Azure Insights: Functions vs. Lambda; VM images; DevOps hosted agents; Key Vault access

April 25 2021

Azure pros discuss the difference between Azure Functions and AWS Lambda, VM images, DevOps hosted agents, and Key Vault access.

Comparing Azure Functions and AWS Lambda

Vidya, writing on WhizLabs, wondered about the Azure equivalent of AWS Lambda. The Lambda code execution platform serves to reduce the scope of containerization and is used to execute multiple Amazon Machine instances. Vidya argues that Azure Automation is a rough equivalent together with Azure Functions.

Both Functions and Lambda support Node.js, Python and C#, while Functions offers PHP and F# and Lambda provides Python and Java. Vidya explained the difference in hosting plans, configuration, extensibility, and programming. In contrast to Lambda, Functions supports input/output binding, HTTP functions out of the box, automatic package restore and supports five more languages than Lambda, but Lambda offers features like multiple trigger sources and deep integration with other services.

Building VM images

Aidan Finn discussed how users can build Azure VM images with Packer and Azure Files. Users commonly need rapidly deployable VM images, such as for a Citrix or Windows Virtual Desktop worker pool. While some choose Marketplace images, a classic alternative is to build a golden image and install. Currently, Azure Image Builder remains merely a preview and can fail often due to complexity.

Instead, users can turn to Packer, a free tool from Hashicorp. Users can develop VM images for a variety of different platforms, including Azure ARM. He wrote:

I wanted to build a golden image, a template, for a Citrix worker pool, running in Azure and managed by Citrix Cloud. The build needs to be monthly, receiving the latest Windows Updates and application upgrades. The solution should be independent of the network and not require any file servers… I put the application packages into Azure Files. Each installation is wrapped in a simple PowerShell script. That means I can enable a PowerShell provisioner to run multiple scripts.

Pulling public IP addresses for Azure DevOps hosted agents

Thomas Thornton explained how to pull a specific public IP address for an Azure DevOps hosted agent or GitHub-hosted runner. He demoed how to pull each with bash in DevOps Pipelines and GitHub Workflows. The approaches come in handy when determining if an agent or runner requires access that is IP restricted, like an Azure Storage Account subject to network restrictions. Thornton wrote:

This sort of requirement is useful if the agent or runner requires access that currently is IP restricted, such as an Azure Storage Account with network restrictions in place – you can extract the Public IP to be used as a variable within the pipeline to temporary update a specific firewall…

Key Vault access in Kubernetes Service

Writing on Pixel Robots, Richard Hooper discussed Key Vault access for Kubernetes Service with the new AKS add-on. When working with Kubernetes and secrets, users should be aware that secrets aren't secure by default. He explained how to install the new AKS add-on to set up the store CSI driver and Key Vault.

Users need to have the AKS-preview extension installed and register the new feature. The ContainerService provider will need to re-registered to enable the feature. He wrote:

When you create an AKS cluster a Managed identity is created. This is normally called “clustername-agentpool”. You need to give this managed identity access to the key vault your secrets, keys, and certificates are stored in. To find the client ID and set the key vault access use the following. Just make sure you change the cluster resource group, cluster name and key vault name.

Lastly, once deployed users can check to see how pods access Key Vault.

FREE Membership Required to View Full Content:

Become a MemberLogin
Joining gives you free, unlimited access to news, analysis, white papers, case studies, product brochures, and more, and it’s all FREE. You’ll also have the option to receive periodic email newsletters with the latest relevant articles and content updates. Learn more about us here
About MSCN Reporter

More about MSCN Reporter