Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Azure Container Apps + Bicep 〜 こんな感じで運用しています
Search
Kaz Watanabe
April 20, 2024
Technology
3
770
Azure Container Apps + Bicep 〜 こんな感じで運用しています
Bicepを利用してAzure Container Appsの環境構築、運用保守、自動デプロイなどをどのように実現しているかを解説します
Kaz Watanabe
April 20, 2024
Tweet
Share
More Decks by Kaz Watanabe
See All by Kaz Watanabe
PHPCon福岡2024-Azureもなかなかいいですよ.pdf
kaz29
1
51
20220908_フロントエンドパフォーマンス改善.pdf
kaz29
1
120
PHP製のPodCast配信用WebアプリをReact+Next.jsなSSGで作り直してみた話
kaz29
2
550
バックエンドエンジニアの私がお勧めする SPAフロントエンド開発環境
kaz29
6
5.9k
201909-PHPCon北海道-PHPでCI_CD.pdf
kaz29
0
3.4k
2019/02/27 PHP勉強会 #135 PHPでCI・CD
kaz29
0
300
PHPでもserverless framework!?
kaz29
2
3.2k
PHPでもサーバーレスしたい
kaz29
6
1.8k
ちいさな会社でのAnsible活用事例
kaz29
0
770
Other Decks in Technology
See All in Technology
20240724_cm_odyssey_hibiyatech
hiashisan
0
110
たくさん本を読んだけど 1年後には綺麗サッパリ!を乗り越えて 学習の鬼になるぞ👹
yum3
0
160
累計ダウンロード数1億8000万を超えるアプリケーションプラットフォームのレガシーシステム脱却とモダン化への道
kmitsuhashi
0
120
MySQLのロックの種類とその競合
yoku0825
6
1.6k
楽しくGoを学び合う、LayerXの勉強会文化 / LayerX's study culture of having fun and learning Go together
ar_tama
2
350
ギークの理想が7つ集まるエムスリーで夢を叶えよう - エムスリー株式会社
m3_engineering
1
260
Git 研修 Basic【MIXI 24新卒技術研修】
mixi_engineers
PRO
0
310
サーバーレスAPI(API Gateway+Lambda)とNext.jsで 個人ブログを作ろう!
shuntaka
PRO
0
560
初中級者用如何使用backlog -VALE TUDOEDITION-
in0u
0
140
Docker互換のセキュアなコンテナ実行環境「Podman」超入門
devops_vtj
6
3.2k
データ分析基盤を作ってみよう~設計編~
nrinetcom
PRO
1
110
テスト・設計研修【MIXI 24新卒技術研修】
mixi_engineers
PRO
0
170
Featured
See All Featured
Creatively Recalculating Your Daily Design Routine
revolveconf
214
11k
Navigating Team Friction
lara
181
13k
How to name files
jennybc
67
96k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
13
430
Design by the Numbers
sachag
277
18k
Principles of Awesome APIs and How to Build Them.
keavy
124
16k
GraphQLとの向き合い方2022年版
quramy
36
13k
[RailsConf 2023] Rails as a piece of cake
palkan
35
4.4k
10 Git Anti Patterns You Should be Aware of
lemiorhan
652
58k
Adopting Sorbet at Scale
ufuk
71
8.8k
Mobile First: as difficult as doing things right
swwweet
219
8.8k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
325
21k
Transcript
Azure Container Apps + Bicep ͜Μͳײ͡Ͱӡ༻͍ͯ͠·͢ 2024/04/20 Global Azure 2024
JCOMגࣜձࣾ Θͨͳ(@kaz_29)
WHO? ลҰ (Θͨͳ ͔ͣͻΖ) @kaz_29 JCOMגࣜձࣾ
Agenda •Azure Container Apps •Bicep •Infrastructure as Code(IaC) •Continuous Delivery(CD)
Container Apps
Azure Container Apps ֓ཁ • ϑϧϚωʔδυk8sϕʔεͷΞϓϦέʔγϣϯϓϥοτϑΥʔϜ • KEDAΛར༻ͨ͠ಈతεέʔϦϯά HTTP /
TCP / Azure Storage Queue / Azure Service Bus / Azure Event Hubs etc… • ϓϥϯ • Consumption Plan(ফඅ) • Dedicated(ઐ༻) • ैྔ՝ۚϫʔΫϩʔυϓϩϑΝΠϧ • ઐ༻ϫʔΫϩʔυϓϩϑΝΠϧ
Azure Container Apps ར༻Մೳͳ CPU ͱϝϞϦ IUUQTMFBSONJDSPTPGUDPNKBKQB[VSFDPOUBJOFSBQQTDPOUBJOFST
Azure Container Apps ࣮ߦڥͷΠϝʔδ CONTAINER APP 1 CONTAINER(S) REPLICA REVISION
1 CONTAINER(S) REPLICA REVISION 2 CONTAINER APP 2 CONTAINER(S) REPLICA REVISION 1 CONTAINER(S) REPLICA REVISION 2 CONTAINER APPS ENVIRONMENT
Bicep
Bicep ֓ཁ • AzureϦιʔεΛσϓϩΠ༻ͷDSL • ߏจ͕؆ܿ • શͯͷϦιʔεɾόʔδϣϯΛαϙʔτ ϓϨϏϡʔ൛ͷαʔϏεͰαϙʔτ͞Ε͍ͯΔ(ͱࢥ͏) •
VSCodeͷBicep֦ு IntelliSenceߏจݕূͳͲͰޮతʹฤूͰ͖Δ IUUQTMFBSONJDSPTPGUDPNKBKQB[VSFB[VSFSFTPVSDFNBOBHFSCJDFQPWFSWJFX UBCTCJDFQ
Bicep αϯϓϧ IUUQTMFBSONJDSPTPGUDPNKBKQB[VSFB[VSFSFTPVSDFNBOBHFSCJDFQPWFSWJFX UBCTCJDFQ param location string = resourceGroup().location param
acrName string param acrSku string param encription string resource acrResource 'Microsoft.ContainerRegistry/registries@2023-01-01-preview' = { name: acrName location: location sku: { name: acrSku } properties: { adminUserEnabled: true encryption: { status: encription } dataEndpointEnabled: false } } output loginServer string = acrResource.properties.loginServer CJDFQBDSCJDFQ
Bicep αϯϓϧ IUUQTMFBSONJDSPTPGUDPNKBKQB[VSFB[VSFSFTPVSDFNBOBHFSCJDFQPWFSWJFX UBCTCJDFQ param location string = resourceGroup().location param
acrName string = 'exampleacr' param acrSku string = 'Standard' param encription string = 'disabled' module acr 'acr.bicep' = { name: 'example-acr' params: { location: location acrName: acrName acrSku: acrSku encription: encription } } $ az deployment group create \ -f ./bicep/acr-test.bicep \ -g $RESOURCE_GROUP_NAME CJDFQBDSUFTUCJDFQ
Infrastructure as Code(IaC)
BicepͰContainer AppsڥΛߏங
BicepͰContainer AppsڥΛߏங ैྔ՝ۚϫʔΫϩʔυϓϩϑΝΠϧ resource environment 'Microsoft.App/managedEnvironments@2023-05-01' = { name: environmentName
location: location properties: { appLogsConfiguration: { destination: 'log-analytics' logAnalyticsConfiguration: { customerId: logAnalyticsWorkspace.properties.customerId sharedKey: logAnalyticsWorkspace.listKeys().primarySharedKey } } daprAIInstrumentationKey: appInsights.properties.InstrumentationKey zoneRedundant: false workloadProfiles: [{ name: 'Consumption' workloadProfileType: 'Consumption' }] } }
BicepͰContainer AppsڥΛߏங ઐ༻ϫʔΫϩʔυϓϩϑΝΠϧ resource environment 'Microsoft.App/managedEnvironments@2023-05-01' = { name: environmentName
location: location properties: { appLogsConfiguration: { destination: 'log-analytics' logAnalyticsConfiguration: { customerId: logAnalyticsWorkspace.properties.customerId sharedKey: logAnalyticsWorkspace.listKeys().primarySharedKey } } daprAIInstrumentationKey: appInsights.properties.InstrumentationKey zoneRedundant: true workloadProfiles: [{ name: 'myworkload' maximumCount: 10 minimumCount: 3 workloadProfileType: 'D4' }] } }
(JUIVC"DUJPOTͰͷϑϩʔΠϝʔδ OPS୲ Bicep Github 3. PR࡞ Diff 1. ίʔυ࡞ɾมߋ 2.
Push 4. work fl ow࣮ߦ 5. ࠩΛऔಘ 6. ࠩΛPRίϝϯτʹߘ 8. ϓϩϏδϣχϯά༻ͷtagΛଧͭ Provision 9. work fl ow࣮ߦ OPSऀ 7. Review Deployment protection Required reviewers 10. ঝೝͪ 11. Approve 12. มߋΛө
ࠩऔಘϫʔΫϑϩʔ ί υ ͷ ν Ϋ Ξ τ "[VSF
ϩ ά Π ϯ #JDFQ ϑ Π ϧ ͷ จ ๏ ν Ϋ B[EFQMPZNFOUHSPVQXIBUJG Ͱ ࠩ औ ಘ 13 ί ϝ ϯ τ Λ ߘ
#JDFQσϓϩΠͷ8IBU*Gૢ࡞ ʙ Bicep ϑΝΠϧΛσϓϩΠ͢ΔલʹɺߦΘΕΔมߋΛϓϨϏϡʔͰ͖·͢ɻ Azure Resource Manager ͷ What-if ૢ࡞Λ͏ͱɺBicep
ϑΝΠϧΛσϓϩΠͨ͠߹ʹϦ ιʔε͕ͲͷΑ͏ʹมߋ͞ΕΔ͔Λ֬ೝͰ͖·͢ɻ what-if ૢ࡞ͰɺطଘͷϦιʔε ʹର͍͔ͯ͠ͳΔมߋߦΘΕ·ͤΜɻ ΘΓʹɺࢦఆͨ͠ Bicep ϑΝΠϧ͕σϓϩ Π͞Εͨ߹ͷมߋ͕༧ଌ͞Ε·͢ɻ what-if ૢ࡞ Azure PowerShellɺAzure CLIɺ·ͨ REST API ૢ࡞Ͱ༻Ͱ͖·͢ɻ What-if ɺϦιʔε άϧʔϓɺαϒεΫϦϓγϣϯɺཧάϧʔϓɺςφϯτ Ϩϕϧ ͷσϓϩΠͰαϙʔτ͞Ε͍ͯ·͢ɻʙ IUUQTMFBSONJDSPTPGUDPNKBKQB[VSFB[VSFSFTPVSDFNBOBHFSCJDFQEFQMPZXIBUJGΑΓҾ༻
#JDFQσϓϩΠͷ8IBU*Gૢ࡞
ࠩऔಘϫʔΫϑϩʔ name: Diff resources on: pull_request: types: [opened, synchronize, reopened]
branches: - master env: RESOURCE_GROUP_NAME: container-apps-example-rg permissions: id-token: write contents: read pull-requests: write jobs: diff: name: Diff resources environment: name: diff runs-on: ubuntu-latest steps: - name: checkout uses: actions/checkout@v3 - name: Azure Login uses: azure/login@v1 with: client-id: ${{ secrets.AZURE_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - name: Lint bicep file uses: azure/CLI@v1 with: inlineScript: | az config set bicep.use_binary_from_path=False az bicep install az bicep lint -f ./bicep/container-apps-env.bicep - name: Diff Container Apps Env settings uses: azure/CLI@v1 with: inlineScript: | az config set bicep.use_binary_from_path=False az bicep install echo -e '## Container Apps Env\n<details><summary>Resource \ and property changes details</summary>\n\n```' >> diff.txt az deployment group what-if \ -f ./bicep/container-apps-env.bicep \ --name "container-apps-diff" \ -g ${{ env.RESOURCE_GROUP_NAME }} \ | tee -a diff.txt echo -e '```\n</details>\n\n' >> diff.txt - name: Post diff uses: marocchino/sticky-pull-request-comment@v1 with: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} header: header-of-comment path: ./diff.txt
Continuous Delivery(CD) ܧଓతσϦόϦʔ
BicepͰContainer AppΛσϓϩΠ
BicepͰContainer AppΛσϓϩΠ param environmentName string = 'example-container-apps-env' param containerAppName string
= 'example-app' param location string = resourceGroup().location param imageName string = 'example-app' param tagName string param acrUserName string @secure() param acrSecret string param revisionSuffix string param oldRevisionSuffix string param isExternalIngress bool = true @allowed([ 'multiple' 'single' ]) param revisionMode string = 'multiple' resource environment 'Microsoft.App/managedEnvironments@2022-03-01' existing = { name: environmentName } resource containerApp 'Microsoft.App/containerApps@2023-04-01-preview' = { name: containerAppName location: location properties: { workloadProfileName: 'Consumption' managedEnvironmentId: environment.id configuration: { activeRevisionsMode: revisionMode dapr:{ enabled:false } ingress: { external: isExternalIngress targetPort: 80 transport: 'auto' allowInsecure: false traffic: ((contains(revisionSuffix, oldRevisionSuffix)) ? [ { weight: 100 latestRevision: true } ] : [ { weight: 0 latestRevision: true } { weight: 100 revisionName: '${containerAppName}--${oldRevisionSuffix}' } ]) } ಈతͳ ()"Ͱ͢ ॳճσϓϩΠ࣌༻
BicepͰContainer AppΛσϓϩΠ secrets: [ { name: 'acr-secret' value: acrSecret }
] registries: [ { server: '${acrUserName}.azurecr.io' username: acrUserName passwordSecretRef: 'acr-secret' } ] } template: { revisionSuffix: revisionSuffix containers: [ { image: '${acrUserName}.azurecr.io/${imageName}:${tagName}' name: containerAppName resources: { cpu: any('0.5') memory: '1Gi' } } ] scale: { minReplicas: 0 maxReplicas: 5 rules: [ { name: 'http-scaling-rule' http: { metadata: { concurrentRequests: '60' } } } ] } } } } output fqdn string = containerApp.properties.configuration.ingress.fqdn ίϯςφͷઃఆ εέʔϦϯάϧʔϧ
Azure Container Apps(࠶ܝ) ࣮ߦڥͷΠϝʔδ CONTAINER APP 1 CONTAINER(S) REPLICA REVISION
1 CONTAINER(S) REPLICA REVISION 2 CONTAINER APP 2 CONTAINER(S) REPLICA REVISION 1 CONTAINER(S) REPLICA REVISION 2 CONTAINER APPS ENVIRONMENT
#JDFQͰ$POUBJOFS"QQΛσϓϩΠ ϦϏδϣϯΛͲ͏ࢦఆ͢Δ͔ʁ w ҙͷจࣈྻΛࢦఆՄೳ w Ͳͷίʔυ͔Λ༰қʹࣝผ͍ͨ͠ w ϦϙδτϦͷUBHΛྲྀ༻͢Δ w ϦϏδϣϯʹ
υοτ ͑ͳ͍ w ҎԼͷΑ͏ʹมͯ͠ར༻ v1.0.0 => v100
(JUIVC"DUJPOTͰͷϑϩʔΠϝʔδ ϦϏδϣϯΛར༻ͨ͠#(σϓϩΠϝϯτ ։ൃ୲ Github 3. PR࡞ ςετͳͲΛ࣮ߦ 1. ίʔυ࡞ɾมߋ 2.
Push 4. work fl ow࣮ߦ 6. σϒϩΠ༻ͷtagΛଧͭ Deploy to Green 7. work fl ow࣮ߦ OPS୲ऀ 5. Review 9. ঝೝͪ 8. σϓϩΠ ։ൃνʔϜ 10. FlipΛঝೝ Build& Push Flip 11. ঝೝͪ Deactivate 12. DeactivateΛঝೝ
$*ͷϫʔΫϑϩʔ ϦϏδϣϯΛར༻ͨ͠#(σϓϩΠϝϯτ ί υ ͷ ν Ϋ Ξ τ
ί ϯ ς φ Ϩ δ ε τ Ϧ ʹ ϩ ά Π ϯ λ ά ໊ Λ औ ಘ ί ϯ ς φ Λ build & push bicep ϑ Π ϧ Λ Artifact ʹ Ξ ϓ ϩ υ bicep ϑ Π ϧ Λ Artifact ͔ Β μ ϯ ϩ υ λ ά ໊ ͔ Β Ϧ Ϗ δ ϯ ໊ Λ ࡞ Azure ϩ ά Π ϯ ࣮ ߦ த ͷ Ϧ Ϗ δ ϯ Λ औ ಘ ৽ ͠ ͍ Ϧ Ϗ δ ϯ Λ σ ϓ ϩ Π (traf c: 0%) Azure ϩ ά Π ϯ ৽ چ ͷ Ϧ Ϗ δ ϯ ͷ traf c Λ ೖ ସ ͑ Azure ϩ ά Π ϯ چ Ϧ Ϗ δ ϯ Λ আ Build Deploy Flip Deactivate ঝೝ ঝೝ
$*ͷϫʔΫϑϩʔ ϦϏδϣϯΛར༻ͨ͠#(σϓϩΠϝϯτ
$*ͷϫʔΫϑϩʔ ϦϏδϣϯΛར༻ͨ͠#(σϓϩΠϝϯτ
$*ͷϫʔΫϑϩʔ ()"+PC࣮ߦʹঝೝΛڬΉ
$*ͷϫʔΫϑϩʔ ϦϏδϣϯΛར༻ͨ͠#(σϓϩΠϝϯτ
$%ͷϫʔΫϑϩʔͷൈਮ - name: Deploy to containerapp uses: azure/CLI@v1 with: inlineScript:
| az extension add --upgrade --name containerapp az config set bicep.use_binary_from_path=False az bicep install az deployment group create \ -f ./deploy.bicep \ -g ${{ env.RESOURCE_GROUP_NAME }} \ --name "${{ env.APP_NAME }}-${{ env.REVISION_SUFFIX }}" \ --parameters \ acrUserName=${{ secrets.AZURE_CONTAINER_REGISTRY_USERNAME }} \ acrSecret=${{ secrets.AZURE_CONTAINER_REGISTRY_PASSWORD }} \ tagName="${{ env.TAG }}" \ revisionSuffix=${{ env.REVISION_SUFFIX }} \ oldRevisionSuffix=${{ env.PREVIOUS_REVISION_NAME }} - name: Flip revisions uses: azure/CLI@v1 with: inlineScript: | az extension add --upgrade --name containerapp az containerapp ingress traffic set \ -g ${{ env.RESOURCE_GROUP_NAME }} \ -n ${{ env.APP_NAME }} \ --revision-weight \ ${{ env.APP_NAME }}--${{ needs.deploy.outputs.revision_suffix }}=100 \ ${{ env.APP_NAME }}--${{ needs.deploy.outputs.previous_revision_suffix }}=0 - name: Deactivate previous revision uses: azure/CLI@v1 with: inlineScript: | az extension add --upgrade --name containerapp az containerapp revision deactivate \ -g ${{ env.RESOURCE_GROUP_NAME }} \ -n ${{ env.APP_NAME }} \ --revision \ ${{ env.APP_NAME }}--${{ needs.deploy.outputs.previous_revision_suffix }} Deploy Flip Deactivate
·ͱΊ • Container Appsͱ͍ͯ͢αʔϏε • Webαʔό͚ͩͰͳ͘ɺQueueϫʔΧʔCron Jobͷ࣮ߦՄೳ • ༷ʑͳεέʔϧϧʔϧͰॊೈʹautoscaleՄೳ •
BicepΛར༻͢Δ͜ͱͰൺֱత؆୯ʹIaCΛ࣮ݱͰ͖Δ • what-ifͰࠩΛ֬ೝͭͭ͠ίʔυϨϏϡʔ • Github ActionsʹదٓঝೝΛڬΉ͜ͱͰݖݶΛͯ҆͠શʹࣗಈԽ
͓͠·͍ IUUQTHJUIVCDPNLB[DPOUBJOFSBQQTFYBNQMF