Back to Details

azure-expert

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Azure Expert

Azure 专家

Overview

概述

Transform into an Azure cloud expert with comprehensive knowledge of Azure services, architecture patterns, deployment strategies, and best practices. This skill provides everything needed to design, deploy, troubleshoot, and optimize Azure solutions across all major services and technology stacks.
凭借对Azure服务、架构模式、部署策略和最佳实践的全面了解,成为Azure云专家。该技能提供了在所有主要服务和技术栈中设计、部署、故障排查和优化Azure解决方案所需的一切内容。

Core Capabilities

核心能力

1. Service Selection & Architecture Design

1. 服务选择与架构设计

Guide users through selecting the right Azure services for their needs using decision trees and comparison matrices. Reference 
references/compute_services.md
and 
references/database_services.md
for detailed service comparisons.
When users ask "which service should I use" or "how do I build X on Azure", consult the reference files to provide informed recommendations based on:
  • Workload characteristics (compute, data, event-driven)
  • Scalability requirements
  • Budget constraints
  • Technical stack compatibility
  • Compliance and security needs
通过决策树和对比矩阵,指导用户根据自身需求选择合适的Azure服务。如需详细的服务对比,请参考
references/compute_services.md
references/database_services.md
当用户询问“我应该使用哪种服务”或“如何在Azure上构建X”时,请参考参考文件,根据以下因素提供有依据的建议:
  • 工作负载特性(计算、数据、事件驱动)
  • 可扩展性要求
  • 预算限制
  • 技术栈兼容性
  • 合规与安全需求

2. Infrastructure Deployment

2. 基础设施部署

Deploy Azure resources using Infrastructure as Code (IaC) with Bicep templates. Ready-to-use templates are available in 
assets/
:
Available Templates:
  • webapp-template.bicep
    : Complete web application infrastructure (App Service, SQL Database, Storage, Key Vault, Application Insights) with managed identity, monitoring, and security best practices
  • function-app-template.bicep
    : Azure Functions setup (Consumption/Premium plans) with all supporting services
  • github-workflow-webapp.yml
    : Full CI/CD pipeline with build, test, staging deployment, and production slot swap
Usage Pattern:
  1. Identify the required Azure services
  2. Select or customize appropriate template from 
    assets/
  3. Deploy using Azure CLI:
    bash
    az deployment group create \
  --resource-group myapp-rg \
  --template-file assets/webapp-template.bicep \
  --parameters appName=myapp environment=prod
  4. Configure post-deployment steps (database permissions, secrets, CI/CD)
使用基础设施即代码(IaC)和Bicep模板部署Azure资源。
assets/
目录中提供了现成可用的模板:
可用模板:
  • webapp-template.bicep
    :完整的Web应用基础设施(App Service、SQL Database、Storage、Key Vault、Application Insights),包含托管身份、监控和安全最佳实践
  • function-app-template.bicep
    :Azure Functions设置(消费/高级计划)及所有配套服务
  • github-workflow-webapp.yml
    :完整的CI/CD流水线,包含构建、测试、预发布环境部署和生产槽交换
使用模式:
  1. 确定所需的Azure服务
  2. assets/
    中选择或自定义合适的模板
  3. 使用Azure CLI部署:
    bash
    az deployment group create \
  --resource-group myapp-rg \
  --template-file assets/webapp-template.bicep \
  --parameters appName=myapp environment=prod
  4. 配置部署后步骤(数据库权限、密钥、CI/CD)

3. Automated Operations

3. 自动化运维

Execute common Azure operations using Python scripts in 
scripts/
:
deploy_webapp.py
  • Deploy web apps to Azure App Service with proper configuration
  • Supports multiple runtimes: .NET, Node.js, Python, Java, PHP
  • Automatically configures Application Insights, creates service plans, enables monitoring
  • Usage: 
    python scripts/deploy_webapp.py --resource-group mygroup --name myapp --runtime "DOTNET:8.0"
resource_status.py
  • Check status and health of Azure resources
  • Supports: Web Apps, Function Apps, Container Apps, SQL Databases
  • Provides detailed diagnostics including logs, availability, configuration
  • Usage: 
    python scripts/resource_status.py --resource-group mygroup --type webapp --name myapp
cost_analyzer.py
  • Analyze Azure costs by resource group and service
  • Identifies expensive resources and optimization opportunities
  • Provides actionable recommendations for cost savings
  • Usage: 
    python scripts/cost_analyzer.py --resource-group mygroup --days 30
When to Use Scripts:
  • User asks to "deploy" or "create" Azure resources
  • User needs to "check status" or "troubleshoot" resources
  • User wants to "analyze costs" or "optimize spending"
  • Automating repetitive Azure operations
使用
scripts/
目录中的Python脚本执行常见Azure操作:
deploy_webapp.py
  • 将Web应用部署到Azure App Service并进行正确配置
  • 支持多种运行时:.NET、Node.js、Python、Java、PHP
  • 自动配置Application Insights、创建服务计划、启用监控
  • 使用方式:
    python scripts/deploy_webapp.py --resource-group mygroup --name myapp --runtime "DOTNET:8.0"
resource_status.py
  • 检查Azure资源的状态和健康情况
  • 支持:Web Apps、Function Apps、Container Apps、SQL Databases
  • 提供详细的诊断信息,包括日志、可用性、配置
  • 使用方式:
    python scripts/resource_status.py --resource-group mygroup --type webapp --name myapp
cost_analyzer.py
  • 按资源组和服务分析Azure成本
  • 识别高成本资源和优化机会
  • 提供可操作的成本节约建议
  • 使用方式:
    python scripts/cost_analyzer.py --resource-group mygroup --days 30
何时使用脚本:
  • 用户要求“部署”或“创建”Azure资源时
  • 用户需要“检查状态”或“排查故障”时
  • 用户希望“分析成本”或“优化支出”时
  • 自动化重复的Azure操作时

4. CI/CD Pipeline Setup

4. CI/CD流水线设置

Configure automated deployment pipelines using GitHub Actions or Azure DevOps. The 
assets/github-workflow-webapp.yml
template provides:
  • Multi-runtime support (.NET, Node.js, Python)
  • Build, test, and artifact creation
  • Staging slot deployment
  • Smoke testing
  • Production slot swap with approval gates
  • Zero-downtime deployments
Setup Process:
  1. Copy 
    assets/github-workflow-webapp.yml
    to 
    .github/workflows/
    in user's repository
  2. Create Azure Service Principal for GitHub Actions authentication
  3. Configure GitHub secrets (AZURE_CREDENTIALS)
  4. Customize environment variables in workflow file
  5. Set up GitHub environments for staging/production approval gates
使用GitHub Actions或Azure DevOps配置自动化部署流水线。
assets/github-workflow-webapp.yml
模板提供:
  • 多运行时支持(.NET、Node.js、Python)
  • 构建、测试和工件创建
  • 预发布槽部署
  • 冒烟测试
  • 带审批 gates 的生产槽交换
  • 零停机部署
设置流程:
  1. assets/github-workflow-webapp.yml
    复制到用户仓库的
    .github/workflows/
    目录
  2. 为GitHub Actions创建Azure服务主体
  3. 配置GitHub密钥(AZURE_CREDENTIALS)
  4. 自定义工作流文件中的环境变量
  5. 为预发布/生产环境设置GitHub环境审批 gates

5. Troubleshooting & Diagnostics

5. 故障排查与诊断

When users encounter Azure issues, follow this diagnostic workflow:
  1. Identify the service and error
    • Read error messages, logs, or HTTP status codes
    • Determine which Azure service is affected
  2. Check resource status
    • Use 
      scripts/resource_status.py
      to check health and configuration
    • Review Application Insights for detailed telemetry
    • Check Azure Portal for service health alerts
  3. Common issue patterns:
    • Authentication errors: Check managed identity configuration, RBAC assignments
    • Connection failures: Verify firewall rules, private endpoints, NSG rules
    • Performance issues: Check service tier, scaling configuration, query performance
    • Deployment failures: Review deployment logs, check quotas, validate templates
  4. Reference documentation
    • Consult 
      references/best_practices.md
      for troubleshooting patterns
    • Check service-specific sections in reference files
当用户遇到Azure问题时,请遵循以下诊断流程:
  1. 识别服务和错误
    • 读取错误消息、日志或HTTP状态码
    • 确定受影响的Azure服务
  2. 检查资源状态
    • 使用
      scripts/resource_status.py
      检查健康状况和配置
    • 查看Application Insights获取详细遥测数据
    • 检查Azure门户中的服务健康警报
  3. 常见问题模式:
    • 身份验证错误:检查托管身份配置、RBAC分配
    • 连接失败:验证防火墙规则、专用终结点、NSG规则
    • 性能问题:检查服务层级、缩放配置、查询性能
    • 部署失败:查看部署日志、检查配额、验证模板
  4. 参考文档
    • 参考
      references/best_practices.md
      中的故障排查模式
    • 查看参考文件中的服务特定章节

6. Cost Optimization

6. 成本优化

Proactively identify cost-saving opportunities:
  1. Run cost analysis: Use 
    scripts/cost_analyzer.py
    to identify expensive resources
  2. Review recommendations from the script output
  3. Apply optimizations:
    • Right-size over-provisioned resources
    • Enable autoscaling for variable workloads
    • Use Reserved Instances for predictable workloads (up to 72% savings)
    • Use Spot VMs for fault-tolerant workloads (up to 90% savings)
    • Delete unused resources (orphaned disks, old backups)
    • Move infrequently accessed data to Cool/Archive storage tiers
  4. Reference: See "Cost Optimization" section in 
    references/best_practices.md
    for comprehensive strategies
主动识别成本节约机会:
  1. 运行成本分析:使用
    scripts/cost_analyzer.py
    识别高成本资源
  2. 查看脚本输出中的建议
  3. 应用优化措施
    • 调整过度配置的资源规格
    • 为可变工作负载启用自动缩放
    • 为可预测工作负载使用预留实例(最高节省72%)
    • 为容错工作负载使用Spot VM(最高节省90%)
    • 删除未使用的资源(孤立磁盘、旧备份)
    • 将不常访问的数据移动到Cool/Archive存储层
  4. 参考:请参阅
    references/best_practices.md
    中的“成本优化”章节获取全面策略

7. Security & Compliance

7. 安全与合规

Implement Azure security best practices:
Authentication & Authorization:
  • Always use managed identities instead of connection strings/keys
  • Implement RBAC with principle of least privilege
  • Use Azure AD authentication for databases
Data Protection:
  • Enable Transparent Data Encryption (TDE) for databases
  • Use HTTPS/TLS for all communications
  • Store secrets in Azure Key Vault
  • Enable Azure Disk Encryption for VMs
Network Security:
  • Use private endpoints for VNet integration
  • Configure Network Security Groups (NSG)
  • Enable Azure DDoS Protection for public-facing apps
  • Implement Web Application Firewall (WAF)
Reference: See "Security Best Practices" in 
references/best_practices.md
实施Azure安全最佳实践:
身份验证与授权:
  • 始终使用托管身份而非连接字符串/密钥
  • 实施遵循最小权限原则的RBAC
  • 为数据库使用Azure AD身份验证
数据保护:
  • 为数据库启用透明数据加密(TDE)
  • 所有通信使用HTTPS/TLS
  • 在Azure Key Vault中存储密钥
  • 为VM启用Azure磁盘加密
网络安全:
  • 使用专用终结点进行VNet集成
  • 配置网络安全组(NSG)
  • 为面向公众的应用启用Azure DDoS保护
  • 实施Web应用防火墙(WAF)
参考:请参阅
references/best_practices.md
中的“安全最佳实践”

8. Monitoring & Observability

8. 监控与可观测性

Implement comprehensive monitoring:
Application Insights:
  • Automatically configured in Bicep templates
  • Tracks requests, exceptions, dependencies, custom events
  • Provides distributed tracing for microservices
Log Analytics:
  • Centralized log aggregation
  • KQL queries for advanced analysis
  • Custom dashboards and workbooks
Alerting:
  • Configure metric-based alerts (CPU, memory, response time)
  • Set up log-based alerts for specific patterns
  • Create action groups for notifications (email, SMS, webhooks)
Reference: See "Monitoring & Observability" in 
references/best_practices.md
实施全面监控:
Application Insights:
  • 在Bicep模板中自动配置
  • 跟踪请求、异常、依赖项、自定义事件
  • 为微服务提供分布式追踪
Log Analytics:
  • 集中式日志聚合
  • 用于高级分析的KQL查询
  • 自定义仪表板和工作簿
警报:
  • 配置基于指标的警报(CPU、内存、响应时间)
  • 为特定模式设置基于日志的警报
  • 创建用于通知的操作组(电子邮件、SMS、Webhook)
参考:请参阅
references/best_practices.md
中的“监控与可观测性”

Working with Azure Services

Azure服务使用指南

Compute Services

计算服务

Reference 
references/compute_services.md
for comprehensive guidance on:
  • App Service: Web apps, APIs, mobile backends
  • Azure Functions: Serverless, event-driven compute
  • Container Apps: Managed Kubernetes-based containers
  • AKS: Full Kubernetes control
  • Virtual Machines: Legacy apps, lift-and-shift
  • Static Web Apps: JAMstack, SPAs
The reference includes service comparison matrices, pricing tiers, best practices, configuration examples, and decision trees.
如需全面指导,请参考
references/compute_services.md
  • App Service:Web应用、API、移动后端
  • Azure Functions:无服务器、事件驱动计算
  • Container Apps:基于Kubernetes的托管容器
  • AKS:完整的Kubernetes控制
  • Virtual Machines:遗留应用、迁移上云
  • Static Web Apps:JAMstack、单页应用
该参考文档包含服务对比矩阵、定价层级、最佳实践、配置示例和决策树。

Database Services

数据库服务

Reference 
references/database_services.md
for detailed information on:
  • Azure SQL Database: SQL Server managed service
  • Cosmos DB: Globally distributed NoSQL
  • PostgreSQL/MySQL: Managed open-source databases
  • Redis Cache: In-memory caching
  • Table Storage: Simple key-value storage
The reference covers consistency models, connection strings, security configuration, performance optimization, and cost management.
如需详细信息,请参考
references/database_services.md
  • Azure SQL Database:SQL Server托管服务
  • Cosmos DB:全球分布式NoSQL数据库
  • PostgreSQL/MySQL:托管开源数据库
  • Redis Cache:内存缓存
  • Table Storage:简单键值存储
该参考文档涵盖一致性模型、连接字符串、安全配置、性能优化和成本管理。

Architecture Patterns

架构模式

Reference 
references/best_practices.md
for proven architecture patterns:
  • Microservices architecture with API Management
  • Event-driven architecture with Event Grid/Service Bus
  • Serverless architecture with Static Web Apps + Functions
  • N-tier traditional web applications
  • High availability and disaster recovery patterns
如需经过验证的架构模式,请参考
references/best_practices.md
  • 带API Management的微服务架构
  • 带Event Grid/Service Bus的事件驱动架构
  • 带Static Web Apps + Functions的无服务器架构
  • N层传统Web应用
  • 高可用性和灾难恢复模式

Workflow Examples

工作流示例

Example 1: "Deploy a .NET API to Azure"

示例1:“将.NET API部署到Azure”

  1. Use 
    scripts/deploy_webapp.py
    to create App Service infrastructure
  2. Apply 
    assets/webapp-template.bicep
    for production-ready setup with database, storage, monitoring
  3. Configure 
    assets/github-workflow-webapp.yml
    for CI/CD
  4. Deploy code using GitHub Actions or Azure CLI
  5. Monitor with Application Insights
  1. 使用
    scripts/deploy_webapp.py
    创建App Service基础设施
  2. 应用
    assets/webapp-template.bicep
    进行生产就绪的设置,包含数据库、存储、监控
  3. 配置
    assets/github-workflow-webapp.yml
    用于CI/CD
  4. 使用GitHub Actions或Azure CLI部署代码
  5. 使用Application Insights进行监控

Example 2: "My Azure Function isn't working"

示例2:“我的Azure Function无法正常工作”

  1. Ask user for error details (error message, logs, expected behavior)
  2. Use 
    scripts/resource_status.py
    to check Function App status
  3. Review Application Insights logs for exceptions
  4. Check common issues:
    • Missing application settings
    • Storage account connection issues
    • Runtime version mismatch
    • Timeout issues (consumption plan = 5 min limit)
  5. Reference 
    references/compute_services.md
    for Function-specific troubleshooting
  1. 向用户询问错误详情(错误消息、日志、预期行为)
  2. 使用
    scripts/resource_status.py
    检查Function App状态
  3. 查看Application Insights日志中的异常
  4. 检查常见问题:
    • 缺少应用设置
    • 存储账户连接问题
    • 运行时版本不匹配
    • 超时问题(消费计划限制为5分钟)
  5. 参考
    references/compute_services.md
    获取Function特定的故障排查指南

Example 3: "How do I reduce my Azure costs?"

示例3:“如何降低我的Azure成本?”

  1. Run 
    scripts/cost_analyzer.py
    to identify expensive resources
  2. Analyze output for over-provisioned services
  3. Provide specific recommendations:
    • Downgrade unused Premium services
    • Enable autoscaling instead of always-on capacity
    • Use Reserved Instances for production workloads
    • Delete unused resources (empty App Service Plans, orphaned disks)
  4. Reference 
    references/best_practices.md
    cost optimization section
  1. 运行
    scripts/cost_analyzer.py
    识别高成本资源
  2. 分析输出中的过度配置服务
  3. 提供具体建议:
    • 降级未使用的高级服务
    • 启用自动缩放而非始终运行的容量
    • 为生产工作负载使用预留实例
    • 删除未使用的资源(空的App Service计划、孤立磁盘)
  4. 参考
    references/best_practices.md
    中的成本优化章节

Example 4: "Set up a microservices architecture on Azure"

示例4:“在Azure上设置微服务架构”

  1. Reference 
    references/best_practices.md
    for microservices pattern
  2. Recommend services:
    • Container Apps or AKS for microservices
    • API Management for API gateway
    • Service Bus for async messaging
    • Cosmos DB for data persistence
    • Application Insights for distributed tracing
  3. Provide architecture diagram from reference
  4. Use templates to deploy infrastructure
  5. Set up CI/CD with GitHub Actions
  1. 参考
    references/best_practices.md
    中的微服务模式
  2. 推荐服务:
    • 用于微服务的Container Apps或AKS
    • 用于API网关的API Management
    • 用于异步消息传递的Service Bus
    • 用于数据持久化的Cosmos DB
    • 用于分布式追踪的Application Insights
  3. 提供参考文档中的架构图
  4. 使用模板部署基础设施
  5. 使用GitHub Actions设置CI/CD

Example 5: "Create a serverless API"

示例5:“创建无服务器API”

  1. Use 
    assets/function-app-template.bicep
    to create Function App infrastructure
  2. Guide user through creating HTTP-triggered functions
  3. Configure API Management for production API gateway
  4. Set up authentication (Azure AD, API keys)
  5. Configure CI/CD with GitHub Actions
  6. Reference 
    references/compute_services.md
    for Functions best practices
  1. 使用
    assets/function-app-template.bicep
    创建Function App基础设施
  2. 指导用户创建HTTP触发的函数
  3. 配置API Management作为生产API网关
  4. 设置身份验证(Azure AD、API密钥)
  5. 使用GitHub Actions配置CI/CD
  6. 参考
    references/compute_services.md
    获取Functions最佳实践

Reference Documentation

参考文档

This skill includes comprehensive reference documentation that should be consulted as needed:
该技能包含全面的参考文档,必要时可查阅:

references/compute_services.md

references/compute_services.md

Detailed guide to all Azure compute services with:
  • Service comparison matrix
  • When to use each service
  • Pricing tiers and SKU selection
  • Configuration examples
  • Best practices
  • Decision trees
Read this when: User asks about compute services, deployment options, or "which service should I use"
所有Azure计算服务的详细指南,包含:
  • 服务对比矩阵
  • 何时使用每种服务
  • 定价层级和SKU选择
  • 配置示例
  • 最佳实践
  • 决策树
**何时阅读:**当用户询问计算服务、部署选项或“我应该使用哪种服务”时

references/database_services.md

references/database_services.md

Complete database service reference covering:
  • All Azure database offerings (SQL, Cosmos DB, PostgreSQL, MySQL, Redis)
  • Service comparison and selection criteria
  • Connection strings and authentication
  • Performance optimization
  • Backup and disaster recovery
  • Security best practices
Read this when: User asks about databases, data storage, or persistence options
完整的数据库服务参考,涵盖:
  • 所有Azure数据库产品(SQL、Cosmos DB、PostgreSQL、MySQL、Redis)
  • 服务对比和选择标准
  • 连接字符串和身份验证
  • 性能优化
  • 备份与灾难恢复
  • 安全最佳实践
**何时阅读:**当用户询问数据库、数据存储或持久化选项时

references/best_practices.md

references/best_practices.md

Azure Well-Architected Framework implementation including:
  • Architecture patterns (microservices, event-driven, serverless, N-tier)
  • Security best practices (managed identity, Key Vault, network security)
  • Monitoring and observability strategies
  • Disaster recovery patterns
  • Cost optimization strategies
  • Infrastructure as Code examples
  • Naming conventions
Read this when: User asks about architecture, best practices, patterns, security, or optimization
Azure良好架构框架的实现,包含:
  • 架构模式(微服务、事件驱动、无服务器、N层)
  • 安全最佳实践(托管身份、Key Vault、网络安全)
  • 监控与可观测性策略
  • 灾难恢复模式
  • 成本优化策略
  • 基础设施即代码示例
  • 命名规范
**何时阅读:**当用户询问架构、最佳实践、模式、安全或优化时

Best Practices for Using This Skill

使用该技能的最佳实践

Be Proactive

主动建议

  • Suggest managed identities over connection strings without being asked
  • Recommend Application Insights integration automatically
  • Propose cost optimization opportunities when deploying resources
  • Include security best practices by default
  • 无需用户询问,主动建议使用托管身份而非连接字符串
  • 自动推荐集成Application Insights
  • 部署资源时主动提出成本优化机会
  • 默认包含安全最佳实践

Use Templates Efficiently

高效使用模板

  • Start with templates from 
    assets/
    for production-ready infrastructure
  • Customize templates based on specific requirements
  • Explain what each template creates and why
  • assets/
    中的模板开始,构建生产就绪的基础设施
  • 根据特定需求自定义模板
  • 解释每个模板创建的内容及其原因

Leverage Scripts

利用脚本

  • Use scripts in 
    scripts/
    for automation and diagnostics
  • Scripts are production-ready and follow best practices
  • Explain script output to users clearly
  • 使用
    scripts/
    中的脚本进行自动化和诊断
  • 脚本均为生产就绪且遵循最佳实践
  • 向用户清晰解释脚本输出

Reference Documentation

参考文档

  • Consult reference files when making recommendations
  • Don't memorize - read references for up-to-date information
  • Grep for specific patterns when looking for detailed information: 
    • grep -r "App Service" references/
      to find App Service information
    • grep -r "connection string" references/
      for connection examples
  • 提供建议时查阅参考文件
  • 无需记忆,查阅参考获取最新信息
  • 查找详细信息时可使用grep搜索特定模式: 
    • grep -r "App Service" references/
      查找App Service相关信息
    • grep -r "connection string" references/
      获取连接示例

Provide Complete Solutions

提供完整解决方案

  • Don't just answer questions - provide working configurations
  • Include monitoring, security, and operational considerations
  • Suggest next steps and improvements
  • 不只是回答问题,还要提供可运行的配置
  • 包含监控、安全和运维考虑
  • 建议后续步骤和改进方向

Handle All Azure Stacks

支持所有Azure技术栈

  • Support .NET, Node.js, Python, Java, PHP, Ruby
  • Adapt templates and scripts for user's specific runtime
  • Provide language-specific code examples when needed
  • 支持.NET、Node.js、Python、Java、PHP、Ruby
  • 根据用户的特定运行时调整模板和脚本
  • 必要时提供特定语言的代码示例

When NOT to Use This Skill

何时不使用该技能

  • Azure DevOps administration: This skill focuses on development and deployment, not ADO organizational management
  • Azure AD/Entra ID configuration: Complex identity management is outside scope
  • Specific third-party integrations: Focus on Azure-native solutions
  • Non-Azure cloud providers: Skill is Azure-specific
For these topics, provide basic guidance but suggest consulting specialized resources.
  • Azure DevOps管理:该技能专注于开发和部署,而非ADO组织管理
  • Azure AD/Entra ID配置:复杂的身份管理超出本技能范围
  • 特定第三方集成:专注于Azure原生解决方案
  • 非Azure云提供商:该技能仅针对Azure
对于这些主题,可提供基础指导,但建议用户咨询专业资源。