-
Notifications
You must be signed in to change notification settings - Fork 0
oreakinodidi98/petstore
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
## Azure opet store ### Architecture refrence  ## 0.Setup enviroment - Create RG - create App service:[azurerm_linux_web_app](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_web_app) - create App service Plan:[azurerm_service_plan](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/service_plan) - Create web app slot: [azurerm_linux_web_app_slot](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_web_app_slot) - Create ACR: [azurerm_container_registry](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/container_registry) - Create AKS: [azurerm_kubernetes_cluster](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster) - Create user managed identity: [azurerm_user_assigned_identity](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity) - create role assighnments:[azurerm_role_assignment](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) - create log analytic workspace: [azurerm_log_analytics_workspace](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_workspace) - create log analytic solutions: [azurerm_log_analytics_solution](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_solution) - create application insight: [azurerm_application_insights](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/application_insights) - create monitor action group: [azurerm_monitor_action_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_action_group) - create monitor action allert: [azurerm_monitor_metric_alert](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_metric_alert#metric_namespace) ## 1.Build Docker Image - Copy the following locally to SRC, to build and test Docker Images. - PetStoreApp, PetStorePetService, PetStoreProductService & PetStoreOrderService - Build and Run the pet Store Pet Service Docker Image - cd to src/petstorepetservice - **Create local bridge network** so PetStoreApp, PetStorePetService, PetStoreProductService & PetStoreOrderService can communicate ```docker docker network create petstorebridge ``` - build petstorepetservice docker image ```docker docker build -t petstorepetservice . docker image ls ``` - test pet store application ```docker docker run --rm --net petstorebridge --name petstorepetservice -p 8081:8081 -e PETSTOREPETSERVICE_SERVER_PORT=8081 -d petstorepetservice:latest http://loaclhost:8081 http://localhost:8081/swagger-ui.html ``` - cd into petstoreproductservice - build petstoreproductservice docker image ``` docker docker build -t petstoreproductservice . docker image ls ``` - test application ```docker docker run --rm --net petstorebridge --name petstoreproductservice -p 8082:8082 -e PETSTOREPRODUCTSERVICE_SERVER_PORT=8082 -d petstoreproductservice:latest docker ps http://loaclhost:8082 http://localhost:8082/swagger-ui.html ``` - cd into petstoreorderservice - build petstoreorderservice docker image ``` docker docker build -t petstoreorderservice . docker image ls ``` - test application ```docker docker run --rm --net petstorebridge --name petstoreorderservice -p 8083:8083 -e PETSTOREORDERSERVICE_SERVER_PORT=8083 -d petstoreorderservice:latest docker ps http://loaclhost:8083 http://localhost:8083/swagger-ui.html ``` - cd into petstoreapp - build petstoreapp docker image ``` docker docker build -t petstoreapp . docker image ls ``` - test application ```docker docker ps docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' petstoreorderservice -> ip Adress: 172.20.0.4 docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' petstoreproductservice -> ip address = 172.20.0.3 docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' petstorepetservice -> ip address = 172.20.0.2 docker run --rm --net petstorebridge --name petstoreapp -p 8080:8080 -e PETSTOREAPP_SERVER_PORT=8080 -e PETSTOREPETSERVICE_URL=http://172.20.0.2:8081 -e PETSTOREPRODUCTSERVICE_URL=http://172.20.0.3:8082 -e PETSTOREORDERSERVICE_URL=http://172.20.0.4:8083 -d petstoreapp:latest docker run --rm --net petstorebridge --name petstoreapp -p 8080:8080 -e PETSTOREAPP_SERVER_PORT=8080 -e PETSTOREPETSERVICE_URL=http://172.18.0.2:8081 -e PETSTOREPRODUCTSERVICE_URL=http://172.18.0.3:8082 -e PETSTOREORDERSERVICE_URL=http://172.18.0.4:8083 -d petstoreapp:latest docker ps http://loaclhost:8080 http://localhost:8083/swagger-ui.html docker kill $(docker ps -q) ``` ## 2.Push Docker image to Azure Container Registry - loging to azure and update created ACR ```az az login az account list --output table az account set --subscribtion <my sub> az acr login --name <acr name> az acr update -n <acr name> -g <resource group> --admin-enabled true ``` - push pet store app image to ACR ```az docker image tag petstoreapp:latest oapetacr.azurecr.io/petstoreapp:latest docker push oapetacr.azurecr.io/petstoreapp:latest docker image tag petstoreapp:latest <acr name>.azurecr.io/petstoreapp:latest docker push <acr name>.azurecr.io/petstoreapp:latest ``` - push pet store pet service image to ACR ```az docker image tag petstorepetservice:latest oapetacr.azurecr.io/petstorepetservice:latest docker push oapetacr.azurecr.io/petstorepetservice:latest docker image tag petstorepetservice:latest <acr name>.azurecr.io/petstorepetservice:latest docker push <acr name>.azurecr.io/petstorepetservice:latest ``` - push pet store product service to ACR ```az docker image tag petstoreproductservice:latest oapetacr.azurecr.io/petstoreproductservice:latest docker push oapetacr.azurecr.io/petstoreproductservice:latest docker image tag petstoreproductservice:latest <acr name>.azurecr.io/petstoreproductservice:latest docker push <acr name>.azurecr.io/petstoreproductservice:latest ``` - push pet store order service to ACR ```az docker image tag petstoreorderservice:latest oapetacr.azurecr.io/petstoreorderservice:latest docker push oapetacr.azurecr.io/petstoreorderservice:latest docker image tag petstoreorderservice:latest <acr name>.azurecr.io/petstoreorderservice:latest docker push <acr name>.azurecr.io/petstoreorderservice:latest ``` ## 3.Configure App Service for Continous deployment - use Web Hooks to deploy latest Azure Container Registry Docker image for Pet Store App - in app service terraform module include the following code ```terraform container_registry_use_managed_identity= true container_registry_managed_identity_client_id = var.managed_identity_client_id application_stack{ docker_image_name = "${var.acr_name}.azurecr.io/petstoreapp:latest" #docker_registry_server_url = "https://${var.acr_name}.azurecr.io" } ``` - aim is to create continous deployment, so when ever our container image is updated it will reflect on the app service - if you go on deployment you should see something similiar to the following  ## 4.Set up GitHub Repo and Acitons for CI/CD - create reposiory ``` git git init . git add . git commit -m "first commit" git branch -M main git remote add origin https://github.com/oreakinodidi98/petstore.git git push -u origin main ``` - create development branch ``` git git checkout -b development ``` ### pre-requisite - create a SP and add to gh secrets - run the following: ```az az ad sp create-for-rbac --name "AzurepetstoreOA" --role contributor --scopes /subscriptions/cb5b077c-3ef5-4b2e-83e5-490cc5ca0e19/resourceGroups/rg-petstore-01 --json-auth az role assignment create --assignee AzurepetstoreOA --role Contributor --scope /subscriptions/cb5b077c-3ef5-4b2e-83e5-490cc5ca0e19 az ad sp create-for-rbac --name "AzureResumeOA" --role contributor --scopes /subscriptions/cb5b077c-3ef5-4b2e-83e5-490cc5ca0e19/resourceGroups/rg-staticpage-01 --json-auth ``` - Then save the output in GH as AZURE_CREDENTIALS - go to acr and get password - create a secret in github called PETSTORECRSECRET -> settings -> secrets & variables-> actions - paste acr password in secret - az ad sp credential reset --name AzurepetstoreOA --credential-description "TerraformClientSecret" ## 5. Create an Azure Kubernetes Cluster and configure NGINX Ingress Controller - login to Azure az login --service-principal -u <app-id> -p <password> --tenant <tenant-id> ```kubectl helm install ingress-nginx ingress-nginx/ingress-nginx \ --create-namespace \ --namespace ingress-petstoreservices \ --set controller.service.annotations."service\.beta\.kubernetes\.io/azure-load-balancer-health-probe-request-path"=/healthz ``` ```cli $RESOURCE_GROUP = "rg-petstore-01" $ACR_URL = "oapetacr.azurecr.io" $REGISTRY_NAME = "oapetacr" $SOURCE_REGISTRY = "k8s.gcr.io" $CONTROLLER_IMAGE = "ingress-nginx/controller" $CONTROLLER_TAG = "v1.0.4" $PATCH_IMAGE = "ingress-nginx/kube-webhook-certgen" $PATCH_TAG = "v1.1.1" $DEFAULTBACKEND_IMAGE = "defaultbackend-amd64" $DEFAULTBACKEND_TAG = "1.5" $NAMESPACE= "ingress-petstoreservices" ``` Import the Ingress controller and required images into your ACR (Helm will use them on the install below) `az acr import --resource-group=rg-petstore-01 --name oapetacr --source k8s.gcr.io/ingress-nginx/controller:v1.0.4 --image ingress-nginx/controller:v1.0.4` `az acr import --resource-group=rg-petstore-01 --name oapetacr --source k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1 --image ingress-nginx/kube-webhook-certgen:v1.1.1` `az acr import --resource-group=rg-petstore-01 --name oapetacr --source k8s.gcr.io/defaultbackend-amd64:1.5 --image defaultbackend-amd64:1.5` Instruct Helm to install and configure the Ingress controller with the images ```cli helm install ingress-nginx ingress-nginx/ingress-nginx --namespace $NAMESPACE --create-namespace --set controller.replicaCount=2 --set controller.nodeSelector."kubernetes\.io/os"=linux --set controller.image.registry=$ACR_URL --set controller.image.image=$CONTROLLER_IMAGE --set controller.image.tag=$CONTROLLER_TAG --set controller.image.digest="" --set controller.admissionWebhooks.patch.nodeSelector."kubernetes\.io/os"=linux --set controller.admissionWebhooks.patch.image.registry=$ACR_URL --set controller.admissionWebhooks.patch.image.image=$PATCH_IMAGE --set controller.admissionWebhooks.patch.image.tag=$PATCH_TAG --set controller.admissionWebhooks.patch.image.digest="" --set defaultBackend.nodeSelector."kubernetes\.io/os"=linux --set defaultBackend.image.registry=$ACR_URL --set defaultBackend.image.image=$DEFAULTBACKEND_IMAGE --set defaultBackend.image.tag=$DEFAULTBACKEND_TAG --set defaultBackend.image.digest="" ``` ```cli helm install ingress-nginx ingress-nginx/ingress-nginx --namespace $NAMESPACE --create-namespace --set controller.replicaCount=2 --set controller.nodeSelector."kubernetes\.io/os"=linux --set controller.image.registry=$ACR_URL --set controller.image.image=$CONTROLLER_IMAGE --set controller.image.tag=$CONTROLLER_TAG --set controller.image.digest="" --set controller.admissionWebhooks.patch.nodeSelector."kubernetes\.io/os"=linux --set controller.admissionWebhooks.patch.image.registry=$ACR_URL --set controller.admissionWebhooks.patch.image.image=$PATCH_IMAGE --set controller.admissionWebhooks.patch.image.tag=$PATCH_TAG --set controller.admissionWebhooks.patch.image.digest="" --set defaultBackend.nodeSelector."kubernetes\.io/os"=linux --set defaultBackend.image.registry=$ACR_URL --set defaultBackend.image.image=$DEFAULTBACKEND_IMAGE --set defaultBackend.image.tag=$DEFAULTBACKEND_TAG --set defaultBackend.image.digest="" ``` Verify it is up and running `kubectl --namespace $NAMESPACE get services -o wide -w ingress-nginx-controller` az aks update -n oa-pet-aks -g rg-petstore-01 --attach-acr oapetacr
About
Building of Azure Petstore but with terraform
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published