- Use Azure Bastion as a jump host for RDP and SSH - Tue, Apr 18 2023
- Azure Virtual Desktop: Getting started - Fri, Apr 14 2023
- Understanding Azure service accounts - Fri, Mar 31 2023
Kudu (pronounced KOO-doo) is an open-source project that was originally designed to support Git source code control and WebJobs for Azure App Service web applications. Over the years, Kudu has expanded in its reach. In fact, you can even attach a Kudu instance to a non-Azure web app!
Accessing the Kudu service site
Frankly, I'm not sure why the Azure team doesn't make Kudu more obvious in the Azure Resource Management (ARM) portal. One method to access it is to go to Tools on your web app's main portal page, select Kudu from the menu, and then click Go. I show you this method in the following screenshot:
Another, more direct method is to modify your web app's URL. Specifically, you should insert the site control manager (scm) token into the URL, as shown below:
For mobile services, the URL format to access Kudu is the following:
If you've mapped your own public DNS name to your web app, then you'll still need to use the original *.azurewebsites.net DNS name to access Kudu.
Kudu console general navigation
The following composite screenshot shows my Azure web app's Kudu dashboard with the Debug console and Tools menus simultaneously exposed:
The Environment page gives Azure web site administrators several pieces of valuable information:
- App settings
- Connection strings
- Environment variables
- Runtime versions
- Server variables
- HTTP headers
This data is enormously helpful to have, especially when you recall that Azure web apps use a platform-as-a-service (PaaS) model in which we have limited direct control of the underlying Hyper-V virtual machine(s).
Of course, that data (especially raw connection strings) is sensitive, so it makes sense that you have to authenticate yourself as an Azure administrator before you can access the Kudu console.
Let's review some other useful Kudu-based web app administrative tasks.
Retrieve diagnostic dump data
Azure PaaS web apps run on Windows Server VMs and Internet Information Services (IIS). As you know, IIS offers verbose logging options. In Kudu, fetch the diagnostic logs by clicking Tools > Diagnostic Dump. This action yields a .zip file that contains the log data, current to their generation time.
If you'd prefer to see live log data, click Tools > Log stream. I show you the output from my Azure web app below:
View running processes
Click Process Explorer on the Kudu top navigation bar to see a stripped-down, web-based version of Windows Task Manager. This is a read-only view of your PaaS VM's running processes. It is mainly useful to see if any, and which, processes consume too many resources in your web app.
Launch a diagnostic console
It's admittedly pretty cool to obtain a web-based cmd.exe or PowerShell.exe console from within a web browser. Because we don't have full-stack access to the underlying VM the same way we do with the Azure infrastructure-as-a-service (IaaS) scenario, I enjoy being able to view and modify data with PowerShell.
As you can see in the below screenshot, I have over 3,000 cmdlets available to me. (It must be said that Azure restricts many of them through the Kudu endpoint.)
Many Azure administrators are familiar with virtual machine extensions. For instance, you can use the Azure Portal, Windows PowerShell, or Azure Command-Line Interface (CLI) to add functionality to your virtual machines, including but not limited to the following:
- Desired State Configuration (DSC) configurations
- Various agents (antimalware, configuration management, monitoring, etc.)
- Backup automation
What I've found that not as many Azure administrators know is that you can do the same thing for your Azure App Service web applications. From Kudu, click Site Extensions, and you can browse its gallery, as shown here:
Notice the three buttons that accompany each extension:
- Plus: Install the extension.
- Info: Read metadata about the extension, including a link to the project's home page.
- X: Uninstall the extension.
As an example, I find it annoying that Azure App Service refuses to enforce HTTPS connections to hosted web apps. You normally have to add a URL rewrite rule to your ASP.NET web app's web.config file. But what if you host a Python web app?
I found and installed the Redirect HTTP to HTTPS extension from the gallery. After restarting my site, I see that the extension appears on my Installed page in the Kudu Site Extensions gallery. More importantly, my web app now properly enforces secure connections!
REST API endpoints
The Kudu dashboard has a REST API section that lists various service data endpoints for your web app. For instance, if I submit the following URL, I'll get back a JSON-formatted results list of all my app settings:
Again, this is a neat programmatic method for retrieving your web app's data and metadata.
Here’s a tip. If you use the Google Chrome browser, install the JSONView extension to see the JSON data in a much more meaningful format. For instance, in the below screenshot, the raw JSON output appears above, and the extension-formatted output below.
Subscribe to 4sysops newsletter!
Want to write for 4sysops? We are looking for new authors.