Friday, March 29, 2019

Move Azure resources to new resource group or subscription

If you have new subscription or you want to move from Free subscription to Pay-As-You-Go Subscription then hope this steps will help you to move your services. You can use the Azure portal, Azure PowerShell, Azure CLI, or the REST API to move resources.

Here I'm using the Azure Portal to move the resources. Specially what you need to check is the list of resources that you cant move and the current list is mentioned below,

  • AD Domain Services
  • AD Hybrid Health Service
  • Application Gateway
  • Azure Database Migration
  • Azure Databricks
  • Azure Firewall
  • Azure Migrate
  • Azure NetApp Files
  • Certificates - App Service Certificates can be moved, but uploaded certificates have limitations.
  • Classic Applications
  • Container Instances
  • Container Service
  • Data Box
  • Dev Spaces
  • Dynamics LCS
  • ExpressRoute
  • Kubernetes Service
  • Lab Services - Classroom Labs can't be moved to a new resource group or subscription. DevTest Labs can be moved to a new resource group in the same subscription, but not across subscriptions.
  • Managed Applications
  • Microsoft Genomics
  • Security
  • Site Recovery
  • StorSimple Device Manager
  • Virtual Networks (classic) - see Classic deployment limitations
Below list of the services can be moved without any issues.

  • Analysis Services
  • API Management
  • App Service apps (web apps) - see App Service limitations
  • App Service Certificates - see App Service Certificate limitations
  • Automation - Runbooks must exist in the same resource group as the Automation Account.
  • Azure Active Directory B2C
  • Azure Cache for Redis - if the Azure Cache for Redis instance is configured with a virtual network, the instance can't be moved to a different subscription. See Virtual Networks limitations.
  • Azure Cosmos DB
  • Azure Data Explorer
  • Azure Database for MariaDB
  • Azure Database for MySQL
  • Azure Database for PostgreSQL
  • Azure DevOps - Azure DevOps organizations with non-Microsoft extension purchases must cancel their purchases before they can move the account across subscriptions.
  • Azure Maps
  • Azure Monitor logs
  • Azure Relay
  • Azure Stack - registrations
  • Batch
  • BizTalk Services
  • Bot Service
  • CDN
  • Cloud Services - see Classic deployment limitations
  • Cognitive Services
  • Container Registry - A container registry can't be moved when geo-replication is enabled.
  • Content Moderator
  • Cost Management
  • Customer Insights
  • Data Catalog
  • Data Factory
  • Data Lake Analytics
  • Data Lake Store
  • DNS
  • Event Grid
  • Event Hubs
  • Front Door
  • HDInsight clusters - see HDInsight limitations
  • Iot Central
  • IoT Hubs
  • Key Vault - Key Vaults used for disk encryption can't be moved to resource groups in the same subscription or across subscriptions.
  • Load Balancers - Basic SKU Load Balancer can be moved. Standard SKU Load Balancer can't be moved.
  • Logic Apps
  • Machine Learning - Machine Learning Studio web services can be moved to a resource group in the same subscription, but not a different subscription. Other Machine Learning resources can be moved across subscriptions.
  • Managed Disks - Managed Disks in Availability Zones can't be moved to a different subscription
  • Managed Identity - user-assigned
  • Media Services
  • Monitor - make sure moving to new subscription doesn't exceed subscription quotas
  • Notification Hubs
  • Operational Insights
  • Operations Management
  • Portal dashboards
  • Power BI - both Power BI Embedded and Power BI Workspace Collection
  • Public IP - Basic SKU Public IP can be moved. Standard SKU Public IP can't be moved.
  • Recovery Services vault - enroll in a preview.
  • SAP HANA on Azure
  • Scheduler
  • Search - You can't move several Search resources in different regions in one operation. Instead, move them in separate operations.
  • Service Bus
  • Service Fabric
  • Service Fabric Mesh
  • SignalR Service
  • Storage - storage accounts in different regions can't be moved in the same operation. Instead, use separate operations for each region.
  • Storage (classic) - see Classic deployment limitations
  • Stream Analytics - Stream Analytics jobs can't be moved when in running state.
  • SQL Database server - database and server must be in the same resource group. When you move a SQL server, all its databases are also moved. This behavior applies to Azure SQL Database and Azure SQL Data Warehouse databases.
  • Time Series Insights
  • Traffic Manager
  • Virtual Machines - see Virtual Machines limitations
  • Virtual Machines (classic) - see Classic deployment limitations
  • Virtual Machine Scale Sets - see Virtual Machines limitations
  • Virtual Networks - see Virtual Networks limitations
  • VPN Gateway
To move the Service first select the service and under overview you can see the subscription and to move the subscription you can click on change.

Or else you will see the Move option on top of the service like the below picture.

Next you will see the all attached services from there you can select the services that you want to move into the new Subscription. 
But my recommendation is to move one at a time 

Once you select the correct subscription and the resource Group then click OK to proceed.

If the validation passed, means you are almost done with the moving the selected service.

Thursday, March 28, 2019

Create AKS cluster

This series of blog post will be help you to understand about the migration using Azure Kubernetes Service (AKS). This article is to cover the Azure Kubernetes Cluster creation and deploying a  sample application  using local repository.
First of all you need to create the resource Group and specially need to select the correct Location for that. You can run the below command to do that

$ az group create --name myResourceGroup --location eastus

To create the AKS Cluster, you can use the below command. Node count and the  monitoring can be define there itself

$ az aks create --resource-group HemalAKS --name hemalAKSCluster --node-count 1 --enable-addons monitoring --generate-ssh-keys

Once this is executed, You will get the below output.

To configure kubectl to connect to your Kubernetes cluster, use the az aks get-credentials command.

$ az aks get-credentials --resource-group HemalAKS --name HemalAKSCluster

To check whether you connected to the cluster you can run Kubectl get Namespace  command.
If you have more than one cluster and want to check whether you are in the the collect place then you can run
$ Kubectl cluster-infor    Command and see whether you are in the the correct cluster.

I’ using a sample code provided by Microsoft and the repo location is as below,

Use git to clone the sample application to your development environment:

git clone

Then change the directory in to the cloned directory. For that you can run

$ cd azure-voting-app-redis

Inside this directory is the application source code, a pre-created Docker compose file, and a Kubernetes manifest file. going to use those files to run this.
To create the Container Image
Here i’m using Doker and hope you have already configured the Docker in your PC. Then run,

docker-compose up -d

Then the Docker image will be created locally and you can check the Docker Image status by running

$ docker images

$ docker ps     will show you the running containers

To deploy this locally created Image into the Azure AKS cluster you can run

$ kubectl apply -f dockerise_image_name.yaml

This will deploy the Image into the created cluster and by running kubectl services or kubectl -n get services    you will be able to see the network detail of the created pod in the AKS cluster.

Next post will see how to deploy this Image in the ACR and to the deployments.

Sunday, March 24, 2019

Deploy and use Azure Container Registry

Here I’ll going to create a Azure Container Register and note down the steps.
Will run though this step by step guide you to create your our Kubernetes Cluster.

First of all need to login into your Azure subscription by using below command

> az login 

Then you can create the Resource group (RG) and then create the ACR or if you have already created the RG then create the ACR on that RG is possible.
But …. If you have more than one subscription then first you need to assign the correct subscription. For that run the below command,
> az account set –subscription <Subscription ID>

To create resource group(RG) run the below command,
az group create --name HemalAKS --location eastasia

To create the Azure Container Register(ACR) use the below command.
az acr create --resource-group hemalaks --name hemalaksacr1 --sku Basic

Once that is done you  can login into the ACR by running below command.

az acr login --name <acrName>

The command returns a Login Succeeded message once completed.
Before you can push an image to your ACR registry, you must tag it with the fully qualified name of your ACR login server.
Run the following command to get the full login server name of your ACR instance.
az acr list --resource-group myResourceGroup --query "[].{acrLoginServer:loginServer}" --output table

Copy the output. This will be need to tag the image and will continue with the next post.

Thursday, March 7, 2019

ERROR: A different object named clusterUser_ already exists in users

If you are getting this error message when you are trying to connect to the AKS cluster then it means you have already that session was added  there but the default session was set to the second cluster.
Error details :

z : ERROR: A different object named clusterUser_<> already exists in users

PS C:\Users\hemekanayake> az aks get-credentials --resource-group <resource-group name>
az : ERROR: A different object named clusterUser_<Cluster_Name> already exists in users

To  resolve this you can run the same command with -- overwrite-existing  command which will overwrite the existing values added there.

az aks get-credentials --resource-group <Resource_group_name> --overwrite-existing

Wednesday, March 6, 2019

Namespaces is forbidden : AKS dashboard error

In Kubernetes dashboard if you get the mentioned error, that means the correct permissions were not granted to for the dashboard. Once you load the dashboard you will see notifications as mentioned below.
namespaces is forbidden: User "system:serviceaccount:kube-system:kubernetes-dashboard" cannot list namespaces at the cluster scope


You can run the below mentioned command on the Azure CLI and create the cluster role binding. Once you run this command the cluster admin permission will be grant to the AKS dashboard.

kubectl create clusterrolebinding kubernetes-dashboard --clusterrole=cluster-admin --serviceaccount=kube-system:kubernetes-dashboard

Hope this will help.
If you still experiencing with an issue you can write to me to get help on that.