If you are using GitPod for the project exercise (i.e. you cannot use your local machine) then you'll want to launch a VM using the following link. Note this VM comes pre-setup with Python & Poetry pre-installed.
The project uses poetry for Python to create an isolated environment and manage package dependencies. To prepare your system, ensure you have an official distribution of Python version 3.8+ and install Poetry using one of the following commands (as instructed by the poetry documentation):
curl -sSL https://install.python-poetry.org | python3 -(Invoke-WebRequest -Uri https://install.python-poetry.org -UseBasicParsing).Content | py -You can check poetry is installed by running poetry --version from a terminal.
Please note that after installing poetry you may need to restart VSCode and any terminals you are running before poetry will be recognised.
The project uses a virtual environment to isolate package dependencies. To create the virtual environment and install required packages, run the following from your preferred shell:
$ poetry installYou'll also need to clone a new .env file from the .env.template to store local configuration options.
This is a one-time operation on first setup:
$ cp .env.template .env # (first time only)The .env file is used by flask to set environment variables when running flask run.
This enables things like development mode (which also enables features like hot reloading when you make a file change).
The .env file also includes environment variables required to connect to a mongodb instance.
This variable has deliberately been left blank in the .env.template file.
Once all the dependencies have been installed, start the Flask app in development mode within the Poetry environment by running:
$ poetry run flask runYou should see output similar to the following:
* Serving Flask app 'todo_app/app'
* Debug mode: on
WARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead.
* Running on http://127.0.0.1:5000
Press CTRL+C to quit
* Restarting with stat
* Debugger is active!
* Debugger PIN: 113-666-066Now visit http://localhost:5000/ in your web browser to view the app.
The project uses pytest to run tests. To run the tests, run the following from your preferred shell:
$ poetry run pytest- SSH into the control node
- Copy the
ansibledirectory to the control node - Replace the IP address in the
inventoryfile with the IP address(es) of the managed VM(s) - Create a file
ansible-pw.txtcontaining the vault password - Run the following command in the
ansibledirectory, to provision the VM:$ ansible-playbook playbook.yml -i inventory --vault-password-file ansible-pw.txt
The ansible configs contained in this repo contain the encrypted env values required to run the app.
These values can be seen in the ansible/vars/env.yml file.
The values are individually encrypted using ansible-vault and added to the file.
To generate a new encrypted value or to replace one of the provided values:
$ ansible-vault encrypt_string --vault-password-file your_password_file --name '<key_name>'then enter the value you want to encrypt when prompted.
Run the project with mounting:
docker build --target development --tag todo-app:dev .
docker run -dit \
--name todo-app-dev \
-p 8000:8000 \
--env-file .env \
--mount type=bind,source="$(pwd)/todo_app",target=/app/todo_app,readonly \
todo-app:devRun tests:
docker build --target test --tag todo-app:test .
docker run -it \
--env-file .env.test \
todo-app:testRun the project in production environment:
docker build --target production --tag todo-app:prod .
docker run -dit \
--name todo-app-prod \
-p 8000:8000 \
--env-file .env \
todo-app:prod- Logging into DockerHub locally, with
docker login - Building the image, with
docker build --target production --tag <user_name>/todo-app:prod . - Pushing the image, with
docker push <user_name>/todo_app:prod
- Follow this tutorial to set up a storage account
- Update the following values in
main.tf:resource_group_name(there are multiple instances)storage_account_namecontainer_namesubscription_iddocker_image_name
- Run
terraform init - Run
terraform apply
When the image is updated and pushed to DockerHub, run curl -x POST '<webhook>'.
The webhook URL can be found under Deployment Center on the app service's page in the Azure portal
We are enforcing HTTPS with Azure App service.
Azure Cosmos DB is encrypted at rest and in transport. See https://learn.microsoft.com/en-us/azure/cosmos-db/database-encryption-at-rest for more details.
Minimum level of shown logs can be configured by the LOG_LEVEL env var.
Populate the LOGGLY_TOKEN env var for logs to be sent to Loggly.