Skip to main content

azure-as

Last updated on

Prerequisite: Set Up Proxy and/or Load Balancer

Set up a proxy or load balancer that will intercept and manage traffic to your resources. This component is what enables the seamless start/stop functionality.

Azure App Gateway

Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. Application Gateway can make routing decisions based on additional attributes of an HTTP request, for example URI path or host headers.

AutoStopping Proxy

A This proxy VM sits in front of your virtual machines and intelligently starts or stops them based on incoming traffic. It supports both HTTP(S) and TCP connections. Built on the proven, open-source Envoy Proxy, the AutoStopping Proxy is capable of managing traffic for multiple AutoStopping-managed VMs from a single instance.

Below table shows the resources supported by AutoStopping and the appropriate traffic management you can use for each resource type.

Azure ResourceAutoStopping ProxyAzure App Gateway (Load Balancer)
Azure VM
  1. In the AutoStopping overview page, click Load Balancers in the top right. Click on Create Load Balancer and then Create AutoStopping Proxy.
  2. Enter a name and select Azure in Cloud Provider
  3. Choose a cloud connector or create a new one.
  4. Enter Application Gateway Configuration.
    • Region: The region where your target VM or the cloud resource is hosted.
    • Resource Group: A Resource Group (RG) in Azure is a logical container that holds related resources for a solution. In the context of an Azure Application Gateway, the resource group serves as the container for the various resources associated with the Application Gateway, such as: Virtual Machines (VMs), Storage Accounts, Networking Resources, etc.
    • Virtual Network: Azure Virtual Network is a service that provides the fundamental building block for your private network in Azure. VNet allows you to create and manage virtual private networks (VPNs) in the Azure cloud.
    • Subnet: AppGateway subnet should only contain AppGateway, no other resources can be placed in this subnet.
    • Security Group to define the security rules that determine the inbound and outbound traffic.
    • TLS Certificate Configuration:
      • TLS Certificate Secret Version: Enter the value displayed in the Secret Identifier field on the Azure console.
      • TLS Private Key Secret Version: Create another secret for the private key and enter the value in this field.
note

It is recommended to create the secret using the Azure CLI, and not using the Generate/Import option on the UI. This is to avoid some unwanted characters that get added to the certificate value. For more information, go to Set and retrieve a secret from Azure Key Vault using Azure CLI.

Example:
 key-vault % az keyvault secret set --vault-name "sandy-test" --name "MultilineSecret" --file "secretfile.crt"
{
  "attributes": {
    "created": "2022-11-23T10:00:45+00:00",
    "enabled": true,
    "expires": null,
    "notBefore": null,
    "recoveryLevel": "Recoverable+Purgeable",
    "updated": "2022-11-23T10:00:45+00:00"
  },
  "contentType": null,
  "id": "https://sandy-test.vault.azure.net/secrets/MultilineSecret/1ddef90227664720a8a4604782a15f38",
  "kid": null,
  "managed": null,
  "name": "MultilineSecret",
  "tags": {
    "file-encoding": "utf-8"
  },
  "value": "This is my\nmulti-line\nsecret\n"
}
sandeepbhat@Sandeep Bhat key-vault % az keyvault secret set --vault-name "sandy-test" --name "PrivateKeytest" --file "private-key.pem"
{
  "attributes": {
    "created": "2022-11-23T10:02:03+00:00",
    "enabled": true,
    "expires": null,
    "notBefore": null,
    "recoveryLevel": "Recoverable+Purgeable",
    "updated": "2022-11-23T10:02:03+00:00"
  },
  "contentType": null,
  "id": "https://sandy-test.vault.azure.net/secrets/PrivateKeytest/20e60b7dde6340d7b17e9d446abfc984",
  "kid": null,
  "managed": null,
  "name": "PrivateKeytest",
  "tags": {
    "file-encoding": "utf-8"
  },
  "value": "-----BEGIN PRIVATE KEY-----\\\\XXXXXXXXXXXXXXXXXXXXXXXXXXX\\\\n-----END PRIVATE KEY-----\\\n"

  • Machine type: Select the type of VM that you want to set the AutoStopping rule for.
  • Key Pair: Enter the SSH key pair.
    • This key can be used to access the machine over SSH with the ubuntu user
  • API Key: Enter the NG API key. Choose No Expiration in the Expiration dropdown list while creating this API key. Go to Create an API Key for more information.
  • [OPTIONAL] Allocate Static IP: Enable to assign an elastic IP address
    • Makes the proxy publicly accessible
    • Remember to update your DNS records to point to this IP
  1. Click on Save AutoStopping Proxy.

Create AutoStopping Rule

  • In Harness, navigate to Cloud Costs > AutoStopping Rules and click New AutoStopping Rule.

  • Select Cloud Provider as AWS. Select an existing AWS connector or create a new one.

  • Enter a Name for your rule

  • AutoStopping Type: Choose how you want your resources to be managed automatically. You can either choose Traffic-based with schedules optionally or Schedules only.

    • Traffic-based with schedules optionally: Resources automatically stop when idle and restart when traffic is detected. You can configure schedule overrides in advanced settings.
    • Schedules only: Resources automatically start and stop based on defined schedules. You can configure multiple schedules in advanced settings.
    info

    Please note: Schedule-only rules can be changed to traffic-based during edit, but traffic-based rules cannot be reverted to schedule-only. (Schedules on traffic-based rules remain editable)

  • Set the Idle Time - how long an instance should be inactive before stopping

  • In the Resources to be managed by the AutoStopping rules section, select "VM". Post this, specify how you would like the resources to be handled once idle for the specified Idle Time: Shut Down or Hibernate.

  • Click on + Add an instance and select the VM you want to onboard.

Advanced Configuration (Optional):

  • Hide Progress Page: Toggle this to disable the display of a progress page during instance warm-up.
  • Dry-Run: Toggle this button if you wish to evaluate the feature without terminating your cloud resources.

Link your rule to other AutoStopping rules if resources depend on each other.

  • Click Add Dependency and select a rule from the RULES drop-down list.
  • In DELAY IN SECS, enter the number of seconds the dependent rule should wait after warming up before warming up this rule.
Click to expand advanced configuration details

(Optional) Set up advanced configuration

In this step, you can configure the following settings:

Hide progress page

Toggle the button to disable the display of progress page during instances' warming up process. This option is especially useful when the service is invoked by an automation system, as it prevents misinterpretation of the progress page as the intended response from a service that is onboarded to AutoStopping. By hiding the progress page, the first response of warming up a rule after a downtime will be delayed until the intended service is up and running.

Dry Run

Toggle the button if you wish to evaluate this feature without terminating your cloud resources.

Add Dependency

Set dependencies between two or more AutoStopping Rules when you want one Rule to make one or more Rules to be active based on the traffic that it receives. For example for an application server dependent on a database server, create two AutoStopping Rules managing both the servers. Add a dependency on the Rule managing the application server to be dependent on the Rule managing the database server.

  1. Click add dependency to add a dependency on any existing rule.
  2. Select the rule from the RULES drop-down list.
  3. In DELAY IN SECS, enter the number of seconds that rule should wait after warming up the dependent rule. For example, you have Rule 1 dependent on Rule 2 and you have set 5 seconds delay. In that case, when the request is received to warm up Rule 1, then first Rule 2 (dependent rule) is warmed up, and then there is a delay of 5 seconds before warming up Rule 1.
  4. Once you're done with all the configurations, click Next.

Fixed Schedule

Create fixed uptime or downtime schedules for the resources managed by this AutoStopping Rule. When a resource is configured to go up or down on a fixed schedule, it is unaffected by activity or idleness during that time period.

In certain scenarios, you would not want your resources to go down or up. For example, every Friday at 5 p.m. you want your ABC resource to go down. You can schedule downtime for your ABC resource. During this window, the resource is forced to go down regardless of the defined rule. You can choose to specify uptime for your resources in the same way.

note

The fixed schedule takes precedence over the defined AutoStopping Rule.

note

Harness executes scheduled rules using Dkron, an open-source workload automation service.

To create a fixed schedule for your rule, do the following:

  1. In Fixed Schedules, click Add Fixed Schedule.
  2. In New Fixed Schedule, enter a Name for your schedule.
  3. In Type, select the type for your schedule. You can schedule an Uptime or Downtime for your rule. As per your schedule, the resources go up or down.
  4. Select the Time Zone from the drop-down list.
  5. In Set schedule period, use the date picker to set the start and end time for your schedule.
    1. In Begins on, select the start date and time for your schedule. You can select a date and specify the time.
    2. In Ends on, select the end date and time for your schedule. You can select a date and specify the time. Ensure that Never ends checkbox is unselected to set the end time.
    If you don't specify an end time, the schedule continues to run until you manually update the settings or remove the schedule.
  6. Select the checbox Never ends if you do not want to set end time for your schedule.
  7. You can also set a recurring schedule for the rule. If you want to set a recurring schedule, in Uptime/Downtime in the selected period, in Repeats, select the repeat frequency.
    1. Select which days of the week you'd like your schedule to repeat. You can choose any day between Sunday and Saturday.
    2. Select Everyday, to set the schedule for all seven days of the week.
    3. Set your repeat schedule's beginning and ending time. In the Time field, specify the start and end time for the fixed schedule.
    4. Select All Day, if you wish to set your schedule for the entire day. If you choose All Day for your schedule, you won't be able to choose a start and end time.

Azure AutoStopping Savings Computation

Billing data from Azure's amortized billing export will be used to compute savings for Azure VM-based AutoStopping rules. Please ensure the connector has amortized billing export enabled.

Important points to Remember:

  • Savings numbers will become precise only after the savings numbers are finalized after the 15th of the next month (after the final settlement). Savings will be recomputed for the previous month on the 15th of the next month to ensure any updates to CUR/billing-export are considered in the final savings numbers for the month.

  • GCP billing export configured in the billing connector needs to be "detailed".

  • Azure billing export configured in the billing connector needs to be "amortized".

  • For cluster-based AutoStopping rules, the corresponding billing-enabled connector of the CSP should be configured in Harness; otherwise, savings computation will be based on public pricing data.