various types of Load Balancers.
See the Ingress use case for an example of how to configure Load Balancers using rules.
Accesses the Container Shell. To access the Container Shell option, you must first set up .
There are many ways to pass configurations to containers at run-time. Although simple to set up, using Environmental Variables can become complex if there are too many configurations, especially files and certificates. In Kubernetes, you also have the option to populate environment variables from or .
See the section.
Create a MySQL Flexible Server database service in DuploCloud
Use a Microsoft Azure MySQL Flexible Server managed database service in DuploCloud. Flexible Server is designed for more granular control and flexibility over database management functions and configuration settings and allows users access to High Availability (HA) in both single availability zones and across multiple availability zones. Flexible servers provide better cost optimization and are ideal for workloads that don’t need continuous full-compute capacity.
In the DuploCloud Portal, navigate to Cloud Services -> Database -> MySQL Flexible.
Click Add. The MySQL Flexible page displays.
Provide the database Name, User Name, Service Tier, Password, Database Version, and other required fields. As you complete the fields on the page, additional fields display, such as High Availability, if applicable.
Click Submit.
You cannot change the value of the High Availability field, once the MySQL Flexible Server is created.
Setup Database Backup and choose the number of days (1-35) to backup databases in the DuploCloud Portal System Settings. First, enable Redundant Backup, and then set the Backup Retention Period.
In the DuploCloud Portal, navigate to Administrator -> System Settings.
Select the System Config tab.
Click Add. The Add Config pane displays.
From the Config Type list box, select AppConfig.
From the Key list box, select "AZURE_DEFAULT_MYSQL_GEO_REDUNDANT_BACKUP_ENABLED".
In the Value field, enter "True". Click Submit. Redundant backup is enabled.
In the DuploCloud Portal, navigate to Administrator -> System Settings.
Select the System Config tab.
Click Add. The Add Config pane displays.
From the Config Type list box, select AppConfig.
From the Key list box, select "AZURE_DEFAULT_MYSQL_BACKUP_RETENTION_DAYS".
In the Value field, enter the number of days to retain the backup, from one (1) to thirty-five (35).
Click Submit. Backup retention is configured for the selected number of days.
Once set, the Backup Retention Period will apply to all new databases. When creating a new database, you can override this by entering a value into the Backup Retention field on the Create MySQL Flexible Instance page.
You can view details and configure other options by selecting the MySQL Flexible Server you created, from the MySQL Flexible page in the DuploCloud Portal.
From the MySQL Flexible page, you can click the Actions menu for each Flexible Server and select the appropriate option to enter the Azure Portal, Reboot the server, or Stop the server.
Databases supported by DuploCloud Azure
A number of databases are supported for DuploCloud and Microsoft Azure. Use the procedures in this section to set them up.
When using Azure Databases, select a Tenant other than the Default Tenant.
Meet performance demand in AKS workloads by organizing Azure agents into agent pools
When you create agent pools to run Azure Kubernetes (AKS) workloads, you create groups of agents available to a pipeline. When you run the pipeline, the pipeline selects the agent that best meets the performance demands of that pipeline.
Agent pools can be autoscaled when the Enable Autoscaling option is selected in the DuploCloud Portal. Each agent pool contains nodes backed by virtual host machines.
Use the DuploCloud Portal Hosts page to create and edit Azure agent pools.
Create an Azure agent pool for an existing Host in the DuploCloud Portal:
Select Cloud Services -> Hosts from the navigation menu.
Select the Azure Agent Pool tab. The Azure Agent Pool page is displayed.
Click Add. The Add Azure Agent Pool page is displayed.
Provide inputs for the Instance Type, Min Capacity, and Max Capacity fields.
Optionally, select Enable Autoscaling to autoscale the pool.
Click Add. When the agent pool is created, Succeeded is displayed in the Status column. It may take some time to create the agent pool.
Edit an agent pool:
Select Cloud Services -> Hosts from the navigation menu.
Select the Azure Agent Pool tab. The Azure Agent Pool page displays.
In the Name column, select the agent pool that you want to edit.
Select the Actions menu and choose Edit.
In the Update agent pool capacity pane, edit the pool configuration.
Click Update.
Create a MSSQL Server database in DuploCloud
In the DuploCloud Portal, navigate to Cloud Services -> Database -> MSSQLServer.
Click Add.
Provide the database Name, Username, Password, and Database Version.
Click Submit.
You can view database details and configure Elastic Pools, Network Rules, and Firewall Rules by selecting the database from the MSSQL Server page in the DuploCloud Portal and clicking the appropriate tab.
Create a PostgreSQL database instance in DuploCloud
In the DuploCloud Portal, navigate to Cloud Services -> Database -> PostgreSQL.
Click Add. The Create PostgreSQL Instance pane displays.
Provide Name, Database Username, and Password with Service Tier details to create a PostgreSQL database. DuploCloud provides a configuration to support backup retention for your database when you complete the other fields in the pane.
Click Submit.
By selecting your database in DuploCloud from the PostgreSQL page, you can view the created database's Name, Tier, Status, and Version.
You can reboot the database instance and configure Virtual Network and Firewall Rules from the Actions menu.
Create a MySQL Server single server database in DuploCloud
Azure Database for MySQL Single Server has been deprecated. You can no longer create a database with MySQL Single Server. Use Azure CLI to create a new MySQL Single Server instance.
In the DuploCloud Portal, navigate to Cloud Services -> Database -> MySQL to view database details, reboot, delete a database, and perform supported actions by selecting the MySQL instance you created, from the Name column on the MySQL page.
Create an Azure Managed Instances in DuploCloud
In the DuploCloud Portal, navigate to Cloud Services -> Database -> Managed Instances. The Create Managed SQL Instance pane displays.
Click Add.
Provide the database Name, Username, Password, and vCore. Modify other values as needed.
Click Submit.
You can view Azure Managed Instances and configure other options by selecting the instance you created, from the Managed Instances page in the DuploCloud Portal.
In this demo, we will deploy a simple Hello World NodeJS web app. DuploCloud pulls Docker images from Docker Hub. You can choose a public image or provide credentials to access your private repository. For the sake of this demo, we will use a ready-made image available on DuploCloud’s repository on Docker Hub.
Create a new Host
Create a Service
Create a Load Balancer
Login to your DuploCloud console.
Click on Cloud Services -> Hosts
Select the Host tabs. A Host is an instance in which your Docker container will run. You should choose a Host with the appropriate processing capacity for your application.
You should see the Host listed under the Hosts Listing table.
Next, we can create a Service. A Service is nothing but a container with user-specified image and environment variables. Let’s go ahead and click the + icon to create a new service.
Name the service “test-service“. For this demo, we will use the latest, nodejs-hello image from Duplo’s public Docker hub repository. Fill in duplocloud/nodejs-hello:latest
in the Docker Image field.
Enter the desired number of replicas you want in the swarm. Please note that each replica runs in an individual Host. The number of replicas must equal the number of Hosts. For the sake of this demo, we will choose 1.
Fill in the desired environment variables, this is ideal for credentials or application specific configurations.
Volume mapping is super easy, simply give the host path and container path as shown.
NOTICE: We highly recommend keeping the Hosts stateless and using Azure Storage for static assets. We will keep this field empty for this demo.
Almost there. Since the hello-nodejs image serves on port 3000 we need to create a load balancer (LB) configuration to map the external port (LB) to the internal port (container).
Select the Test-service and click the plus icon on the load balancer configuration table. Fill the menu as shown below and click submit.
Please wait for ~5 minutes as it can take a while for the Load Balancer to get provisioned.
Create a Redis database in DuploCloud
In the DuploCloud Portal, navigate to Cloud Services -> Database -> Redis. The Create Redis Instance pane displays.
Click Add.
Provide the database Name.
From the Subnet list box, select an available subnet you have defined in your Infrastructure.
Modify values for Service Tier, Shards, and Non TLS Port, as needed.
Click Submit.
View Alerts by selecting the Redis instance you created, from the Redis page in the DuploCloud Portal.
DuploCloud provides support to secure the storage of secrets, such as passwords and database connection strings.
User can add a secret to the Keyvault by navigating to Cloud Services -> Keyvault, and selecting the Secrets tab.
Using Function Apps in DuploCloud Azure
Function Apps can be created from the DuploCloud Portal by navigating to Cloud Services -> Serverless and selecting the Function Apps tab.
Fill in the details: the function app Name, the Publish method, Runtime Stack, Version, and Plan Type.
Once created, the Function App URL is published in the DuploCloud portal. Users can view the function app by opening the URL in the browser.
Use a Public IP Address to reserve a range of consecutive public IPs
A Public IP Address Prefix reserves a range of consecutive public IP addresses that you can individually assign to public resources. This is useful for scaling because it provides a globally unique address space, supports expansion across locations, facilitates load balancing, enables secure access control, and is fundamental for connecting to multiple ISPs and participating in internet routing protocols.
Select the correct Tenant from the Tenant list in the upper left.
In the DuploCloud Portal, navigate to Cloud Services -> App Integration.
Click on the Public IP Prefix tab.
Click Add. The Add Public IP Prefix pane displays.
In the Name field, enter a name. Select your desired length (number of addresses) from the Prefix Length item list. Select the resource type from the Resource Type item list.
Click Add. Your Public IP Prefix is created.
While creating a VM Host, under Advanced Option, you can enable Public IP.
For the already created VM Host, View the Host from DuploCloud, under Features Tab, select the option Enable Public IP
If your Kubernetes cluster displays empty values for the Server Endpoint and Token, you may need to set your default AKS Cluster in the DuploCloud Portal System Config tab in System Settings.
Using VM Scale Sets to improve performance and redundancy for hosts
Azure Virtual Machine (VM) Scale Sets let you create and manage a group of load-balanced VMs. VM Scale Sets provide you with redundancy and improved performance for applications that are typically distributed across multiple instances. This enables access to your application through a load balancer that distributes requests to one of the application instances.
If you need to perform maintenance or update an application instance, your customers have access to another available application instance. To keep up with customer demand, increase the number of application instances that run your application.
For more information about VM Scale Sets, see the Azure Documentation.
In the DuploCloud Portal, navigate to Cloud Services -> Hosts.
Click the VM Scale Set tab.
Click Add. The Add VM Scale Set page displays.
In the Name field, enter a name for the VM Scale Set.
From the Subnet list box, select the subnet to be used by the VM Scale Set.
From the Instance Type list box, select the size of the VM in the VM Scale Set.
In the Capacity field, enter the number of VMs in the VM Scale Set.
From the Image ID list box, select the image name. The image you select must be compatible with the Agent platform. Select Other if the image is not listed in order to specify your own.
Specify a Username and Password.
Click Add. The VM Scale Set is created.
DuploCloud Azure Portal provides the ability to create Storage Accounts, File Shares, and generate Shared Access Signatures (SAS). Storage Accounts with a SKU Type Standard_LRS
are created. Users can view additional details of File Share endpoints from the Portal.
Navigate to Cloud Services -> Storage Account to create Storage Account.
Provide unique name to create Storage Account.
Create File Shares by clicking on Add.
Click on Actions -> Shared Access Signature. Provide access details in the screen below. Review and generate Shared Access Signature(SAS) tokens.
Once Signature Tokens are generated, Azure user can copy paste the token and URL's in a secure location. They'll only be displayed once and cannot be retrieved once the window is closed.
You can configure the Tenant to block public network access to Storage Accounts.
From the DuploCloud Portal navigation, select Administrator -> Tenants.
Select your Tenant name from the list.
In the Settings tab, click Add. The Add Tenant Feature pane displays.
From the Select Feature item list, select Other.
In the Configuration field, enter block_public_network_to_azure_storage.
In the empty field, enter "True".
Click Add. Public access to storage accounts is blocked.
For configuring a Web App in Azure, first we need to create an App Service Plan.
App Service Plan can be created by navigating to Cloud Services -> Serverless, and clicking on the App Service Plan tab.
Refer below for the sample App Service Plan.
Once we have App Service Plan, Create a Web App Resource. App Service Plan can be created with Publish option as Code or Docker.
A list of the platform (NodeJs, python, etc) is available when Publish value as Code is selected. If Publish as Docker is selected, the User needs to enter the Docker Image to configure for creating a web app.
You can view Storage Account Details once created. You can view Endpoint details in the Storage Account table view. Click on the icons under the Actions Column to view and copy the keys of the Storage Account.
Create an Azure Service Bus in the DuploCloud Portal
Azure Service Bus is a fully managed enterprise message broker with message queues and publish-subscribe topics (residing in a Namespace). Service Bus is used to decouple applications and services from each other for load-balancing across competing workers. It also ensures secure routing and transferring of data and controls across service and application boundaries or coordinating transactional work requiring a high degree of reliability.
Adding an Azure Service Bus requires:
Creating a Service Bus Namespace.
Creating a Service Bus Queue.
Creating a Service Bus Access Policy.
When you have created the Namespace, Queue, and Access Policy, the Service Bus is added to the DuploCloud Portal and can be viewed.
In the DuploCloud Portal, navigate to Cloud Services -> App Integration.
In the Service Bus tab, click Add. The Create Namespace page displays.
In the Name field, enter the Service Bus name.
From the Pricing Tier list box, select a pricing tier based on your projected usage.
From the Minimum TLS Version list box, select the TLS version that supports the NameSpace you are creating.
Select Local Authentication to disable local or SAS key authentication for the Service Bus namespace, allowing only Microsoft Entra authentication.
Click Submit. When your Service Bus Namespace is available, an Active Status is displayed in the Service Bus tab.
After you have created a Service Bus Namespace, you create a queue to enable communication between Web and Worke r roles in a multi-tier Azure application. A Web role is a Microsoft server VM running Internet Information Services (IIS); a Worker role is a Microsoft server VM not running IIS. Service Bus queues also enable communication between on-premises apps and Azure-hosted apps in a hybrid solution.
In the DuploCloud Portal, navigate to Cloud Services -> App Integration.
In the Service Bus tab, select the Service Bus for which you want to add a Service Bus Queue.
Click the Queue tab.
Click Add. The Create Queue page displays.
In the Name field, enter a name for the Service Bus Queue.
Edit or accept the defaults for Max Queue Size, Lock duration (in seconds), and Max Delivery Count.
Optionally, select Enable dead lettering or message expiration and Enable partitioning. See the Azure Documentation for detailed descriptions of these options.
Set Message time to live in the format HOURS:MINUTES:SECONDS:MILLISECONDS to control when messages go live and to prevent them from being sent to the Dead Letter Queue after they expire. Setting Message time to live defers delivery of the message for the amount of time you specify. For example, to defer message delivery by fourteen (14) hours, set Message time to live to 14:00:00:00.
Click Submit. When your Service Bus Queue is available, an Active Status is displayed in the Queue tab.
After you create a Service Bus NameSpace and Queue, finish adding your Service Bus by creating an Access Policy.
In Azure, Shared Access Signatures (SAS) and policies give you granular control over the type of access you grant to the clients. SAS authentication enables you to grant a user access to Service Bus resources with specific rights. You create an access policy to configure a cryptographic key with associated rights on a Service Bus resource.
In the DuploCloud Portal, navigate to Cloud Services -> App Integration.
In the Service Bus tab, select the Service Bus for which you want to add a Service Bus Access Policy.
Click the Access Policy tab.
Click Add. The Create Access Policy page displays.
In the Name field, enter the Access Policy name.
Define access rights to the policy by selecting Manage (which automatically selects both Send and Listen), Send, or Listen. See the Azure documentation for additional information on these options.
Click Submit. The Access Policy is displayed in the Access Policy tab.
In the DuploCloud Portal, navigate to Cloud Services -> App Integration.
In the Service Bus tab, select the Service Bus you want to view. The Overview, Queue, Access Policy, and Details tabs display additional information about the Service Bus and its components.
Administrator can enable Azure Best Practices Flag as True at the Infrastructure level, to enable the listing security settings for tenants configured in the Infrastructure.
Setting Name | Description |
---|---|
Enable Azure MSSQL Server Audit
Enable SQL Server audit feature in Azure
Enable Azure MSSQL Database Audit
Enable SQL Database audit feature in Azure
Enable Azure MSSQL Transparent Data Encryption (TDE)
enable_sqlserver_defender
Enable SQLServer Cloud Defender
Enable Azure MSSQL SQL Server Vulnerability Settings
Enable Azure MSSQL SQL Database Vulnerability Settings
Microsoft Defender for CLoud gets enabled for the Infrastructure
Enable Azure VM Antimalware Extension
Enable Azure VM Qualys Extension
Enable Azure VM Dependency Agent Extension
Enable Azure VM Diagnostic Agent Extension
Enable Azure Storage Account Secure Transfer
Secure transfer for Azure Storage will be enabled
Allow Public Network Access for Databases and Cache Servers
block_public_network_to_azure_storage
Restricts public network access to Azure Storage
disable_public_lb
Restricts public network access to Azure Application Gateway
Connect to the Cluster namespace using the kubectl token.
DuploCloud provides a way to connect directly to the Cluster namespace using the kubectl
token.
See kubectl Setup for available options.
Enable Azure Kubernetes Service (AKS) to connect with Azure
Once your Infrastructure and Plan have been created, the final step before creating a Tenant is to enable Azure Kubernetes Service (AKS) to connect with Azure cloud management.
In the DuploCloud Portal, navigate to Administrator -> Infrastructure.
Select the Infrastructure that you created, in the NAME column of the Infrastructure page.
Click the Kubernetes tab. The following message displays: Kubernetes cluster is not yet enabled. Click Here to enable the Kubernetes Cluster.
Click on the Click Here hyperlink. The Configure AKS Cluster pane displays.
Accept the default values and click Create to enable the AKS service for your Infrastructure.
DuploCloud begins creating and configuring an AKS cluster using Kubernetes. You receive an alert message when the Infrastructure has been updated.
It may take some time for enablement to complete. Use the Kubernetes card in the Infrastructure screen to monitor the status, which should display as Enabled when completed. You can also monitor progress by using the Kubernetes tab, as DuploCloud generates your Cluster Name, Default VM Size, Server Endpoint, and Token.
Add Azure subscription details
The DuploCloud rules-based expert needs Azure Subscription details to manage cloud resources. Add Cloud Credentials in the DuploCloud Portal to add subscription details.
In the DuploCloud Portal, navigate to Administrator -> Cloud Credentials. The Cloud Credentials page displays.
Click Add.
In the Cloud list box, ensure Azure is selected.
In the Subscription ID field, enter your Azure Subscription ID.
In the Application Secret field, enter secrets.
In the Tenant ID field, enter the Tenant ID.
In the Object ID field, enter the Object ID.
Click Submit. Your credentials are displayed on the Cloud Credentials page.