//Cloud notes from my desk -Maheshk

"Fortunate are those who take the first steps.” ― Paulo Coelho

Failed to delete virtual network ‘k8s-vkdemo-2-vnet’. Error: Subnet virtual-node-aci is in use by and cannot be deleted

Recently I tried deleting few resource groups(RG) having AKS cluster with ACI enabled. I couldn’t get them deleted completely for some reason leaving Vnet all those RG’s.

Error message was “Failed to delete virtual network ‘k8s-vkdemo-2-vnet’. Error: Subnet virtual-node-aci is in use by and cannot be deleted.” I got the same error for other 2 cluster RG as well. I tried deleting individual sub-nets there I got an error.

With help of support and this article I was able to delete the RG. It’s is documented here -> https://docs.microsoft.com/en-us/azure/container-instances/container-instances-vnet#delete-network-resources.

Here is the revised script.

# Replace <my-resource-group> with the name of your resource group

# Replace <my_vnet_name> with the name of your VNet name

# Replace <my_subnet_name> with the name of your subnet name

# Get network profile ID
NETWORK_PROFILE_ID=$(az network profile list --resource-group $RES_GROUP --query [0].id --output tsv)

# Delete the network profile
az network profile delete --id $NETWORK_PROFILE_ID -y

# Get the service association link (SAL) ID
SAL_ID=$(az network vnet subnet show --resource-group $RES_GROUP --vnet-name $VNET_NAME --name $SUBNET_NAME --query id --output tsv)/providers/Microsoft.ContainerInstance/serviceAssociationLinks/default

# Delete the default SAL ID for the subnet
az resource delete --ids $SAL_ID --api-version 2018-07-01

# Delete the subnet delegation to Azure Container Instances
az network vnet subnet update --resource-group $RES_GROUP --vnet-name $VNET_NAME --name $SUBNET_NAME--remove delegations 0

# Delete the subnet
az network vnet subnet delete --resource-group $RES_GROUP --vnet-name $VNET_NAME --name $SUBNET_NAME

# Delete virtual network
az network vnet delete --resource-group $RES_GROUP --name $VNET_NAME

2019-03-18 Posted by | AKS, Azure, Azure Dev, Uncategorized | Leave a comment

Why Azure Kubernetes Service(AKS) vs Others

What is AKS?
– deploy a managed Kubernetes cluster in Azure.
– reduces the complexity and operation overhead of managing
K8s by offloading much of that responsibility to Azure
– handles critical tasks like health monitoring and maintenance for you.
– masters are managed by Azure and You only manage and maintain the agent nodes.
– free, you only pay for the agent nodes and not for the master


Why AKS vs Others?
– Streamlined application onboarding with integrated VSTS CI/CD via DevOps Project
– Deep integration with Azure Monitor and Log Search
– Using Azure Dev Spaces for AKS – enables multiple developers to collaborate and rapidly iterate/debug microservices directly in AKS dev environment
– Open source thought leadership through projects like Virtual Kubelet, Helm, Draft, Brigade & Kashti & our contribution to the open source community
– Support for scenarios such as elastic bursting using Azure Container Instance (ACI) and Virtual Kubelet
– Users can use Key Vault for increased security and control over Kubernetes keys and passwords, create and import encryption keys in minutes
– Developers and operations can be assured their workloads will have Automated OS & Framework Patching with ACR Build
– Rich Tooling Support  VS Code/VS integration (VSCode is a free code editor; try today, you’ll thank us )

Best practice guidance
> For integration with existing virtual networks or on-premises networks, use advanced networking in AKS.
> greater separation of resources and controls in an enterprise environment

Two different ways to deploy AKS clusters into virtual networks:
+ Basic networking – Azure manages the virtual network resources as the cluster is deployed and uses the kubenet Kubernetes plugin.
+ Advanced networking – Deploys into an existing virtual network, and uses the Azure Container Networking Interface (CNI) Kubernetes plugin. Pods receive individual IPs that can route to other network services or on-premises resources.
The Container Networking Interface (CNI) is a vendor-neutral protocol that lets the container runtime make requests to a network provider. The Azure CNI assigns IP addresses to pods and nodes, and provides IP address management (IPAM) features as you connect to existing Azure virtual networks. Each node and pod resource receives an IP address in the Azure virtual network, and no additional routing is needed to communicate

$ az aks create –resource-group myAKSCluster –name myAKSCluster –generate-ssh-keys \
–aad-server-app-id \
–aad-server-app-secret \
–aad-client-app-id \

$ az aks get-credentials –resource-group myAKSCluster –name myAKSCluster –admin
Merged “myCluster” as current context ..

$ kubectl get nodes

aks-nodepool1-42032720-0 Ready agent 1h v1.9.6
aks-nodepool1-42032720-1 Ready agent 1h v1.9.6
aks-nodepool1-42032720-2 Ready agent 1h v1.9.6

2019-03-06 Posted by | AKS, Azure Dev, Kubernetes, Linux, Microservices, PaaS | | Leave a comment

[Azure Service Fabric] Five steps to achieve Event aggregation and collection using EventFlow in Service Fabric

Monitoring and diagnostic are critical part in application development for diagnosing issue at production or development time. It helps one to easily identify any application issue, h/w issue and performance data to guide scope for improvement. It has 3 part workflow starts with 1) Event Generation 2) Event Aggregation 3) Analysis.

1) Event Generation –> creation and generation of events & logs. Logs could be of infra level events(anything from the cluster) or application level events (from the apps and services).

2) Event Aggregation –> generated events needs to be collated and aggregated before they can be displayed

3) Analysis –> visualized in some format

Once we decide the log provider, the next phase is aggregation. In Service Fabric, the event aggregation can be achieved by using (a) Azure Diagnostic logs (agent installed on VM’s) or (b) EventFlow (in process log collection).

Agent based log collection is a good option if our event source and destination does not change and have one to one mapping. Any change would require cluster level update which is sometime tedious and time consuming. In this type, the logs get tanked in storage and then goes to display phase.

But in case of EventFlow, in process logs are directly thrown to a remote service visualizer. Changing the data destination doesn’t require any cluster level changes as like in agent way update. Anytime we can change the data destination path from this file eventFlowConfig.json. Depends on the criticality we can have both if required. However, Azure diagnostics logs are recommended for mostly infra level log collection where as EventFlow suggested for Application level logs. The last step is Event Analysis where we analysis and visualize the incoming data. Azure Service fabric has better integration support for OMS and Application Insights.

In this article, let us see how one can easily use EventFlow in their Service Fabric Stateful application in 5 steps.

Step1:- Let say, create a new Service Fabric Project by selecting “Stateful Service” application. Pls change the .NET version of the project to 4.6 and above.

Step2:- Right click and add the following nuget packages. Search for “Diagnostics.EventFlow” and then add the following packages. 



Step3:- Update the eventflowconfig.json file as below. Event Source class uses the Json file to send the data. This file needs to be modified to capture data or configure to desired destination.


Step4: Update the “ServiceEventSource.cs” class.  We need a name of Service’s ServiceEventSource is the value of the attribute set for this class.  


Step5:- Instantiate the EventFlow pipeline in our service startup code and start writing the service message.



Deploy the application and confirm all green and no issue with deployment or any dependency issue.


To verify the trace logs, you can log into portal.azure.com > your_application insights > search and refresh (allow few mins to see the data flowing here )


Reference article:-



2017-07-11 Posted by | .NET, Azure Dev, C#, LogCollection, ServiceFabric, VS2017 | | Leave a comment

Quick tip on Service Fabric Remoting service development

Azure Service Fabric needs no introduction. It is our next gen PaaS offering or also called PaaS v2. It’s been used internally for many years, tested and released as SDK for consumption. Some of the well known offerings like Az Sql, Az DocDB, Skype etc runs on Service Fabric. We already see developer community consuming for their production and hearing lot of goodness.

It is free, any one can download the SDK, develop and run from their laptop or own data center or publish to Azure. It works on windows and Linux as well. It has lot of rich features over the previous PaaS offerings (cloud services) so seeing lot of traction from big companies considering for critical application.

This sample is based on this example:-https://azure.microsoft.com/en-us/documentation/articles/service-fabric-reliable-services-communication-remoting/ 

Service side proj settings: Set the platform target as x64 If you want to use reliable collections, reliable actors APIs, failing to have this set throws as binding exception as below.

System.BadImageFormatException was unhandled
  FileName=Microsoft.ServiceFabric.Services, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35
  FusionLog=Assembly manager loaded from:  C:WindowsMicrosoft.NETFrameworkv4.0.30319clr.dll
Running under executable  D:Cases_CoderemotingclienttestbinDebugremotingclienttest.vshost.exe
— A detailed error log follows.






For client side/calling method, I do not see set up related information in detailed here https://azure.microsoft.com/en-us/documentation/articles/service-fabric-reliable-services-communication-remoting/. I found, these 3 dll’ s has to be referred at client side project for consuming service. I simply copied from service side sample packages folder to calling side proj folder.





sample code available – https://1drv.ms/u/s!ApBwDDnGdg5BhNd-KQHtWtaH-sbRcA

2016-11-13 Posted by | .NET, Azure Dev, C#, Microservices, PaaS, ServiceFabric, VS2015 | | Leave a comment

How to list all available VM sizes in a region using .NET (ARM endpoint)

Today, I had a query from a developer asking how to silent authenticate and fetch the list of available VM’s sizes from a particular region using .NET code. They wanted to fetch this detail from their worker role more precisely. They wanted to call the URI as in this article silent authenticated https://msdn.microsoft.com/en-us/library/azure/mt269440.aspx

Method Request URI
GET https://management.azure.com/subscriptions/{subscription-id}/providers/Microsoft.Compute/locations/{location}/vmSizes?api-version={api-version}

On first sight, I thought this as an RDFE endpoint(older portal/SMAPI), but on closer look this turned to be an ARM end point.

How to identify the url is an RDFE/ARM endpoint?

Please note, for RDFE end point we may have to either use certificate based or native client way of authentication.

Since this is an ARM endpoint, we need to follow the service principal way to get the bearer token which is needed for the URI GET call’s.


Perform the following action one by one carefully as in this URL –  https://azure.microsoft.com/en-us/documentation/articles/resource-group-create-service-principal-portal/

  1. Create an Active Directory application
  2. Get client id and authentication key
  3. Get tenant id
  4. Set delegated permissions
  5. Assign application to role


using System;
using System.IO;
using System.Net;
using Microsoft.IdentityModel.Clients.ActiveDirectory;

namespace ConsoleApplication1
class Program
static void Main(string[] args)

            var context = new AuthenticationContext(“https://login.microsoftonline.com/+ “your_tenantid”);
ClientCredential credential = new ClientCredential(“your_client_ID”, “your_client_secret”);
AuthenticationResult result = context.AcquireToken(“
https://management.azure.com/”, credential);
var token = result.CreateAuthorizationHeader().Substring(“Bearer “.Length);

            string uri = @”https://management.azure.com/subscriptions/<your_subscription_Id>/providers/Microsoft.Compute/locations/Southeast Asia/vmSizes?api-version=2015-05-01-preview”;
HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(uri);
request.Headers.Add(“Authorization:Bearer ” + token);
var response = request.GetResponse().GetResponseStream();
var output = new StreamReader(response).ReadToEnd();


P.s:- I have used Adal to avoid async complexities.

on executing,


2016-10-19 Posted by | .NET, AAD, ARM, Azure, Azure Dev, C#, PaaS | | 1 Comment

How can I set a message to deadlettered – Service Bus

Today one of my colleague had an interesting problem in setting the SB Queue message as dead letter message. There are ton of sample around how to create DeadLetterQueue(DLQ) or move or read a DLQ message. But did not get a clear picture or documentation around “how one can set the message as Deadlettered through code”. As you know, messages would get automatically moved to DLQ after ‘n’ retry attempt or expiry but in this case he wanted to move it intentionally after some condition in code. For an example, when you see a body contains some text or invalid business code then I wanted to mark it as DeadLetter so that my other piece of code would drink it with recovery logic.

As usual, we started looking at our official documentation, Github pages, SB Explorer, internal discussion alias – there is lot of noise and confusion around in calling Receive/Defer/Deadletter but none gave a closest hint about marking a message as Deadletter. Spent almost couple of hours figuring out this 5 line of code Sad smile more importantly function call “order”. Failing to have this in order would give you hair pulling exception. So focus follow the “order”, say should mark it as Defer() before Receive() and then finally DeadLetter().

Microsoft.ServiceBus.Messaging.MessageNotFoundException was unhandled
  HResult=-2146233088 IsTransient=false
  Message=Failed to lock one or more specified messages. The message does not exist. TrackingId:2d6fb843-0bd8-4b73-9fc0-8f9bffe98ca7_G0_B0, SystemTracker:xxxxxx:QueueXXX, Timestamp:9/2/2016 7:34:42 PM


//Sample code to receive a message with sequence number and then Deadletter

using Microsoft.ServiceBus.Messaging;

static void Main(string[] args)


var queue = QueueClient.CreateFromConnectionString(“Endpoint=sb://xxx.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=xxxx=”, “queuename”, ReceiveMode.PeekLock);

           BrokeredMessage msg = queue.Receive();


            msg = queue.Receive(msg.SequenceNumber);



Let me know if you think there is a better way than this.

good weekend !

2016-09-03 Posted by | .NET, Azure Dev, PaaS, ServiceBus | | Leave a comment

%d bloggers like this: