Skip to content

Latest commit

 

History

History
339 lines (319 loc) · 21.2 KB

3. Create and Deploy Apps.md

File metadata and controls

339 lines (319 loc) · 21.2 KB

Creating and Deploying Apps

Creating Web Applications using PaaS

  • App Service Environments (ASEs)
    • Fully isolated and dedicated environment for securely running App Service apps at high scale.
      • High scale: Multiple ASEs can be used to scale horizontally
      • Isolation and secure network access
        • Isolated running only one customers applications.
        • Always deployed into a VNet.
          • Can have network security groups (NSGs)
          • Can have web application firewalls (WAFs)
          • Customers can control inbound & outbound traffic.
          • Allows you to have layered network architecture:
            • E.g. where services at the bottom tier have no internet access.
      • High memory utilization
    • It's deployed on App Service Plan.
    • Can run Web Apps, Docker containers, Mobile Apps, Functions
    • Pricing: comes with its own pricing tier Isolated offering
    • ❗ Limitation:
      • Everything in between from
        • Single instance in 100 app service plans
        • 100 instances in a single App Service plan
    • Consists of two parts
      • Front-ends: Responsible for HTTP/HTTPS termination, automatic load balancing.
      • Workers: Host customer apps. Three fixed size:
        • One VPU/3.5 GB RAM,Two vCPU/7GB RAM, Four vCPU/14 GB RAM
  • Web App
    • VNET Integration exists only in Standard, Premium, Isolated.
    • Create an Azure Service Web App
      • Create resource group => Create app service plan => Create web app => Deploy the app
    • Web App for Containers
      • Create instance of “Web App for containers”.
      • You can choose Docker image, or with deployment configuration file for Docker Compose / Kubernetes image from Azure Container Registry, Docker Hub, Private Registry.
      • Web App for Containers vs Azure Container Instances
        • Web Apps for Containers: Deploy web applications on Linux using containers
        • Azure Container Instances: Easily run containers on Azure with a single command without any orchestration.
  • WebJobs
    • Background tasks that enables you to run a program or script in the same context as a web app.
      • Eg. .cmd, .bat, .exe, .ps1, .sh, .php, .py, .js, .jar
    • To create you can have CI/CD from GitHub or upload .zip containing your WebJob directly.
    • Set "Always On" for reliability.
      • Scheduled vs continuous
    • Start
      • Continuous: Starts immediately. Runs in an endless loop.
      • Triggered: Strats when scheduled or triggered manually.
    • Multiple instances of WebJobs
      • Continuous: Runs all on instances
      • Triggered: Runs on a single instance that's load balanced.
    • Remote debugging: Supported only in Continuous.
    • Scale
      • Available only for continuous WebJobs.
      • Determines whether the program or script runs on all instances or just one instance.
      • Not possible on Free or Shared pricing tiers.
  • Using Swagger to document an API
    • Swagger is set of tools around OpenAPI (JSON standard to define API's)
    • Swashbuckle

      • .NET Core package that builds swagger documents from code.

      • Embeds UI for customizing swagger documents.

      • Set up:

      • In Startup.ConfigureServices: services.AddSwaggerGen(c => c.SwaggerDoc("v1", new Info { Title = "My API", Version = "v1" }));

        • You can here document other informations such as Contact, License, TermsOfService, and Description.

      • Enable middleware & set-up json UI in Startup.Configure:

        app.UseSwagger();
app.UseSwaggerUI(c => c.SwaggerEndpoint("/swagger/v1/swagger.json", "My API V1");
        • Swagger is then accessible at /swagger/v1/swagger.json and /swagger

      • Build swagger from XML documentation:

        • Enable XML documentation file in .csproj: <GenerateDocumentationFile>true</GenerateDocumentationFile>

        • You'll get warning for undocumended types & members. You can surpress them with inline code or set <NoWarn>$(NoWarn);1591</NoWarn> in .csproj.

        • In Startup.ConfigureServices enable XML documents via reflection:

          c.IncludeXmlComments(Path.Combine(AppContext.BaseDirectory, $"{Assembly.GetExecutingAssembly().GetName().Name}.xml"));

        • You can then just XML document Action results with <summary> and <param name ="id"> tags.

    • Declaring models with attributes
      • You can set attributes on view models such as [Required] or [DefaultValue(false)]
      • On controller you can use [Produces("application/json")]
      • On actions you can use [ProducesResponseType(201)] and then document with <response code="201"/> XML tag.
  • Azure Logic App IPaaS: Integration Platform as a Service
    • Automate tasks & integrates apps, data, systems and services across enterprises or organizations by automating tasks and business processes as workflows.
    • Some workload examples:
      • Move uploaded file from an SFTP or FTP server to Azure Storage.
      • Process and route orders across on-premises systems and cloud services.
      • Monitor tweets for a specific subject, analyze the sentiment, and create alerts or tasks for items that need review.
    • 200+ integrations such as Service Bus, Functions, Office 365, Oracle DB etc.
      • Each connector provides triggers and/or actions specifically.
      • Enterprise Integration Pack
        • Handles B2B integrations, similar to BizTalk.
        • Can handle different protocols such as As2, X12, EDIFACT
        • Can transform different formats.
        • Support for encryption & digital signatures.
        • Flow
          • Create an integration account in the portal => Add partners, schemas, artifacts, maps & agreements (reusable artifacts) => Create logic map => Link Logic app to the account => In Logic App, you can use partners and other artifacts from the integration account.
    • You can have custom connectors.
      • They're function-based (Azure Functions).
      • Flow: Build your API => Describe your API (Swagger/OpenAPI) and define connector => Use connector => (Optional) Share & Verify your connector
    • Applications are defined in a JSON file, they support ARM.
    • You can use Azure portal or Visual Studio.
      • Visual Studio
        • You can add apps to source control, publish different versions.
        • Flow: New > Project => Visual C# => Select Resource Group =>Modify LogicApp.json => Deploy

Azure Service Fabric

  • Distributed systems platform that makes it easy to package, deploy, and manage scalable and reliable microservices and containers.

  • Enables to you to build and manage scalable and reliable microservices that on clusters (a shared pool of machines)

  • Runtime and lifecycle management capabilities

    • Provides a runtime to build distributed, scalable, stateless, and stateful microservices running in containers.
    • Management capabilities to provision, deploy, monitor, upgrade/patch, and delete deployed applications including containerized services

  • You can choose to use ASP.NET Core programming models, or can just deploy and manage containers with Service Fabric container orchestrator.

  • Applications are resource-balanced across virtual machines to maximize efficiency.

  • Enables you to perform near real-time data analysis, in-memory computation, parallel transactions, and event processing in your applications

  • Stateful vs Stateless applications

    • Stateless services can have dependencies to caches, storages, queues etc., but they’re than external services. Stateful applications have internal states in them e.g. databases, storages etc.
    • An application built using stateless services
      • Scale with partitioned storage
      • Increase reliability with queues
      • Reduce read latency with caches
      • Write your own lock managers for state consistency
    • An application built using stateful services
      • Application state lives in the compute tier.
      • Low latency reads and writes
      • Partitions are first class for scale-out
      • Built in lock managers based on primary election
    • StatelessService
      • E.g. Azure Cloud Service worker roles
      • Provides high availability and consistency of the state through simple APIs that provide transactional guarantees backed by replication
      • Applications can have their “hot” state and data managed within them for additional performance gains without sacrificing reliability, consistency, or availability
      • They’re deployed into same Service Fabric cluster with their dependencies.
      • Each of these services is independent with regard to scale, reliability, and resource usage, greatly improving agility in development and lifecycle management.
      • Simplify application designs: They remove the need for the additional queues and caches that have traditionally been required to address the availability and latency requirements of purely stateless applications.

  • Basic concepts

    • Service type
      • Service implementation.
      • Defined by class that extends StatelessService
      • Has name and a version number
    • Named service instance: It’s an URI using fabric:/ scheme such as fabric:/MyApp/MyService
    • Service host: Instances that needs to run inside a host process.
    • Service registration: The service type must be registered with the Service Fabric runtime in a service host to allow Service Fabric to create instances of it to run.

  • Preparing your development environments on Windows

    1. Install the Service Fabric runtime, SDK, and tools
    2. Enable execution of the Windows PowerShell scripts included in the SDK.
    Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Force -Scope CurrentUser

  • Creating a stateless service in Visual Studio

    • Create project
      • New project => Service Fabric Application => Name it HelloWorld
      • .Net Core 2.0 => StatelessService => Name it HelloWorldStateless
      • Your solution now contains two projects:
        • HelloWorld: Application project that contains services and some PowerShell scripts that help you to deploy your application.
        • HelloWorldStateless: Service project, contains stateless service implementation.
    • Implement
      • In service project (HelloWorldStateless.cs) you run any business logic.
      • Two entry points:
        1. Open-ended entry point

          • You begin executing workloads, including long-running compute workloads.

            protected override async Task RunAsync(CancellationToken cancellationToken)
{
  ...
}

          • A cancellation token is provided to coordinate when your service instance needs to be closed.

            • Cancellation is requested when:
              • The system moves your service instances for resource balancing.
              • Faults occur in your code.
              • The application or system is upgraded.
              • The underlying hardware experiences an outage.
            • The system will wait for your task to end (by successful completion, cancellation, or fault) before it moves on.
              • It is important to honor the cancellation token, finish any work, and exit RunAsync() as quickly as possible when the system requests cancellation.
        2. A communication entry point

          • You can plug in your communication stack of choice, e.g. start receiving requests (e.g. via ASP .NET Core) from users and other services.

            protected override IEnumerable<ServiceInstanceListener> CreateServiceInstanceListeners()
{
  ...
}

  • Creating a stateful service in Visual Studio

    • A stateful service can maintain state reliably within the service itself, co-located with the code that's using it.

    • State is made highly available by Service Fabric without the need to persist state to an external store.

    • Create solution

      • Add -> New Service Fabric Service -> Name it HelloWorld
      • .Net Core 2.0 -> Stateful Service and name it HelloWorldStateful

    • Reliable Collections and the Reliable State Manager

      • The main difference is the availability of a state provider that can store state reliably.
      • State provider implementation called Reliable Collections.
        • It lets you create replicated data structures through the Reliable State Manager.
          • Operations are transactional = consistent everywhere
          • Stores your data to local disk on each replica.
          • Transactions are atomic
            • You may dequeue a work item from a Reliable Queue, perform an operation on it, and save the result in a Reliable Dictionary, all within a single transaction.
        • A stateful Reliable Service uses this state provider by default.
        • You can store data directly in your service without the need for an external persistent store.

    • A stateful service has the same entry points as a stateless service.

      • In a stateful service, the platform performs additional work on your behalf before it executes RunAsync(). This work can include ensuring that the Reliable State Manager and Reliable Collections are ready to use.

    • Code example:

      protected override async Task RunAsync(CancellationToken cancellationToken)
{
  var myDictionary = await this.StateManager.GetOrAddAsync<IReliableDictionary<string, long>>("myDictionary");
  while (true)
  {
    cancellationToken.ThrowIfCancellationRequested();
    using (var tx = this.StateManager.CreateTransaction())
    {
      var result = await myDictionary.TryGetValueAsync(tx, "Counter");
      ServiceEventSource.Current.ServiceMessage(this.Context, "Current Counter Value: {0}",result.HasValue ? result.Value.ToString() : "Value does not exist.");
      await myDictionary.AddOrUpdateAsync(tx, "Counter", 0, (key, value) => ++value);
      // If an exception is thrown before calling CommitAsync, the transaction aborts, all changes are discarded, and nothing is saved to the secondary replicas.
      await tx.CommitAsync();
      }
      await Task.Delay(TimeSpan.FromSeconds(1), cancellationToken);
    }
    ```

Using containers and orchestration

  • Azure Kubernetes Service AKS

    • Managed service to deploy Kubernetes cluster.
      • Much of complexity and operational overhead of managing Kubernetes is handled by Azure (e.g.. health monitoring and maintenance)
    • It’s free, you pay for the agent nodes within clusters, not for the masters.
    • Features
      • Flexible deployment options
        • Deploy through Portal, CLI or ARM
        • Deploys & configures all nodes.
        • Lets you configure advanced networking, AAD integration and monitoring during deployment.
      • Identity and security management: AKS clusters support RBAC. Can be integrated with AAD.
      • Integrated logging and monitoring
        • Collects container logs (listens to stdout and stderr streams) and memory/processor metrics from containers, nodes and controllers.
        • Stored in Log Analytics workspace
        • 💡 If RBAC is enabled in Kubernetes, you'll need to grant access to log reader application.
      • Cluster node scaling: Scale out/in via Azure portal or the Azure CLI.
      • Cluster node upgrades: Offers multiple Kubernetes versions and upgrading with coordination of nodes to minimize disruption to running applications.
      • HTTP application routing
        • Configures ingress controller in AKS cluster.
        • As applications are deployed, they’re publicly accessible with auto-configured DNS names.
      • GPU enabled nodes: Supports GPU enabled node pools, provides single/multiple GPU enabled VM’s.
      • Development tooling integration:
        • Tools like Heml, Draft, Visual Studio Code Kubernetes works seamlessly.
        • You can run & debug containers directly in AKS.
      • Virtual network integration: Can be deployed to existing VNet.
        • Every pod is assigned an IP address in the VNet, and can communicate with other pods in the cluster and other nodes in the VNet.
        • Can connect other services in a peered VNet, and on-prem networks over ExpressRoute or site-to-site VPN connections.
      • Private container registry: Integration with Azure Container Registry (ACR) for Docker images.

  • Virtual Kubelet

    • Connecting Kubernetes to other APIs
    • Creates a virtual kubernetes node backed by e.g. Azure, AWS, Alibaba etc.
    • Virtual node acts as a normal managed node in the cluster.
    • Kubernetes API on top, programmable back.

  • Deploy an AKS cluster Using CLI

    • Create a resource group: az group create --name myAKSCluster --location eastus
    • Create AKS cluster with health monitoring addon: az aks create --resource-group myAKSCluster --name myAKSCluster --node-count 1 --enable-addons monitoring --generate-ssh-keys
    • Connect to the cluster
      • Download credentials & configure Kubernetes CLI: az aks get-credentials --resource-group myAKSCluster --name myAKSCluster
      • Get all nodes: kubectl get nodes
        • 💡 If you are using Azure Cloud Shell, kubectl is already installed. If you want to install it locally, use the az aks install-cli command.

  • Azure Container Registry

  • Managed service based on open-source Docker Registry.

  • Gives you build automation with build triggers: With such as VSTS or Jenkins. Can be integrated with GIT.

  • Use-cases

    • Scalable orchestration systems: Can be orchastreted via DC/OS, Docker Swam, Kubernetes.
    • Azure services: Azure Kubernetes Service, App Service, Batch, Service Fabric. etc... can build and run applications

  • Azure Container Registry Build (ACR Build) can build docker images to automate container OS, framework patching pipeline.

  • Concepts

    • Registry
      • SKUs: Basic, Standard Premium.
      • All support, webhook integration, authentication with AAD, delete functionality.
      • You use Azure storages for container images.
      • You can use geo-replication in Premium registrations.
      • Control access with AAD-backed service principal or provided admin account.
    • Repository
      • A register contains one ore more repositories.
      • A repository is group of container images.
      • ACR supports multilevel repository namespaces.
      • So you can group your repositories.
    • Image
      • Read-only snapshot of a Docker container.
      • An Azure container registry can include both Windows and Linux images.
      • Control image names for all of container deployments.
    • Container
      • Application and its dependencies wrapped in a filesystem including code, runtime, system tools and libraries.
      • Containers running on a single machine share the operating system kernel.
      • Containers are fully portable to all major Linux distros, macOS and Windows.

  • Deploy an image to ACR using Azure CLI

    1. Create a resource group: az group create --name myResourceGroup --location eastus
    2. Create a container registry: az acr create --resource-group myResourceGroup --name myContainerRegistry007 --sku Basic
      • Must have unique name.
      • SKU's
        • Basic: Have size and usage contraints.
        • Standard: Increased storage limits and image throughput.
        • Premium: Higher limit on constraints, such as storage & concurrent operations, including enhanced storage capabilities.
          • Higher image throughput capacity.
          • Features like geo-replication for managing a single registry across multiple regions, maintaining a network-close registry to each deployment.
    3. Log in to ACR: az acr login --name <acrName>
    4. Push image to ACR
      docker pull microsoft/aci-helloworld
  az acr list --resource-group myResourceGroup --query "[].{acrLoginServer:loginServer}" --output table
  docker tag microsoft/aci-helloworld <acrLoginServer>/aci-helloworld:v1
  docker push <acrLoginServer>/aci-helloworld:v1
    1. List container images: az acr repository list --name <acrName> --output table
      • Or list tags: az acr repository show-tags --name <acrName> --repository aci-helloworld --output table
    2. Deploy image to ACI
      • Using Azure CLI
        • Enable admin user in the registry: az acr update --name <acrName> --admin-enabled true
          • 💡 In production you should use service principal.
        • Retrieve admin password: az acr credential show --name <acrName> --query "passwords[0].value"
        • Create container image with 1 CPU and 1 GB of memory: az container create --resource-group myResourceGroup --name acr-quickstart --image <acrLoginServer>/aci-helloworld:v1 --cpu 1 --memory 1 --registry-username <acrName> --registry-password <acrPassword> --dns-name-label aci-demo --ports 80
        • Monitor status of the container: az container show --resource-group myResourceGroup --name acr-quickstart --query instanceView.state
        • Retrieve container public IP address: az container show --resource-group myResourceGroup --name acr-quickstart --query ipAddress.fqdn
      • Using docker CLI
        • Log in to registry: az acr login --name myregistry
        • Tag your image: docker tag nginx myregistry.azurecr.io/samples/nginx
        • Push your image: docker push myregistry.azurecr.io/samples/nginx
    3. Docker-push

  • Azure Container Instances

    • It’s depreciated, replacement: Azure Kubernetes Service (AKS)
    • It’s good for simple applications, task automation and build jobs.
    • Features:Full container orchestration including, service discovery across multiple containers, automatic scaling, coordinated application upgrades.
    • You deploy an image from a public / private registry