All posts by Thiyagu

Api Managmenet, Devops

How to Use Policy Fragments to Simplify Your Azure API Management Policies

Leave a comment

In the evolving landscape of API-driven architectures, Azure API Management (APIM) has emerged as a critical tool for securing, scaling, and streamlining API interactions. At its core, APIM policies empower developers to manipulate requests and responses across the API lifecycle—enforcing security, transforming data, or throttling traffic. But as organizations scale, managing these policies across hundreds of APIs and operations becomes a labyrinth of duplicated code, hidden configurations, and maintenance nightmares.

Introduction: 

A policy fragmentation, a game-changing feature in APIM that re-imagines policy management by breaking monolithic configurations into modular, reusable components. Imagine defining a rate-limiting rule once and applying it seamlessly across all APIs, or centralizing authentication logic to ensure consistency while eliminating redundancy. Policy fragments not only streamline development but also turn maintenance into a single-step process—fix a fragment once, and every API referencing it inherits the update.

When you work with Azure API Management on a regular basis, you probably are familiar with policies. Policies allow you to perform actions or adjustments on the incoming request before it’s sent to the backend API, or adjust the response before returning to the caller.

Policies can be applied on various levels, so called scopes, and each lower level can inherit the policy of a higher level.

  • Global level => executed for all APIs
  • Product level => executed for all APIs under a product
  • API level => executed for all operations under an API
  • Operation level => executed for this single operation

What is Fragmentation in APIM?

Fragmentation in Azure API Management (APIM) refers to the ability to break down API policies into smaller, reusable components called policy fragments. These fragments can then be applied across multiple APIs or operations within an API Management instance. Each policy fragment typically consists of one or more policy elements that define a set of instructions to be executed within a specific stage of the API request-response lifecycle (inbound, outbound, backend, on-error).

Fragments promote reusability by allowing you to define common sets of policies that can be shared and applied across different APIs or operations

Fragmentation improves development efficiency by eliminating the need to duplicate policy configurations across APIs. Changes made to a policy fragment propagate to all APIs where it’s applied, reducing maintenance efforts

Why Fragmentation required for policy creation?

The main problems with policies always have been maintenance and reuse. Policy code is quite hidden within the portal (especially with so many scope levels where it can reside), so it’s hard to see where a policy is used. When a certain piece of policy is used in multiple places, it’s even harder to keep track where they’re used and keeping them consistent. Bug fixing is difficult and cumbersome, as you need to find out all the places where you need to fix it.

To overcome the above problem, Microsoft introduced the apim Fragmentation.

Benefits of using policy fragments

There are several benefits to using policy fragments in your Azure API Management policies:

Reusability : Policy fragments allow you to create reusable code snippets that can be used in multiple policies. This promotes code reuse and reduces the amount of code you need to maintain.

Modularity : Policy fragments promote modularity by allowing you to create self-contained code snippets that can be added to a policy when needed. This makes it easier to read and understand policies, as well as test and debug them.

Maintainability : Policy fragments make policies more maintainable by allowing you to make changes to the code in a single place, rather than having to update the same code in multiple policies.

Readability : Making it easier for other developers to understand and review your code. With modular and reusable fragments, it’s easier to spot mistakes and ensure consistency across policies.

Use case:

Consider, your organization has three APIs: PaymentAPI, UserAPI, and InventoryAPI. All APIs need a rate limit of 100 requests per minute per client to prevent abuse. Instead of duplicating the rate-limiting policy in each API’s configuration, you’ll create a reusable policy fragment and apply it centrally.

Let’s consider a simple example of APIM fragmentation for rate limiting, which is a common use case in API management. In this example, we’ll create a policy fragment for rate limiting and apply it to multiple APIs within an API Management instance. For this example we are going to have create policy for controlling the API request.

Understanding the <rate-limit> Policy in Azure API Management

The <rate-limit> policy in Azure API Management (APIM) is a critical tool for controlling API traffic by restricting the number of requests a client can make within a specified time window. This policy helps prevent abuse, manage resource consumption, and ensure fair usage across consumers. Below is a detailed breakdown of its attributes, behavior, and practical use cases for your article.

Step: 1 Click & go to  “Policy Fragments”

Go to “Policy fragments” in the left menu panel and click create button. You can able to view like below snap.

Fragmentation in APIM

 

Step: 2  Enter the properties to create New Fragments

Apply the details, of Name of Fragment, its description and policy like shown below. 

[su_highlight background=”#ffffff” color=”#f91355″]rate-limit – The  policy in Azure API Management (APIM) enforces a request quota per client to prevent overuse or abuse of your API.[/su_highlight]

<!-- rate_limiting_fragment.xml -->
<rate-limit calls="100" renewal-period="60" />


Step: 3 Finally click create button

You can able to see, our Fragment is created and there is 0 reference, means it is yet to apply to any policy.                                                                                                                                                   

How to add the fragment in the policy

These fragments can be included in the policy of individual APIs or operations using the <include> element, allowing for modular and reusable policy configurations. If you click on the created fragments, you can able to see the view, how to include this fragment in the policy (pls refer the last snap mentioned in the post).

## Add below line in the policy to include the Fragment
<include-fragment fragment-id="fragment_rate_limit" />

 

Edit Fragment for update:

You can click on Policy editor to open the policy to edit/update and save

Best Practices

  • Naming Conventions: Prefix fragments with fragment_ for easy identification.
  • Documentation: Add <description> tags in fragments to clarify usage.
  • Reference Tracking: Use the References column in the Policy fragments list to identify impacted APIs.

By leveraging policy fragments, APIM becomes a scalable, maintainable solution for enterprise-grade API governance.

Summary 

Azure API Management (APIM) policies enable customization of request/response behavior at four scopes: Global, Product, API, and Operation. However, maintaining and reusing policies across these scopes can be challenging due to hidden configurations and duplication. Policy Fragmentation addresses this by breaking policies into reusable XML components (fragments). These fragments centralize common logic (e.g., rate limiting, authentication) and are included via <include-fragment>, ensuring consistency, reducing redundancy, and simplifying updates. For example, a rate-limiting fragment can be applied across multiple APIs, and changes propagate automatically. Fragments improve maintainability, enforce standardization, and streamline debugging.

kubernetes

How to Copy Files from and to Kubernetes Pods: A Comprehensive Guide for Windows and Linux

Leave a comment

Introduction

Azure Kubernetes Service (AKS) is a powerful platform for deploying and managing containerized applications. However, managing files within pods can sometimes be challenging. This article will guide you through the process of Copy File From Pod to Local and upload file from local to pod, covering both Windows and Linux environments. We’ll explore practical examples using kubectl exec and kubectl cp commands, empowering you to effectively manage your AKS deployments. In this article we will have more dig how to Copy Files from and to Kubernetes Pods using windows and Linux pods.

Prerequisites Copy Files from and to Kubernetes

  • Before proceeding, ensure you have the following:
  • Access to an AKS cluster.
  • The kubectl command-line tool installed and configured to interact with your cluster.
  • Basic knowledge of Kubernetes and pod management.

Copying Files to and from Windows Pods

Step 1: Copying Files from a Windows Pod to Local

To copy a file from a Windows pod to your local system, use the kubectl cp command. For instance:

#Syntax :
kubectl cp <pod-name>:<container-path> <local-file-path>

Replace <pod-name> and <container-path> as described above.
Replace <local-file-path> with the desired destination path on your local machine.

#Example: 
kubectl cp sitecore-bg/cdnewbooking-upgrade-8875f7d95-pg4xq:/inetpub/wwwroot/web.config web.config

In this example:

sitecore-bg/cdnewbooking-upgrade-8875f7d95-pg4xq is the pod name.
/inetpub/wwwroot/web.config is the file path inside the pod.
web.config is the destination file on your local system.

Step 2: Copy File From Local to Window Pod

To copy a file from a Windows pod to your local system, use the kubectl cp command. For instance:

#Syntax : 
kubectl cp <local-file-path> <pod-name>:<container-path>

Replace <local-file-path> with the path to the file on your local machine.
Replace <pod-name> with the name of the pod.
Replace <container-path> with the desired destination path within the pod’s container.

#Example: 
kubectl cp web.config sitecore-bg/cdnewbooking-upgrade-8875f7d95-pg4xq:/inetpub/wwwroot/web.config

This command uploads the web.config file to the specified path inside the pod.

web.config is the source file on your local system.
sitecore-bg/cdnewbooking-upgrade-8875f7d95-pg4xq is the pod name.
/inetpub/wwwroot/web.config is the file path inside the pod.

Step 3: Entering & Verify in Windows Pod

To interact directly with a Windows pod, use the kubectl exec command. For example:

Utilize the kubectl exec command to access the PowerShell shell within your Windows pod:

#Syntax : 
kubectl exec -n <namespace> <pod-name> -it -- powershell

Replace <namespace> with the actual namespace of your pod.
Replace <pod-name> with the unique name of the pod.

#Example : 
kubectl exec -n sitecore cd202404232-657b6c6d87-lj7xp -it -- powershell


Copy Files to and From Linux Pods

Step 1: Copying Files from a Linux Pod to local

Use the kubectl cp command to copy files from the pod to your local machine:

#Syntax :
kubectl cp <pod-name>:<container-path> <local-file-path>

To copy a directory from a Linux pod to your local system, use the following command:

#Example: 
kubectl cp solr/solr-leader-202312186-78b759dc5b-8pkrl:/var/solr/data ./solr_data

Here:

solr/solr-leader-202312186-78b759dc5b-8pkrl is the pod name.
/var/solr/data is the directory path inside the pod.
./solr_data is the destination directory on your local machine.

Step 2: Copying Files to a Linux Pod

Use the kubectl cp command to copy files from your local machine to the pod:

#Syntax :
kubectl cp <local-file-path> <pod-name>:<container-path>

To upload files or directories to a Linux pod, use:

#Example: 
kubectl cp solr/solr-leader-202312186-78b759dc5b-8pkrl:/var/solr/data ./solr_data

This command copies the solr_data directory from the specified Linux pod to your current local directory.

Step 3: Entering & Verify in a Linux Pod

Utilize the kubectl exec command to access the bash shell within your Linux pod:

#Syntax : Replace <namespace> and <pod-name> as described above.
kubectl exec -it <pod-name> -n <namespace> -- bash

For Linux-based pods, start a bash session using: This opens a bash shell inside the Linux pod.

#Example: 
kubectl exec -it solr-leader-202312186-78b759dc5b-8pkrl -n solr -- bash

FAQ

1. How do I find the name of a pod in my cluster?

Run kubectl get pods -n <namespace>. This will list all pods in the specified namespace along with their statuses.

2. Can I copy entire directories between my system and a pod?

Yes, the kubectl cp command supports copying directories. Use the directory path in the source and destination arguments.

3. Why do I get a “permission denied” error when copying files?

This typically happens due to insufficient permissions in the pod’s file system. Verify the access rights of the target directory or file.

4. What happens if I specify an incorrect file path inside the pod?

The kubectl cp command will fail and display an error stating that the specified path does not exist.

5. Can I use kubectl cp with compressed files?

Yes, you can use kubectl cp to transfer compressed files. However, you may need to extract or compress them manually before or after the transfer.

6. Is it possible to copy files between two pods directly?

No, kubectl cp does not support direct pod-to-pod file transfers. Copy the files to your local system first and then upload them to the target pod.

7. How do I check if a file was successfully copied?

After copying, use kubectl exec to enter the pod and verify the file’s existence in the target directory.

8. Does kubectl cp work with all storage classes?

Yes, kubectl cp works regardless of the underlying storage class since it operates at the pod file system level.

Conclusion

Copying files to and from AKS pods is a vital skill for efficiently managing your Kubernetes environment. By following the examples provided for both Windows and Linux pods, you can streamline your workflow and tackle common tasks with ease. Bookmark this guide for future reference and elevate your Kubernetes management expertise.

With AKS becoming a preferred choice for enterprises in the United States, mastering these commands ensures you’re equipped to handle file operations effortlessly. Have questions or additional tips? Share them in the comments below!

 

kubernetes

How to Use scripts inside configMap in Windows-Based Kubernetes Deployments: A Step-by-Step Guide

Leave a comment

If you’re running Windows-based applications on Kubernetes, using ConfigMaps to manage startup scripts ensures consistency, scalability, and easier configuration management. This guide walks you through the process of creating a ConfigMap for a startup script and executing it in a Windows container,

What is a ConfigMap?

A ConfigMap is a Kubernetes object used to store non-confidential configuration data in key-value pairs. It decouples configuration artifacts from container images, making applications portable and easier to manage. ConfigMaps can store:

  • Configuration files (e.g., JSON, XML, YAML).
  • Environment variables.
  • Scripts (e.g., startup scripts).

Use Cases for ConfigMaps

ConfigMaps are ideal for:

  • Storing Application Configuration: Manage settings like database URLs, API endpoints, or feature flags.
  • Injecting Environment Variables: Pass runtime configurations to containers.
  • Managing Startup Scripts: Execute initialization logic during container startup.
  • Sharing Configuration Across Pods: Reuse the same configuration for multiple deployments.

When and Where to Use ConfigMaps

Use ConfigMaps when:

  • You need to externalize configuration from your container images.
  • You want to avoid hardcoding sensitive or environment-specific data.
  • You need to execute scripts during container initialization.
  • You want to centralize configuration for multiple pods or services.
  • ConfigMaps are particularly useful in Windows-based Kubernetes deployments where PowerShell scripts are commonly used for setup and initialization.

Step 1: Create the Startup Script

Start by writing a PowerShell script (startup.ps1) for your Windows container. For example:

Write-Host "Starting application setup..."
# Your setup commands here
Start-Sleep -Seconds 5
Write-Host "Application is ready!"

Step 2: Create a ConfigMap from the Script

Next, create a ConfigMap from your startup script file. Use the kubectl create configmap command to generate a ConfigMap that includes your PowerShell script.

This command reads the startup.ps1 file and creates a ConfigMap named win-startup-script.

kubectl create configmap [configmap_name] --from-file [path/to/yaml/file]

kubectl create configmap win-startup-script --from-file=startup.ps1

To verify the config map is correctly created with script, you can use the command kubectl describe configmap win-startup-script to retrieve detailed information about a specific ConfigMap named win-startup-script in your Kubernetes cluster. This command is particularly useful for debugging, verifying configurations, or understanding how a ConfigMap is structured.

kubectl describe configmap <configmap-name>

kubectl describe configmap win-startup-script

Step 3: Mount the ConfigMap in Your Deployment

Create a deployment manifest for your Windows container. In your YAML file, reference the ConfigMap so that the startup script is available to your container.

Modify your Kubernetes deployment YAML to:

  1. Mount the ConfigMap as a volume.
  2. Execute the script on container startup.

Example deployment.yaml:

apiVersion: apps/v1  
kind: Deployment  
metadata:  
  name: windows-app  
spec:  
  replicas: 1  
  selector:  
    matchLabels:  
      app: windows-app  
  template:  
    metadata:  
      labels:  
        app: windows-app  
    spec:  
      containers:  
      - name: windows-container  
        image: mcr.microsoft.com/windows/servercore:ltsc2019  
        command: ["powershell", "-Command", "C:\\scripts\\startup.ps1"]  
        volumeMounts:  
        - name: startup-script-volume  
          mountPath: "C:\\scripts"  
          readOnly: true  
      volumes:  
      - name: startup-script-volume  
        configMap:  
          name: win-startup-script  
      nodeSelector:  
        kubernetes.io/os: windows

How It Works

ConfigMap as a Volume:

  • The ConfigMap win-startup-script contains a key-value pair where the key is startup.ps1 and the value is the script content.
  • When the pod is created, the ConfigMap is mounted as a volume at C:\scripts inside the container.
  • The script startup.ps1 becomes accessible at C:\scripts\startup.ps1

Script Execution:

  • The command field in the container specification runs the PowerShell script at startup.
  • The script executes the commands defined in startup.ps1, such as printing messages or performing setup tasks.
  • The use of C:\\scripts (Windows-style path) and the mcr.microsoft.com/windows/servercore:ltsc2019 image ensures compatibility with Windows containers.

Step 4: Apply the Deployment

Deploy your application:

kubectl apply -f deployment.yaml

Step 5: Verify Execution

Check if the script ran successfully:

kubectl logs <pod-name>

kubectl logs windows-app-75b64f6568-gzcmv

Output:

[su_note note_color=”#d2f2fa” text_color=”#333333″ radius=”3″]Starting application setup…

Application is ready![/su_note]

Conclusion

Using ConfigMaps to manage startup scripts in Windows-based Kubernetes deployments is a powerful and efficient way to externalize configuration and ensure consistency across your applications. By following the steps outlined in this guide, you can:

  • Decouple Configuration from Code: Store scripts and configuration data outside your container images, making your applications more portable and easier to manage.
  • Automate Startup Tasks: Execute PowerShell scripts during container initialization to set up environments, configure settings, or perform other necessary tasks.
  • Leverage Kubernetes Features: Use ConfigMaps as volumes to inject scripts into your containers, ensuring they are available at the correct location.
  • Storing Application Configuration: Manage settings like database URLs, API endpoints, or feature flags.
  • Injecting Environment Variables: Pass runtime configurations to containers without hardcoding them.
  • Sharing Configuration Across Pods: Reuse the same configuration for multiple deployments, reducing duplication.
  • Managing Configuration Files: Store and mount configuration files (e.g., JSON, XML, YAML) for applications that rely on external configs.

This approach not only simplifies configuration management but also enhances scalability and maintainability. Whether you’re running a single instance or scaling across multiple pods, ConfigMaps provide a centralized and reusable solution for managing startup scripts.

Question & Answer

Below are six frequently asked questions with concise answers based on the article:

  1. What is a ConfigMap and why is it useful?
    A ConfigMap is a Kubernetes object that stores non-confidential configuration data as key-value pairs. It decouples configuration from container images, making applications more portable, easier to manage, and adaptable to different environments.

  2. What are the common use cases for ConfigMaps?
    ConfigMaps are ideal for storing application configurations (e.g., database URLs, API endpoints, feature flags), injecting environment variables at runtime, managing startup or initialization scripts, and sharing configurations across multiple pods.

  3. How do you create a startup script for a Windows container?
    You create a PowerShell script (e.g., startup.ps1) that contains the necessary initialization commands—such as logging messages or executing setup routines—which the Windows container will execute upon startup.

  4. How do you generate a ConfigMap from a startup script?
    Use the kubectl create configmap command with the --from-file option. For example:
    kubectl create configmap win-startup-script --from-file=startup.ps1
    This command reads the script file and stores its content in a ConfigMap.

  5. How do you mount a ConfigMap in your Windows container deployment?
    In your deployment YAML, define a volume that references the ConfigMap and mount it to a directory (e.g., C:\scripts) in your container. Then, specify the container’s command to execute the script from that location using PowerShell.

  6. How can you verify that the ConfigMap and startup script are working correctly?
    After deploying your application, you can verify the ConfigMap with:
    kubectl describe configmap win-startup-script
    And check the container logs with:
    kubectl logs <pod-name>
    The logs should show output confirming that the startup script executed successfully (e.g., “Starting application setup…” and “Application is ready!”).

Devops, linux

How to check Website status on the Linux Server

Leave a comment

Maintaining website uptime is essential for a positive user experience, as even short periods of downtime can frustrate users and result in lost business. Automating uptime checks on a Linux machine allows quick detection of issues, enabling faster response times. In this article, we’ll explore simple, effective ways to create a Website Uptime Checker Script in Linux using different commands like curl, wget, ping.

As my team and we are worked on windows machines and familiar with PowerShell but now we are working on the Linux based machine which lead to write articles based on command which we are using on daily basis.

1. Checking Website Uptime with curl

One of the most straightforward ways to check if a website is up is by using curl. The following multi-line bash script pings the specified website and returns its status:

#!/bin/bash
website="https://example.com"

# Check if website is accessible
if curl --output /dev/null --silent --head --fail "$website"; then
echo "Website is up."
else
echo "Website is down."
fi

Alternatively, here’s a one-liner with curl:

curl -Is https://dotnet-helpers.com | head -n 1 | grep -q "200 OK" && echo "Website is up." || echo "Website is down."

Explanation:

  • curl -Is sends a HEAD request to retrieve only headers.
  • head -n 1 captures the status line of the HTTP response.
  • grep -q “200 OK” checks if the response is “200 OK”.
    Based on this, the command outputs either “Website is up.” or “Website is down.”

2. Monitoring Uptime with wget

If curl isn’t available, wget can be an alternative. Here’s a multi-line script using wget:

#!/bin/bash
website="https://dotnet-helpers.com"

if wget --spider --quiet "$website"; then
echo "Website is up."
else
echo "Website is down."
fi

And the one-liner version with wget:

wget --spider --quiet https://dotnet-helpers.com && echo "Website is up." || echo "Website is down."

Explanation:

  • The –spider option makes wget operate in “spider” mode, checking if the website exists without downloading content.
  • –quiet suppresses the output.

3. Checking Server Reachability with ping

Although ping checks the server rather than website content, it can still verify server reachability. Here’s a multi-line script using ping:

#!/bin/bash
server="example.com"

if ping -c 1 "$server" &> /dev/null; then
echo "Server is reachable."
else
echo "Server is down."
fi

And here’s the one-liner with ping:

ping -c 1 https://dotnet-helpers.com &> /dev/null && echo "Server is reachable." || echo "Server is down."

Summary

By combining these single-line and multi-line commands, you can monitor website availability, server reachability, and port status effectively. Monitoring website uptime on a Linux machine is simple and effective with these commands. Choose the single-line or multi-line scripts that best suit your needs, and consider automating them for consistent uptime checks. Start implementing these methods to ensure your website remains accessible and reliable for your users.

 

kubernetes

How to Collect Kubernetes Events Logs

Leave a comment

However, the teams that manage these clusters need to know what’s happening to the state of objects in the cluster, and this in turn introduces a requirement to gather real-time information about cluster statuses and changes. This is enabled by Kubernetes events, which give you a detailed view of the cluster and allow for effective alerting and monitoring.

In this guide, you’ll learn how Kubernetes events work, what generates them, and where they’re stored. You’ll also learn to integrate Grafana with your Kubernetes environment to effectively use the information supplied by those events to support your observability strategy.

What are Kubernetes events?

Kubernetes events provide a rich source of information. These objects can be used to monitor your application and cluster state, respond to failures, and perform diagnostics. The events are generated when the cluster’s resources — such as pods, deployments, or nodes — change state.

Whenever something happens inside your cluster, it produces an events object that provides visibility into your cluster. However, Kubernetes events don’t persist throughout your cluster life cycle, as there’s no mechanism for retention. They’re short-lived, only available for one hour after the event is generated.

Some of the reason for events generation:

  • Kubernetes events are automatically generated when certain actions are taken on objects in a cluster, e.g., when a pod is created, a corresponding event is created. Other examples are changes in pod status to pending, successful, or failed. This includes reasons such as pod eviction or cluster failure.
  • Events are also generated when there’s a configuration change. Configuration changes for nodes can include scaling horizontally by adding replicas, or scaling vertically by upgrading memory, disk input/output capacity, or your processor cores.
  • Scheduling or failed scheduling scenarios also generate events. Failures can occur due to invalid container image repository access, insufficient resources, or if the container fails a liveness or readiness probe.

Why Kubernetes Events are Useful

Kubernetes events are a key diagnostic tool because they:

  1. Help detect issues with deployments, services, and pods.
  2. Provide insights into scheduling failures, container crashes, and resource limits.
  3. Track changes and status updates of various objects.
  4. Assist in debugging networking and storage issues.
  5. Support performance monitoring by identifying anomalies.

Types of Kubernetes Events

Kubernetes Events can broadly be categorized into two types:

Normal Events: These events signify expected and routine operations in the cluster, like a Pod being scheduled or an image being successfully pulled.
Warning Events: Warning events indicate issues that users need to address. These might include failed Pod scheduling, errors pulling an image, or problems with resource limits.

How to Collect Kubernetes Events

Kubectl is a powerful Kubernetes utility that helps you manage your Kubernetes objects and resources. The simplest way to view your event objects is to use kubectl get events.

When working with Kubernetes Events, the volume of data can be overwhelming, especially in large clusters. Efficiently filtering and sorting these events is key to extracting meaningful insights. Here are some practical tips to help you manage this:

To view all Kubernetes events in a cluster:

Add the -A flag to see events from all namespaces.

kubectl get events --all-namespaces

kubectl get events -A

To view events for a specific namespace:

Replace <NAMESPACE_NAME> with the actual namespace. This command filters events to show only those occurring in a specified namespace.

kubectl get events -n <namespace>

Get a detailed view of events

Add the -o wide flag to get a comprehensive view of each event, including additional details not visible in the standard output.

kubectl get events -o wide

Stream live events

Add the -w command to stream events in real-time. This is particularly useful for monitoring ongoing activities or troubleshooting live issues, as it updates continuously as new events occur. Use Ctrl+C to terminate the stream.

kubectl get events -w

Use field selectors for precise filtering

Add the –field-selector flag to filter events based on specific field values. Replace with the event type you want to filter by. For example, kubectl get events –field-selector type=Warning will only show events of type Warning. This is particularly useful for isolating events related to errors or critical issues.

kubectl get events --field-selector type=<EVENT_TYPE>

#command will return all events of type Warning in the current namespace.
kubectl get events --field-selector type=Warning

Sort events by timestamp

kubectl get event -n default --sort-by=.metadata.creationTimestamp

Add the –sort-by flag to sort events chronologically. This is useful for tracking the sequence of events and understanding their progression over time.

Use JSON or YAML output for complex queries

For complex filtering that can’t be achieved with kubectl flags, you can output the events in a structured format like JSON or YAML by adding the -o json and -o yaml flags, respectively. You can then use tools like jq (for JSON) to perform advanced queries and analyses.

kubectl get events -o yaml

kubectl get events -o json

kubectl get events --field-selector type=Warning -o yaml

Summary: How to Collect Kubernetes Events Logs

Kubernetes events are short-lived records (retained for 1 hour) that track state changes in cluster resources like pods, nodes, or deployments. They provide critical insights for monitoring, debugging, and alerting but require proactive collection due to their transient nature. This guide outlines their utility, types, and methods to collect them effectively.

Key Concepts:

Why Events Matter:

  • Detect issues (e.g., failed deployments, resource limits).
  • Track scheduling failures, crashes, or configuration changes.
  • Support diagnostics and performance monitoring.

Event Types:

  • Normal: Routine operations (e.g., pod scheduling, image pulled).
  • Warning: Critical issues (e.g., pod eviction, image pull errors).

Collection Methods Using kubectl:

You can filter logs using multiple ways like View All Events, Namespace-Specific Filtering, Detailed Output, Live Streaming, Precise Filtering, Chronological Sorting, Structured Outputs (JSON/YAML):

kubernetes

How to Restart Pod in Kubernetes with rollout: A Detailed Guide

Leave a comment

Kubernetes provides a robust mechanism for managing application deployments, ensuring high availability and smooth rollouts. The kubectl rollout status command is essential for monitoring deployment progress, while various methods exist for refreshing pods to apply updates or troubleshoot issues. In this blog, we’ll explore how to check the rollout status of a deployment, why rollouts are required, when kubectl rollout restart is necessary, and different ways to refresh pods in a Kubernetes cluster. In this article, we will discuss on how to Restart Pod in Kubernetes in detail.

Introduction:

In this blog post, we’ll explore three different methods to restart a Pod in Kubernetes. It’s important to note that in Kubernetes, “restarting a pod” doesn’t happen in the traditional sense, like restarting a service or a server. When we say a Pod is “restarted,” it usually means a Pod is deleted, and a new one is created to replace it. The new Pod runs the same container(s) as the one that was deleted.

When to Use kubectl rollout restart

The kubectl rollout restart command is particularly useful in the following cases:

  • After a ConfigMap or Secret Update: If a pod depends on a ConfigMap or Secret and the values change, the pods won’t restart automatically. Running a rollout restart ensures they pick up the new configuration.
  • When a Deployment Becomes Unstable: If a deployment is experiencing intermittent failures or connectivity issues, restarting can help resolve problems.
  • To Clear Stale Connections: When applications hold persistent connections to databases or APIs, a restart can help clear old connections and establish new ones.
  • For Application Performance Issues: If the application is behaving unexpectedly or consuming excessive resources, restarting the pods can help reset its state.

During Planned Maintenance or Upgrades: Ensuring all pods restart as part of a routine update helps maintain consistency across the deployment.

Sample Deployment created for testing:

The spec field of the Pod template contains the configuration for the containers running inside the Pod. The restartPolicy field is one of the configuration options available in the spec field. It allows you to control how the Pods hosting the containers are restarted in case of failure. Here’s an example of a Deployment configuration file with a restartPolicy field added to the Pod spec:

You can set the restartPolicy field to one of the following three values:

  • Always: Always restart the Pod when it terminates.
  • OnFailure: Restart the Pod only when it terminates with failure.
  • Never: Never restart the Pod after it terminates.

If you don’t explicitly specify the restartPolicy field in a Deployment configuration file (as shown in below YAML), Kubernetes sets the restartPolicy to Always by default.

In this file, we have defined a Deployment named demo-deployment that manages a single Pod. The Pod has one container running the alpine:3.15 image.

apiVersion: apps/v1
kind: Deployment
metadata:
 name: demo-deployment
spec:
 replicas: 1
 selector:
   matchLabels:
     app: alpine-demo
 template:
   metadata:
     labels:
       app: alpine-demo
   spec:
     restartPolicy: Always
     containers:
     - name: alpine-container
       image: alpine:3.15
       command: ["/bin/sh","-c"]
       args: ["echo Hello World! && sleep infinity"]

Look for the Pod with a name starting with demo-deployment and ensure that it’s in the Running state. Note that Kubernetes creates unique Pod names by adding unique characters to the Deployment name. Hence, your Pod name will be different from as shown below.

Restart Kubernetes Pod

In this section, we’ll explore three methods you can use to restart a Kubernetes Pod.

Method 1: Deleting the Pod

One of the easiest methods to restart a running Pod is to simply delete it. Run the following command to see the Pod restart in action:

#Syntax
kubectl delete pod <POD-NAME>

#Example Delete pod
kubectl delete pod demo-deployment-67789cc7db-dw6xz -n default

#To get the status of the deletion
kubectl get pod -n default

After running the command above, you will receive a confirmation that the Pod has been deleted, as shown in the output below: The job of a Deployment is to ensure that the specified Pod replicas is running at all times. Therefore, after deleting the Pod, Kubernetes will automatically create a new Pod to replace the deleted one.

Method 2: Using the “kubectl rollout restart” command

You can restart a Pod using the kubectl rollout restart command without making any modifications to the Deployment configuration. To see the Pod restart in action, run the following command:

#Syntax
kubectl rollout restart deployment/<Deployment-Name>

#Example
kubectl rollout restart deployment/demo-deployment

After running the command, you’ll receive an output similar to the following:

As you can see, the Deployment has been restarted. Next, let’s list the Pods in our system by running the kubectl get pod command:

As you can see in the output above, the Pod rollout process is in progress. If you run the kubectl get pods command again, you’ll see only the new Pod in a Running state, as shown above:

Any Downtime during Restart Kubernetes Pod?

The Deployment resource in Kubernetes has a default rolling update strategy, which allows for restarting Pods without causing downtime. Here’s how it works: Kubernetes gradually replaces the old Pods with the new version, minimizing the impact on users and ensuring the system remains available throughout the update process.

To restart a Pod without downtime, you can choose between two methods which discussed above using a Deployment  or using the kubectl rollout restart command. Note that manually deleting a Pod (Method 1) to restart it won’t work effectively because there might be a brief period of downtime. When you manually delete a Pod in a Deployment, the old Pod is immediately removed, but the new Pod takes some time to start up.

Rolling update strategy

You can confirm that Kubernetes uses a rolling update strategy by fetching the Deployment details using the following command:

#Syntax
kubectl describe deployment/<Deployment-Name>

#Example
kubectl describe deployment/demo-deployment

After running the command above, you’ll see like below snap

Notice the highlighted section in the output above. The RollingUpdateStrategy field has a default value of 25% max unavailable, 25% max surge. 25% max unavailable means that during a rolling update, 25% of the total number of Pods can be unavailable. And 25% max surge means that the total number of Pods can temporarily exceed the desired count by up to 25% to ensure that the application is available as old Pods are brought down. This can be adjust based on our requirement of the application traffic.

Conclusion

Kubernetes provides multiple methods to restart Pods, ensuring seamless application updates and issue resolution. The best approach depends on the use case:

  1. For minimal disruption and rolling updates, kubectl rollout restart deployment/<Deployment-Name> is the recommended method. It triggers a controlled restart of Pods without causing downtime.
  2. For troubleshooting individual Pods, manually deleting a Pod (kubectl delete pod <POD-NAME>) allows Kubernetes to recreate it automatically. However, this approach may introduce brief downtime.
  3. For configuration updates, restarting Pods after modifying a ConfigMap or Secret ensures that new configurations take effect without redeploying the entire application.

Ultimately, using the rolling update strategy provided by Kubernetes ensures high availability, reducing service disruptions while refreshing Pods efficiently.

PowerShell

Exploring Different Ways to Check DNS Resolution in Windows PowerShell

Leave a comment

Performing DNS resolution in Windows using PowerShell is a fundamental task for network administrators and IT professionals. Here are several methods to Check DNS Resolution using PowerShell, which you can share on your blog.

The Domain Name System (DNS) is an essential component of the internet’s infrastructure, translating human-readable domain names (like www.example.com) into machine-readable IP addresses (like 192.0.2.1). Checking DNS resolution is crucial for troubleshooting network issues, ensuring proper domain configurations, and enhancing overall internet performance. This article explores various methods to check DNS resolution, providing insights into tools and techniques available for different operating systems and use cases.

Method 1: Using nslookup

Although nslookup is not a PowerShell cmdlet, it can be executed within PowerShell using Get-Command. This method is handy for those familiar with traditional command-line tools.

nslookup google.com

Output: This command will return the DNS server being queried and the resolved IP addresses for the domain.

Method 2: Using Test-Connection (Ping)

The Test-Connection cmdlet can be used to ping a domain name, which resolves the domain to an IP address. This is a useful method for quickly verifying DNS resolution and connectivity.

Test-Connection google.com

Output: This command will return the resolved IP address along with ping statistics, providing both DNS resolution and connectivity information.

Method 3: Using Test-NetConnection

The Test-NetConnection cmdlet is another versatile tool that can be used for DNS resolution. It provides more detailed network diagnostics compared to Test-Connection.

Test-NetConnection -ComputerName google.com

Output: This command returns comprehensive information including the resolved IP address, ping results, and network adapter status.

Method 4: Using wget Command

The wget command can be used within PowerShell to download content from a URL. Although its primary use is for retrieving files, it can also resolve the domain name in the process.

wget google.com

Output: This command will display the resolved IP address and download information for the specified URL.

Method 5: Using ping

The ping command is a classic network utility used to test the reachability of a host. It also performs DNS resolution.

ping google.com

Output: This command will return the resolved IP address and round-trip time for packets sent to the domain.

Method 6: Parsing DNS Records with Resolve-DnsName

Resolve-DnsName can be used to retrieve specific DNS records like A, AAAA, MX, and TXT records.

Resolve-DnsName -Name "google.com" -Type A

Resolve-DnsName -Name "google.com" -Type MX

Resolve-DnsName -Name "google.com" -Type AAA

Output: This command will return detailed information about the domain, including IP addresses, aliases, and DNS record types.

PowerShell provides versatile methods for DNS resolution, ranging from the native Resolve-DnsName cmdlet to leveraging .NET classes, traditional command-line tools like nslookup, ping, Test-Connection, Test-NetConnection, and wget. These methods cater to various preferences and requirements, ensuring that DNS resolution can be performed efficiently and effectively in any PowerShell environment.

By incorporating these methods into your network management toolkit, you can enhance your ability to diagnose and resolve DNS-related issues seamlessly.

Conclusion:

Performing DNS resolution using PowerShell offers multiple approaches, each suited for different scenarios and troubleshooting needs. Whether you prefer traditional command-line tools like nslookup and ping, or more advanced PowerShell cmdlets like Resolve-DnsName and Test-NetConnection, these methods provide flexibility in verifying domain name resolution and diagnosing network issues. By integrating these techniques into your workflow, you can efficiently manage DNS queries, ensure proper domain configurations, and improve overall network reliability.

kubernetes

Configure autoscaling in Azure Kubernetes Service with CPU & Memory

Leave a comment

Introduction:

Azure Kubernetes Service (AKS) empowers you to dynamically scale your applications to meet fluctuating demands. By leveraging CPU and memory-based autoscaling, you can optimize resource allocation, minimize costs, and ensure your applications consistently deliver peak performance. This guide will walk you through the process of configuring and implementing effective autoscaling in Azure Kubernetes Service deployment.

By default, the Horizontal Pod Autoscaler (HPA) in Kubernetes primarily uses CPU utilization as a metric for scaling. However, it is also possible to configure HPA to use memory utilization or custom metrics. Here’s how you can set up HPA to consider memory usage in addition to CPU usage.

What is HPA?

Horizontal Pod Auto scaler (HPA) automatically scales the number of pods in a Kubernetes deployment based on observed metrics such as CPU and memory usage. It ensures your application can handle increased load and conserves resources when demand is low.

“AKS Autoscaling automatically adjusts the number of pods in your deployments, ensuring your applications can seamlessly handle fluctuating workloads.”

Why we monitor Memory and CPU Utilization?

In many applications, both memory and CPU usage are critical metrics to monitor. Memory-intensive applications require additional resources to maintain performance, so scaling based on memory ensures pods are added when usage increases, preventing performance degradation due to memory pressure. Similarly, CPU utilization is essential because high CPU demand can quickly lead to processing bottlenecks. By monitoring and autoscaling based on both memory and CPU, you achieve a more holistic and balanced approach that ensures your applications have the necessary resources to operate optimally under varying workloads.

Step-by-Step Guide to Configure AKS autoscaling

Prerequisites

Before we begin, ensure you have the following:

  1. Azure CLI installed and configured on your machine.
  2. kubectl installed and configured to interact with your AKS cluster.
  3. An AKS cluster up and running.

Step 1: Create a Deployment

First, Create a simple deployment using kubectl apply. Let’s create a simple NGINX deployment:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
        - name: nginx
          image: nginx:1.14.2
          ports:
            - containerPort: 80

Save this YAML file as nginx-deployment.yaml and apply it using kubectl:

kubectl apply -f nginx-deployment.yaml

This will create a deployment named nginx-deployment with one replica of the NGINX container.

Step 2: Create  the HPA with Memory Utilization 

To create an HPA that uses both CPU and memory metrics, you need to define the metrics in the HPA configuration (Define an HPA that considers both CPU and memory utilization). Save the following YAML as hpa-nginx.yaml:

To associate the Horizontal Pod Autoscaler (HPA) with the specific deployment created in Step 1 (nginx-deployment), the autoscaling YAML must specify the kind: Deployment and name: nginx-deployment within the scaleTargetRef section, as shown in the example below.

apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
  name: nginx-hpa
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: nginx-deployment
  minReplicas: 1
  maxReplicas: 10
  metrics:
    - type: Resource
      resource:
        name: cpu
        target:
          type: Utilization
          averageUtilization: 50
    - type: Resource
      resource:
        name: memory
        target:
          type: Utilization
          averageUtilization: 70

Apply the HPA configuration:

kubectl apply -f hpa-nginx.yaml

Step 3: Verify the HPA

Check the status of the HPA to ensure it includes both CPU and memory metrics: Use kubectl get hpa to confirm the HPA is configured correctly and includes both CPU and memory targets.

kubectl get hpa nginx-hpa

The output should display both CPU and memory utilization targets:

Step 4: Modify the HPA Configuration:

If you need to adjust the scaling parameters (e.g., minReplicas, maxReplicas, CPU/memory utilization targets), edit the hpa-nginx.yaml file accordingly as shown below and update the new value and save. For example, to increase the maximum number of replicas:

Key Considerations:

  • Monitor HPA Behavior: Regularly monitor the HPA’s behavior using kubectl describe hpa nginx-hpa. This will provide insights into the scaling activities, current pod count, and the reasons for scaling up or down.
  • Fine-tune Metrics: Experiment with different CPU and memory utilization targets to find the optimal values for your application’s workload.
  • Consider Custom Metrics: For more complex scenarios, explore using custom metrics for autoscaling (e.g., request latency, error rates).

Conclusion:

By following these steps, you can effectively update your HPA configuration in AKS to ensure your deployments scale efficiently and effectively based on both CPU and memory utilization. By incorporating memory utilization into your AKS autoscaling strategy, you optimize resource allocation, minimize costs, and enhance application performance. This proactive approach ensures your applications seamlessly handle varying workloads while maintaining high availability and delivering an exceptional user experience. Regularly monitor your HPA metrics and adjust scaling parameters as needed to fine-tune performance and achieve optimal resource utilization.

 

Devops, linux

Understanding Environment Variables in Linux: A Must-Know for DevOps and System Admins

Leave a comment

What Are Environment Variables in Linux?

Environment Variables in Linux are dynamic values that the operating system and various applications use to determine information about the user environment. They are essentially variables that can influence the behavior and configuration of processes and programs on a Linux system. These variables are used to pass configuration information to programs and scripts, allowing for flexible and dynamic system management.

These variables, often referred to as global variables, play a crucial role in tailoring the system’s functionality and managing the startup behavior of various applications across the system. On the other hand, local variables are restricted and accessible from within the shell in which they’re created and initialized.

Linux environment variables have a key-value pair structure, separated by an equal (=) sign. Note that the names of the variables are case-sensitive and should be in uppercase for instant identification.

Key Features of Environment Variables

  • Dynamic Values: They can change from session to session and even during the execution of programs.
  • System-Wide or User-Specific: Some variables are set globally and affect all users and processes, while others are specific to individual users.
  • Inheritance: Environment variables can be inherited by child processes from the parent process, making them useful for configuring complex applications.

Common Environment Variables

Here are some commonly used environment variables in Linux:

  • HOME: Indicates the current user’s home directory.
  • PATH: Specifies the directories where the system looks for executable files.
  • USER: Contains the name of the current user.
  • SHELL: Defines the path to the current user’s shell.
  • LANG: Sets the system language and locale settings.

Setting and Using Environment Variables

Temporary Environment Variables in Linux

You can set environment variables temporarily in a terminal session using the export command: This command sets an environment variable named MY_VAR to true for the current session. Environment variables are used to store information about the environment in which programs run.

export MY_VAR=true
echo $MY_VAR

Example 1: Setting Single Environment Variable

For example, the following command will set the Java home environment directory.

export JAVA_HOME=/usr/bin/java

Note that you won’t get any response about the success or failure of the command. As a result, if you want to verify that the variable has been properly set, use the echo command.

echo $JAVA_HOME

The echo command will display the value if the variable has been appropriately set. If the variable has no set value, you might not see anything on the screen.

Example 2: Setting Multiple Environment Variables

You can specify multiple values for a multiple variable by separating them with space like this:

<NAME>=<VALUE1> <VALUE2><VALUE3>

export VAR1="value1" VAR2="value2" VAR3="value3"

Example 3: Setting Multiple value for single Environment Variable

You can specify multiple values for a single variable by separating them with colons like this: <NAME>=<VALUE1>:<VALUE2>:<VALUE3>

export PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin"

The PATH variable contains a list of directories where the system looks for executable files. Multiple directories are separated by colons.

Permanent Environment Variables in Linux

To make MY_VAR available system-wide, follow these steps:

This command appends the line MY_VAR=”True” to the /etc/environment file, which is a system-wide configuration file for environment variables.

By adding this line, you make the MY_VAR variable available to all users and sessions on the system.

The use of sudo ensures that the command has the necessary permissions to modify /etc/environment

Example 1: Setting Single Environment Variable for all USERS

export MY_VAR=true
echo 'MY_VAR="true"' | sudo tee /etc/environment -a

Breakdown of the Command

echo ‘MY_VAR=”true”‘: This command outputs the string MY_VAR=”true”. Essentially, echo is used to display a line of text.

| (Pipe): The pipe symbol | takes the output from the echo command and passes it as input to the next command. In this case, it passes the string MY_VAR=”true” to sudo tee.

sudo tee /etc/environment -a: sudo: This command is used to run commands with superuser (root) privileges. Since modifying /etc/environment requires administrative rights, sudo is necessary.

tee: The tee command reads from the standard input (which is the output of the echo command in this case) and writes it to both the standard output (displaying it on the terminal) and a file.

/etc/environment: This is the file where tee will write the output. The /etc/environment file is a system-wide configuration file for environment variables.

-a: The -a (append) option tells tee to append the input to the file rather than overwriting its contents. This ensures that any existing settings in /etc/environment are preserved and the new line is simply added to the end of the file.

This command is used to add a new environment variable (MY_VAR) to the system-wide environment variables file (/etc/environment). By appending it, you ensure that the new variable is available to all users and sessions across the entire system.

Example 2: Setting Multiple value for single Environment Variable for all USERS

You can specify multiple values for a single variable by separating them with colons like this: <NAME>=<VALUE1>:<VALUE2>:<VALUE3>

export MY_PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/sbin"
echo MY_PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/sbin" | sudo tee /etc/environment -a

Devops

How to Checkout External Repositories in Azure DevOps Build Pipeline: A Step-by-Step Guide

Leave a comment

Introduction

Efficiently integrating code from external Azure DevOps repositories is crucial for collaborative projects and streamlined development workflows. This comprehensive guide provides a step-by-step approach to accessing and utilizing external repositories within your Azure DevOps pipelines (Checkout External Repositories). We’ll cover essential steps, including creating Personal Access Tokens (PATs), configuring service connections, and referencing external repositories in your YAML pipelines. By following these instructions, you’ll enhance your development process by seamlessly incorporating code from various sources across different subscriptions.

Accessing an External Azure DevOps Repository Across Subscriptions

Accessing a repository from another Azure DevOps subscription can be essential for projects where resources are distributed across different organizations or accounts. This article provides a step-by-step guide on using a Personal Access Token (PAT) and a service connection to access an external repository within an Azure DevOps pipeline. By following these instructions, you’ll be able to integrate code from another subscription seamlessly.

Where it required?

In scenarios where you need to access resources (like repositories) that belong to a different Azure DevOps organization or subscription, you need to configure cross-subscription access. This setup is commonly required in the following situations:

  • Shared Repositories Across Teams: Teams working on interconnected projects in different organizations or subscriptions often need to share code. For example, a core library or shared services might be maintained in one subscription and used across multiple other projects.
  • Centralized Code Management: Large enterprises often centralize codebases for specific functionalities (e.g., CRM services, microservices). If your pipeline depends on these centralized repositories, you must configure access.
  • Multi-Subscription Projects: When an organization spans multiple Azure subscriptions, projects from one subscription might need to integrate code or services from another, necessitating secure cross-subscription access.
  • Dependency Management: A project may depend on another repository’s codebase (e.g., APIs, SDKs, or CI/CD templates) that resides in a different Azure DevOps subscription.
  • Separate Environments: Development and production environments might exist in separate subscriptions for security and compliance. For example, accessing a production-ready repository for release from a different subscription’s development repository.

Step-by-Step Guide

Step 1: Create a Personal Access Token (PAT) in External ADO

  • Navigate to the Azure DevOps organization containing the external repository.
  • Click on your profile picture in the top-right corner and select Personal Access Tokens.
  • Click on New Token and:

Provide a name (e.g., External Repo Access).
Set the Scope to Code (Read) (or higher if required).
Specify the expiration date.
Generate the PAT and copy it. Store it securely as you won’t be able to view it again.

Step 2: Create a Service Connection in your ADO

A service connection allows your pipeline to authenticate with the external repository.

  • Go to the Azure DevOps project where you’re creating the pipeline.
  • Navigate to Project Settings > Service Connections.
  • Click on New Service Connection and select Azure Repos/Team Foundation Server.

In the setup form:

Repository URL: Enter the URL of the external repository.
Authentication Method: Select Personal Access Token.
PAT: Paste the PAT you generated earlier.

Give the service connection a name (e.g., CRM Service Connection) and save it.

Step 3: Reference the External Repository in Your Pipeline

The repository keyword lets you specify an external repository. Use a repository resource to reference an additional repository in your pipeline. Add the external repository to your pipeline configuration.

SYNTAX

repositories:
- repository: string #Required as first property. Alias for the repository.
  endpoint: string #ID of the service endpoint connecting to this repository.
  trigger: none | trigger | [ string ] # CI trigger for this repository(only works for Azure Repos).
  name: string #repository name (format depends on 'type'; does not accept variables).
  ref: string #ref name to checkout; defaults to 'refs/heads/main'. The branch checked out by default whenever the resource trigger fires.
  type: string #Type of repository: git, github, githubenterprise, and bitbucket.

Update your pipeline YAML file to include:

resources:
  repositories:
  - repository: externalRepo
    type: git
    name: myexternal_project/myexternal_repo
    ref: external-ProductionBranch #Branch reference
    endpoint: dotnet Service Connection #Service connection name
  • References the external repository under resources.repositories.
  • name:  mention your external project and Repo name
  • ref: Specifies the branch (external-ProductionBranch)
  • endpoint: service connection (dotnet Service Connection).

Step 4: Checkout the External Repository

Include a checkout step in your pipeline: This ensures the external repository is cloned into the pipeline workspace for subsequent tasks.

steps:
- checkout: externalRepo

Step 5: Define the Build Pipeline

Add steps for building and packaging the code. In my case, the external project is dotnet core so i have added the build steps for the same as shown in below.

- script: |
    dotnet --version
    nuget restore ProjectSrc/dotnethelpers.FunctionApp.csproj
  displayName: 'Restore NuGet Packages'

- task: DotNetCoreCLI@2
  inputs:
    command: 'build'
    projects: '**/dotnethelpers.FunctionApp.csproj'
    arguments: '--output $(Build.BinariesDirectory)/publish_output'

- task: ArchiveFiles@2
  inputs:
    rootFolderOrFile: '$(Build.BinariesDirectory)/publish_output'
    includeRootFolder: false
    archiveType: 'zip'
    archiveFile: '$(Build.ArtifactStagingDirectory)/$(Build.BuildId).zip'
    replaceExistingArchive: true

- task: PublishBuildArtifacts@1
  inputs:
    PathtoPublish: '$(Build.ArtifactStagingDirectory)'
    ArtifactName: 'drop'
    publishLocation: 'Container'

Full YAML

resources:
  repositories:
  - repository: externalRepo
    type: git
    trigger: 
    - external-ProductionBranch
    name: myexternal_project/myexternal_repo
    ref: external-ProductionBranch # Branch reference
    endpoint:dotnet Service Connection # Service connection name

pool:
  vmImage: windows-latest

steps:
- checkout: externalRepo

- task: UseDotNet@2
  displayName: 'Install .NET SDK'
  inputs:
    packageType: 'sdk'
    version: '8.0.x'
    installationPath: $(Agent.ToolsDirectory)/dotnet

- script: |
    dotnet --version
    nuget restore ProjectSrc/dotnethelpers.FunctionApp.csproj
  displayName: 'Restore NuGet Packages'


- task: DotNetCoreCLI@2
  inputs:
    command: 'build'
    projects: '**/dotnethelpers.FunctionApp.csproj'
    arguments: '--output $(Build.BinariesDirectory)/publish_output'

- task: ArchiveFiles@2
  inputs:
    rootFolderOrFile: '$(Build.BinariesDirectory)/publish_output'
    includeRootFolder: false
    archiveType: 'zip'
    archiveFile: '$(Build.ArtifactStagingDirectory)/$(Build.BuildId).zip'
    replaceExistingArchive: true
  
- task: PublishBuildArtifacts@1
  inputs:
    PathtoPublish: '$(Build.ArtifactStagingDirectory)'
    ArtifactName: 'drop'
    publishLocation: 'Container'

Conclusion

Successfully accessing and integrating external Azure DevOps repositories requires careful authentication and configuration. By following the steps outlined in this guide, including creating PATs, establishing service connections, and effectively referencing external repositories within your YAML pipelines, you can seamlessly integrate code from various sources. This streamlined approach fosters enhanced collaboration, improved efficiency, and a more robust development process for your projects.