Azure
Our integration with Azure provides the ability to export your Azure resources to Port, according to your configuration. After the initial import of data, the integration will also listen to live events from Azure to update data inside Port in real time.
Our integration with Azure supports real-time event processing, this allows for an accurate real-time representation of your Azure infrastructure inside Port.
Port's Azure exporter is open source, view the source code here.
💡 Azure integration common use cases​
Our Azure integration makes it easy to fill the software catalog with data directly from your Azure subscription, for example:
- Map all the resources in your Azure subscription, including AKS, Storage Accounts, Container Apps, Load Balancers and other Azure objects;
- Watch for Azure object changes (create/update/delete) in real-time, and automatically apply the changes to your entities in Port;
- Use relations to create complete, easily digestible views of your Azure infrastructure inside Port.
Installation​
To install Port's Azure exporter, follow the installation guide.
How it works​
Port's Azure exporter can retrieve all the resources supported by the Azure API, and export them to Port as entities of existing blueprints.
The Azure exporter allows you to perform extract, transform, load (ETL) on data from the Azure API into the desired software catalog data model.
The exporter is deployed using an Azure Container App that is deployed to your Azure subscription.
The Azure exporter uses a YAML configuration to describe the ETL process to load data into the developer portal. The approach reflects a middle-ground between an overly opinionated Azure visualization that might not work for everyone and a too-broad approach that could introduce unneeded complexity into the developer portal.
Here is an example snippet from the config which demonstrates the ETL process for getting Container App data from Azure and into the software catalog:
resources:
# Extract
- kind: Microsoft.App/containerApps
selector:
query: "true" # JQ boolean query. If evaluated to false - skip syncing the object.
apiVersion: "2023-05-01" # Azure API version to use to fetch the resource
port:
entity:
mappings:
# Transform & Load
identifier: '.id | split("/") | .[3] |= ascii_downcase |.[4] |= ascii_downcase | join("/")' # lowercase only the resourceGroups namespace and name to align how azure API returns the resource group reference
title: .name
blueprint: '"azureContainerApp"'
properties:
location: .location
provisioningState: .properties.provisioningState
outboundIpAddresses: .properties.outboundIpAddresses
externalIngress: .properties.configuration.ingress.external
hostName: .properties.configuration.ingress.fqdn
minReplicas: .properties.template.scale.minReplicas
maxReplicas: .properties.template.scale.maxReplicas
relations:
resourceGroup: '.id | split("/") | .[3] |= ascii_downcase |.[4] |= ascii_downcase | .[:5] |join("/")'
The integration makes use of the JQ JSON processor to select, modify, concatenate, transform and perform other operations on existing fields and values from Azure's API events.
The integration configuration structure​
The integration configuration is a YAML file that describes the ETL process to load data into the developer portal.
-
The
resourcessection describes the Azure resources to be ingested into Port.resources:
- kind: Microsoft.App/containerApps
selector:
... -
The
kindfield describes the Azure resource type to be ingested into Port. Thekindfield should be set to the Azure resource type as it appears in the resource guide. e.g. The resource type for theContainer Appcould be found here as well with the resource object structure.resources:
- kind: Microsoft.App/containerApps
selector:
... -
The
selectorfield describes the Azure resource selection criteria.resources:
- kind: Microsoft.App/containerApps
selector:
query: "true" # JQ boolean query. If evaluated to false - skip syncing the object.
apiVersion: "2023-05-01" # Azure API version to use to fetch the resource- The
queryfield is a JQ boolean query, if evaluated tofalse- the resource will be skipped. Example use case - skip syncing resources that are not in a specific region.query: .location == "eastus2" - The
apiVersionfield is the Azure API version to use to fetch the resource. This field is required for all resources. You can find the API version for each resource in the Azure Resources reference. For example, the supported API versions for thecontainerAppsresource was found in the Container App Changelog.apiVersion: "2023-05-01"
- The
-
The
portfield describes the Port entity to be created from the Azure resource.resources:
- kind: Microsoft.App/containerApps
selector:
query: "true" # JQ boolean query. If evaluated to false - skip syncing the object.
apiVersion: "2023-05-01" # Azure API version to use to fetch the resource
port:
entity:
mappings:
identifier: .id
title: .name
blueprint: '"azureContainerApp"'
properties:
location: .location
provisioningState: .properties.provisioningState
outboundIpAddresses: .properties.outboundIpAddresses
externalIngress: .properties.configuration.ingress.external
hostName: .properties.configuration.ingress.fqdn
minReplicas: .properties.template.scale.minReplicas
maxReplicas: .properties.template.scale.maxReplicas
relations:
resourceGroup: '.id | split("/") | .[3] |= ascii_downcase |.[4] |= ascii_downcase | .[:5] |join("/")'- The
entityfield describes the Port entity to be created from the Azure resource.resources:
- kind: Microsoft.App/containerApps
selector:
query: "true" # JQ boolean query. If evaluated to false - skip syncing the object.
apiVersion: "2023-05-01" # Azure API version to use to fetch the resource
port:
entity:
mappings:
identifier: .id
title: .name
blueprint: '"azureContainerApp"'
properties:
location: .location
provisioningState: .properties.provisioningState
outboundIpAddresses: .properties.outboundIpAddresses
externalIngress: .properties.configuration.ingress.external
hostName: .properties.configuration.ingress.fqdn
minReplicas: .properties.template.scale.minReplicas
maxReplicas: .properties.template.scale.maxReplicas
relations:
resourceGroup: '.id | split("/") | .[3] |= ascii_downcase |.[4] |= ascii_downcase | .[:5] |join("/")'
- The
Authorization​
The exporter will need to have access to your Azure subscription in order to export your resources to Port. This is done by assigning a user-assigned identity to the exporter, and granting that identity the required permissions to your Azure subscription.
As part of the installation process, you will need to define the permissions that the exporter will have to your Azure subscription. This will be defined by specifying the actions that the exporter will be allowed to perform on your Azure subscription.
Here is an example of action permissions that could be assigned to the exporter:
action_permissions_list = [
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/resources/read",
"Microsoft.app/containerapps/read",
"Microsoft.Storage/storageAccounts/*/read",
"Microsoft.ContainerService/managedClusters/read",
"Microsoft.Network/loadBalancers/read",
To find more actions that could be assigned to the exporter, you can use the Azure Resource provider operation reference and look for the resources that you want to export to Port.
Getting started​
Continue to the installation guide to learn how to install the Azure exporter.