Dapr is an open source, portable, event-driven runtime that makes it easy for developers to build resilient, microservice stateless and stateful applications that run on the cloud and edge. Dapr embraces the diversity of all programming languages and developer frameworks and simplifies building applications.
Dapr building blocks
- Service Invocation – Resilient service-to-service invocation enables method calls, including retries, on remote services wherever they are running in the supported hosting environment.
- State management – With state management for key/value pairs, long running, highly available, stateful services can be easily written, alongside stateless services in the same application. The state store is pluggable and can include Azure Cosmos or Redis, with others such as AWS DynamoDB on the component roadmap.
- Publish and subscribe messaging between services – Publishing events and subscribing to topics between services enables event-driven architectures to simplify horizontal scalability and make them resilient to failure.
- Event driven resource bindings – Resource bindings and triggers build further on event-driven architectures for scale and resiliency by receiving and sending events to and from any external resources such as databases, queues, file systems, blob stores, webhooks, etc. For example, your code can be triggered by a message on an Azure EventHub service and write data to Azure CosmosDB.
- Virtual actors – A pattern for stateless and stateful objects that make concurrency simple with method and state encapsulation. Dapr provides many capabilities in its virtual actor runtime including concurrency, state, life-cycle management for actor activation/deactivation and timers and reminders to wake up actors.
- Distributed tracing between services – Easily diagnose and observe inter-service calls in production using the W3C Trace Context standard and push events to tracing and monitoring systems.
You can read more about Dapr at http://dapr.io, get started with code and samples at https://github.com/dapr/dapr and reach out on gitter.im/Dapr or Twitter @daprdev.
Getting started with Dapr is easy and you can start with a few steps described below
How to get up and running with Dapr in minutes
The following steps in this guide are:
- Install the Dapr CLI
- Initialize Dapr
- Use the Dapr API
- Configure a component
- Explore Dapr quickstarts
powershell -Command "iwr -useb https://raw.githubusercontent.com/dapr/cli/master/install/install.ps1 | iex"
Important is to close the powershell window and reopen this. Else the module won’t be active
type dapr
Open Powershell
type dapr
dapr
__
____/ /___ _____ _____
/ __ / __ ‘/ __ \/ ___/
/ /_/ / /_/ / /_/ / /
\__,_/\__,_/ .___/_/
/_/
======================================================
A serverless runtime for hyperscale, distributed systems
Usage:
dapr [command]
Available Commands:
completion Generates shell completion scripts
components List all Dapr components
configurations List all Dapr configurations
dashboard Start Dapr dashboard
help Help about any command
init Setup dapr in Kubernetes or Standalone modes
invoke Invokes a Dapr app with an optional payload (deprecated, use invokePost)
invokeGet Issue HTTP GET to Dapr app
invokePost Issue HTTP POST to Dapr app with an optional payload
list List all Dapr instances
logs Gets Dapr sidecar logs for an app in Kubernetes
mtls Check if mTLS is enabled in a Kubernetes cluster
publish Publish an event to multiple consumers
run Launches Dapr and (optionally) your app side by side
status Shows the Dapr system services (control plane) health status.
stop Stops multiple running Dapr instances and their associated apps
uninstall Removes a Dapr installation
Flags:
-h, –help help for dapr
–version version for dapr
Use “dapr [command] –help” for more information about a command.
subcommand is required
dapr init
PS C:\Windows\system32> dapr init
Making the jump to hyperspace…
Downloading binaries and setting up components…
Unable to find image ‘openzipkin/zipkin:latest’ locally
latest: Pulling from openzipkin/zipkin
docker: no matching manifest for windows/amd64 10.0.17763 in the manifest list entries.
See ‘docker run –help’.
Quickstarts and Samples
Follow Me on Twitter @ClusterMVP
Follow My blog https://robertsmit.wordpress.com
Linkedin Profile Robert Smit MVP Linkedin profile
Google : Robert Smit MVP profile
Like this:
Like Loading...
The Secure DevOps Kit for Azure is a collection of scripts, tools, extensions, automations.
The kit is based on Powershell and can be extended to Azure log analytics with some nice dashboarding. But if you have a large subscription the Powershell query can take some time. With this toolkit Devops teams using extensive automation and smoothly integrating security into native Devops workflows helping accomplish secure Devops with these 6 focus areas:
- Secure the subscription: A secure cloud subscription provides a core foundation upon which subsequent development and deployment activities can be conducted. An engineering team should have the capabilities to deploy and configure security in the subscription including elements such as alerts, ARM policies, RBAC, Security Center policies, JEA, Resource Locks, etc. Likewise, it should be possible to check that all settings are in conformance to a secure baseline
- Enable secure development: During the coding and early development stages, developers should have the ability to write secure code and to test the secure configuration of their cloud applications. Just like build verification tests (BVTs), we introduce the concept of security verification tests (SVTs) which can check for security of various resource types in Azure
- Integrate security into CICD: Test automation is a core tenet of devops. We emphasize this by providing the ability to run SVTs as part of the VSTS CICD pipeline. These SVTs can be used to ensure that the target subscription used to deploy a cloud application and the Azure resources the application is built upon are all setup in a secure manner
- Continuous Assurance: In the constantly changing dev ops environment, it is important to move away from the mindset of security being a milestone. We have to treat security as a continuously varying state of a system. This is made possible through capabilities that enable continuous assurance using a combination of automation runbooks, schedules, etc.
- Alerting & Monitoring: Visibility of security status is important for individual application teams and also for central enterprise teams. We provide solutions that cater to the needs of both. Moreover, the solution spans across all stages of dev ops in effect bridging the gap between the dev team and the ops team from a security standpoint through the single, integrated views it generates
- Cloud Risk Governance: Lastly, underlying all activities in the kit is a telemetry framework that generates events capturing usage, adoption, evaluation results, etc. This allows us to make measured improvements to security targeting areas of high risk and maximum usage before others.
Keep in mind that The OMS portal will is retired on January 15, 2019. You can continue to use your existing services and licensing in the Azure portal.
Even in the Azure portal you can still connect to OMS
Complete feature set of Secure DevOps Kit for Azure
Setting up Secure DevOps Kit for Azure (AzSK)
First make sure you have the right Azure modules installed, I noticed the automation module failed So I added this manualy.
Import-Module AzureRM.Automation
Get-AzSKAzureServicesSecurityStatus -SubscriptionId
Installing the Secure DevOps Kit for Azure (AzSK)
Install-Module AzSK -Scope CurrentUser
Now that the Powershell modules are installed we can start the (AzSK) Scan
Get-AzSKAzureServicesSecurityStatus –SubscriptionId ID
In this subscription there are 44 items that are been checked
Items are been checked on the security issues
Nice detailed overview is shown. Also a log folder is been created with all the issues. per resource Item.
As you can see I have some failed items and with a High, so I need to take a good look at this and fix this.
This maybe one of the best Items here an excel sheet with al the issues listed with the solution mentioned and if this can be automated.
If needed there is an URL that points you to the right solution.
As Azure log analytics is great and it can be integrated with some OMS (Azure monitoring Dashboards)
The OMS portal will be retired on January 15, 2019. You can continue to use your existing services and licensing in the Azure portal. So the current documentation need some updating.
Pressing the OMS button in the Azure portal brings you to the OMS portal but then nothing. As it is now all Azure portal.
Setting up the dashboards failed on me during the first installation but when I did run this a second time the dashboard was there. (Timing)
Creating the OMS default dashboard we need to run some powershell scripts.
$omsSubId =”id” #subscription hosting the OMS workspace
$omsWSId =’OMS ID’
$omsRGName =’omsrsg’ #RG where the OMS workspace is hosted
$azSkViewName = ‘MVP_AzSK_view’ #This will identify the tile for AzSK view in OMS.
#This command will deploy the AzSK view in the OMS workspace.
Install-AzSKOMSSolution -OMSSubscriptionId $omsSubId `
-OMSResourceGroup $omsRGName `
-OMSWorkspaceId $omsWSId `
-ViewName $azSkViewName
Note:
1) The blades of the OMS view created by this command will start populating only after AzSK scan events become available in the corresponding OMS workspace.
To understand how to send AzSK events to an OMS workspace see https://aka.ms/devopskit/oms.
2) The OMS view installed contains a basic set of queries over DevOps Kit scan events. Please feel free to customize them once you get familiar with the que
ries.
We also periodically publish updated/richer queries at: https://aka.ms/devopskit/omsqueries.
Checking the OMS – log analytics workspace it has not much issues as this is a test subscription and if it was all perfect then there is no fun.
and with longer logging and more Items in azure you will get a different overview.
There are lots of options you can set and there is a detailed description on how to use this on Github
Setting up ARM policys is also one of the options
Set-AzSKARMPolicies –SubscriptionId
So get started with the DevOpsKit https://github.com/azsk/DevOpsKit-docs
https://github.com/azsk/DevOpsKit-docs/tree/master/05-Alerting-and-Monitoring
AzSK Security Controls Portal @https://aka.ms/azskosstcp
With this it’s a nice tool and yes a bit time consuming but learned a lot and make me see things different in the Azure Subscription
And If you combine this directly and not afterwards then this could be your time saver to fix all the security items
Follow Me on Twitter @ClusterMVP
Follow My blog https://robertsmit.wordpress.com
Linkedin Profile Robert Smit MVP Linkedin profile
Google : Robert Smit MVP profile
Like this:
Like Loading...
