Using “Kudu” to Manage Azure Web Apps

Introduction

We discussed about creating a web app on Azure using Visual Studio here and through eclipse here. In this blog, we’ll go through Kudu – a managing & monitoring service available for every App Service on Azure.

Web Apps Dashboard on Azure

Once Web App is created successfully, we can see Web App management dashboard as below.

Fig. 1: Web App Dashboard

It will list down App URL, App Service Plan & FTP Server Details. Azure will deploy the binaries to the server and provide very limited access for updating the binaries and log files through FTP.

Web Apps Management & Troubleshooting through “Kudu”

Every Azure Web App includes a “hidden” or “background “service site called Kudu.  It is useful for capturing memory dumps, looking at deployment logs, viewing configuration parameters and much more.

We can access the Kudu service through the portal by navigating to Web App dashboard > Advanced Tools > Click on Go.

Fig. 2: Kudu Access through Azure Portal

Another, more direct method is to modify your web app’s URL. Specifically, you should insert the site control manager (“scm”) token into the URL, as shown below:

https://mywebappname.scm.azurewebsites.net

For mobile services, the URL format to access Kudu is the following:

https://mywebappname.scm.azure-mobile.net

If you’ve mapped your own public DNS name to your web app, then you’ll still need to use the original *.azurewebsites.net DNS name to access Kudu.

Kudu console General Navigation

Following screenshot shows Azure web app’s Kudu dashboard with the Debug console and Tools menus simultaneously exposed.

Fig. 3: Kudu Dashboard

The Environment page gives Azure web site administrators several pieces of valuable information:

  • App settings
  • Connection strings
  • Environment variables
  • Runtime versions
  • Server variables
  • HTTP headers

This data is enormously helpful to have, especially when you recall that Azure web apps use a platform-as-a-service (PaaS) model in which we have limited direct control of the underlying Hyper-V virtual machine(s).

Of course, that data (especially raw connection strings) is sensitive, so accessing the kudu console requires authenticating yourself as an Azure administrator.

Let’s review some other useful Kudu-based web app administrative tasks.

Retrieve Diagnostic Dump

Azure PaaS web apps run on Windows Server VMs and Internet Information Services (IIS). As you know, IIS offers verbose logging options. In Kudu, fetch the diagnostic logs by clicking Tools > Diagnostic Dump. This action yields a .zip file that contains the log data, current to their generation time.

View running processes

Click Process Explorer on the Kudu top navigation bar to see a stripped-down, web-based version of Windows Task Manager. This is a read-only view of your PaaS VM’s running processes. It is mainly useful to see if any, and which, processes consume too many resources in your web app.

Launch a Debug console

Kudu provides powerful command line access for monitoring logs and various folders under our VM. Because we don’t have full-stack access to the underlying VM the same way we do with the Azure infrastructure-as-a-service (IaaS) scenario, we can use diagnostic console to view and modify data with PowerShell & CMD.

Fig. 4: Kudu Debug Console
Site extensions

Site extensions are the utilities provided by Azure for Web Apps. Those can be viewed and managed through Kudu’s Site Extension tab. Best example of such utility is “Application Insights”. It provides complete monitoring of the deployed Web App. Additional Extensions could be browsed through Gallery.

REST API endpoints

The Kudu dashboard has a REST API section that lists various service data endpoints for your web app. For instance, I can use below REST API endpoint to update war file for my Java Web Application.

https://todoappjava-teststaging.scm.azurewebsites.net/api/wardeploy

Connect Kudu to specific instance of the App

Kudu site always connects to a single instance even though the Web App is deployed on multiple instances. E.g. If the site is hosted in an App Service plan which is scaled out to 3 instances, then at any time the KUDU will always connects to one instance only. However, there’s way to access Kudu for specific instance using ARRAffinity cookie.

The ARRAffinity cookie is unique and bounds to an instance. If there are multiple instances, then there will be ARRAffinity cookie corresponding to those many instances. So we can modify the ARRAffinity cookie in the HTTP response and force KUDU to connect to a specific instance, provided the cookie is enabled in Web App settings.

Conclusion

We have explored various capabilities of Kudu Service for managing and monitoring Web App in Azure App Service. Keep following our blog series where we will further explore various features of Azure Web Apps like Authentication, Deployment Slots, and A/B Testing etc.