Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Azure Container Apps + Bicep 〜 こんな感じで運用しています
Search
Kaz Watanabe
April 20, 2024
Technology
3
1.1k
Azure Container Apps + Bicep 〜 こんな感じで運用しています
Bicepを利用してAzure Container Appsの環境構築、運用保守、自動デプロイなどをどのように実現しているかを解説します
Kaz Watanabe
April 20, 2024
Tweet
Share
More Decks by Kaz Watanabe
See All by Kaz Watanabe
CI/CD/IaC 久々に0から環境を作ったらこうなりました
kaz29
1
340
開発エンジニアが実践するDevSecOps
kaz29
0
100
PHPCon福岡2024-Azureもなかなかいいですよ.pdf
kaz29
2
220
20220908_フロントエンドパフォーマンス改善.pdf
kaz29
2
160
PHP製のPodCast配信用WebアプリをReact+Next.jsなSSGで作り直してみた話
kaz29
3
650
バックエンドエンジニアの私がお勧めする SPAフロントエンド開発環境
kaz29
6
6.1k
201909-PHPCon北海道-PHPでCI_CD.pdf
kaz29
0
3.8k
2019/02/27 PHP勉強会 #135 PHPでCI・CD
kaz29
0
340
PHPでもserverless framework!?
kaz29
2
3.3k
Other Decks in Technology
See All in Technology
20250728 MCP, A2A and Multi-Agents in the future
yoshidashingo
1
190
地域コミュニティへの「感謝」と「恩返し」 / 20250726jawsug-tochigi
kasacchiful
0
120
【Λ(らむだ)】最近のアプデ情報 / RPALT20250729
lambda
0
210
Microsoft Learn MCP/Fabric データエージェント/Fabric MCP/Copilot Studio-簡単・便利なAIエージェント作ってみた -"Building Simple and Powerful AI Agents with Microsoft Learn MCP, Fabric Data Agent, Fabric MCP, and Copilot Studio"-
reireireijinjin6
1
210
dipにおけるSRE変革の軌跡
dip_tech
PRO
0
110
From Live Coding to Vibe Coding with Firebase Studio
firebasethailand
1
400
AI時代の経営、Bet AI Vision #BetAIDay
layerx
PRO
1
1.3k
Gemini in Android Studio - Google I/O Bangkok '25
akexorcist
0
160
データエンジニアがクラシルでやりたいことの現在地
gappy50
3
810
「育てる」サーバーレス 〜チーム開発研修で学んだ、小さく始めて大きく拡張するAWS設計〜
yu_kod
1
230
相互運用可能な学修歴クレデンシャルに向けた標準技術と国際動向
fujie
0
170
AI によるドキュメント処理を加速するためのOCR 結果の永続化と再利用戦略
tomoaki25
0
310
Featured
See All Featured
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
45
7.5k
Building Flexible Design Systems
yeseniaperezcruz
328
39k
StorybookのUI Testing Handbookを読んだ
zakiyama
30
6k
GraphQLとの向き合い方2022年版
quramy
49
14k
VelocityConf: Rendering Performance Case Studies
addyosmani
332
24k
Measuring & Analyzing Core Web Vitals
bluesmoon
7
530
GitHub's CSS Performance
jonrohan
1031
460k
Code Review Best Practice
trishagee
69
19k
jQuery: Nuts, Bolts and Bling
dougneiner
63
7.8k
The Cult of Friendly URLs
andyhume
79
6.5k
Six Lessons from altMBA
skipperchong
28
3.9k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
Transcript
Azure Container Apps + Bicep ͜Μͳײ͡Ͱӡ༻͍ͯ͠·͢ 2024/04/20 Global Azure 2024
JCOMגࣜձࣾ Θͨͳ(@kaz_29)
WHO? ลҰ (Θͨͳ ͔ͣͻΖ) @kaz_29 JCOMגࣜձࣾ
Agenda •Azure Container Apps •Bicep •Infrastructure as Code(IaC) •Continuous Delivery(CD)
Container Apps
Azure Container Apps ֓ཁ • ϑϧϚωʔδυk8sϕʔεͷΞϓϦέʔγϣϯϓϥοτϑΥʔϜ • KEDAΛར༻ͨ͠ಈతεέʔϦϯά HTTP /
TCP / Azure Storage Queue / Azure Service Bus / Azure Event Hubs etc… • ϓϥϯ • Consumption Plan(ফඅ) • Dedicated(ઐ༻) • ैྔ՝ۚϫʔΫϩʔυϓϩϑΝΠϧ • ઐ༻ϫʔΫϩʔυϓϩϑΝΠϧ
Azure Container Apps ར༻Մೳͳ CPU ͱϝϞϦ IUUQTMFBSONJDSPTPGUDPNKBKQB[VSFDPOUBJOFSBQQTDPOUBJOFST
Azure Container Apps ࣮ߦڥͷΠϝʔδ CONTAINER APP 1 CONTAINER(S) REPLICA REVISION
1 CONTAINER(S) REPLICA REVISION 2 CONTAINER APP 2 CONTAINER(S) REPLICA REVISION 1 CONTAINER(S) REPLICA REVISION 2 CONTAINER APPS ENVIRONMENT
Bicep
Bicep ֓ཁ • AzureϦιʔεΛσϓϩΠ༻ͷDSL • ߏจ͕؆ܿ • શͯͷϦιʔεɾόʔδϣϯΛαϙʔτ ϓϨϏϡʔ൛ͷαʔϏεͰαϙʔτ͞Ε͍ͯΔ(ͱࢥ͏) •
VSCodeͷBicep֦ு IntelliSenceߏจݕূͳͲͰޮతʹฤूͰ͖Δ IUUQTMFBSONJDSPTPGUDPNKBKQB[VSFB[VSFSFTPVSDFNBOBHFSCJDFQPWFSWJFX UBCTCJDFQ
Bicep αϯϓϧ IUUQTMFBSONJDSPTPGUDPNKBKQB[VSFB[VSFSFTPVSDFNBOBHFSCJDFQPWFSWJFX UBCTCJDFQ param location string = resourceGroup().location param
acrName string param acrSku string param encription string resource acrResource 'Microsoft.ContainerRegistry/registries@2023-01-01-preview' = { name: acrName location: location sku: { name: acrSku } properties: { adminUserEnabled: true encryption: { status: encription } dataEndpointEnabled: false } } output loginServer string = acrResource.properties.loginServer CJDFQBDSCJDFQ
Bicep αϯϓϧ IUUQTMFBSONJDSPTPGUDPNKBKQB[VSFB[VSFSFTPVSDFNBOBHFSCJDFQPWFSWJFX UBCTCJDFQ param location string = resourceGroup().location param
acrName string = 'exampleacr' param acrSku string = 'Standard' param encription string = 'disabled' module acr 'acr.bicep' = { name: 'example-acr' params: { location: location acrName: acrName acrSku: acrSku encription: encription } } $ az deployment group create \ -f ./bicep/acr-test.bicep \ -g $RESOURCE_GROUP_NAME CJDFQBDSUFTUCJDFQ
Infrastructure as Code(IaC)
BicepͰContainer AppsڥΛߏங
BicepͰContainer AppsڥΛߏங ैྔ՝ۚϫʔΫϩʔυϓϩϑΝΠϧ resource environment 'Microsoft.App/managedEnvironments@2023-05-01' = { name: environmentName
location: location properties: { appLogsConfiguration: { destination: 'log-analytics' logAnalyticsConfiguration: { customerId: logAnalyticsWorkspace.properties.customerId sharedKey: logAnalyticsWorkspace.listKeys().primarySharedKey } } daprAIInstrumentationKey: appInsights.properties.InstrumentationKey zoneRedundant: false workloadProfiles: [{ name: 'Consumption' workloadProfileType: 'Consumption' }] } }
BicepͰContainer AppsڥΛߏங ઐ༻ϫʔΫϩʔυϓϩϑΝΠϧ resource environment 'Microsoft.App/managedEnvironments@2023-05-01' = { name: environmentName
location: location properties: { appLogsConfiguration: { destination: 'log-analytics' logAnalyticsConfiguration: { customerId: logAnalyticsWorkspace.properties.customerId sharedKey: logAnalyticsWorkspace.listKeys().primarySharedKey } } daprAIInstrumentationKey: appInsights.properties.InstrumentationKey zoneRedundant: true workloadProfiles: [{ name: 'myworkload' maximumCount: 10 minimumCount: 3 workloadProfileType: 'D4' }] } }
(JUIVC"DUJPOTͰͷϑϩʔΠϝʔδ OPS୲ Bicep Github 3. PR࡞ Diff 1. ίʔυ࡞ɾมߋ 2.
Push 4. work fl ow࣮ߦ 5. ࠩΛऔಘ 6. ࠩΛPRίϝϯτʹߘ 8. ϓϩϏδϣχϯά༻ͷtagΛଧͭ Provision 9. work fl ow࣮ߦ OPSऀ 7. Review Deployment protection Required reviewers 10. ঝೝͪ 11. Approve 12. มߋΛө
ࠩऔಘϫʔΫϑϩʔ ί υ ͷ ν Ϋ Ξ τ "[VSF
ϩ ά Π ϯ #JDFQ ϑ Π ϧ ͷ จ ๏ ν Ϋ B[EFQMPZNFOUHSPVQXIBUJG Ͱ ࠩ औ ಘ 13 ί ϝ ϯ τ Λ ߘ
#JDFQσϓϩΠͷ8IBU*Gૢ࡞ ʙ Bicep ϑΝΠϧΛσϓϩΠ͢ΔલʹɺߦΘΕΔมߋΛϓϨϏϡʔͰ͖·͢ɻ Azure Resource Manager ͷ What-if ૢ࡞Λ͏ͱɺBicep
ϑΝΠϧΛσϓϩΠͨ͠߹ʹϦ ιʔε͕ͲͷΑ͏ʹมߋ͞ΕΔ͔Λ֬ೝͰ͖·͢ɻ what-if ૢ࡞ͰɺطଘͷϦιʔε ʹର͍͔ͯ͠ͳΔมߋߦΘΕ·ͤΜɻ ΘΓʹɺࢦఆͨ͠ Bicep ϑΝΠϧ͕σϓϩ Π͞Εͨ߹ͷมߋ͕༧ଌ͞Ε·͢ɻ what-if ૢ࡞ Azure PowerShellɺAzure CLIɺ·ͨ REST API ૢ࡞Ͱ༻Ͱ͖·͢ɻ What-if ɺϦιʔε άϧʔϓɺαϒεΫϦϓγϣϯɺཧάϧʔϓɺςφϯτ Ϩϕϧ ͷσϓϩΠͰαϙʔτ͞Ε͍ͯ·͢ɻʙ IUUQTMFBSONJDSPTPGUDPNKBKQB[VSFB[VSFSFTPVSDFNBOBHFSCJDFQEFQMPZXIBUJGΑΓҾ༻
#JDFQσϓϩΠͷ8IBU*Gૢ࡞
ࠩऔಘϫʔΫϑϩʔ name: Diff resources on: pull_request: types: [opened, synchronize, reopened]
branches: - master env: RESOURCE_GROUP_NAME: container-apps-example-rg permissions: id-token: write contents: read pull-requests: write jobs: diff: name: Diff resources environment: name: diff runs-on: ubuntu-latest steps: - name: checkout uses: actions/checkout@v3 - name: Azure Login uses: azure/login@v1 with: client-id: ${{ secrets.AZURE_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - name: Lint bicep file uses: azure/CLI@v1 with: inlineScript: | az config set bicep.use_binary_from_path=False az bicep install az bicep lint -f ./bicep/container-apps-env.bicep - name: Diff Container Apps Env settings uses: azure/CLI@v1 with: inlineScript: | az config set bicep.use_binary_from_path=False az bicep install echo -e '## Container Apps Env\n<details><summary>Resource \ and property changes details</summary>\n\n```' >> diff.txt az deployment group what-if \ -f ./bicep/container-apps-env.bicep \ --name "container-apps-diff" \ -g ${{ env.RESOURCE_GROUP_NAME }} \ | tee -a diff.txt echo -e '```\n</details>\n\n' >> diff.txt - name: Post diff uses: marocchino/sticky-pull-request-comment@v1 with: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} header: header-of-comment path: ./diff.txt
Continuous Delivery(CD) ܧଓతσϦόϦʔ
BicepͰContainer AppΛσϓϩΠ
BicepͰContainer AppΛσϓϩΠ param environmentName string = 'example-container-apps-env' param containerAppName string
= 'example-app' param location string = resourceGroup().location param imageName string = 'example-app' param tagName string param acrUserName string @secure() param acrSecret string param revisionSuffix string param oldRevisionSuffix string param isExternalIngress bool = true @allowed([ 'multiple' 'single' ]) param revisionMode string = 'multiple' resource environment 'Microsoft.App/managedEnvironments@2022-03-01' existing = { name: environmentName } resource containerApp 'Microsoft.App/containerApps@2023-04-01-preview' = { name: containerAppName location: location properties: { workloadProfileName: 'Consumption' managedEnvironmentId: environment.id configuration: { activeRevisionsMode: revisionMode dapr:{ enabled:false } ingress: { external: isExternalIngress targetPort: 80 transport: 'auto' allowInsecure: false traffic: ((contains(revisionSuffix, oldRevisionSuffix)) ? [ { weight: 100 latestRevision: true } ] : [ { weight: 0 latestRevision: true } { weight: 100 revisionName: '${containerAppName}--${oldRevisionSuffix}' } ]) } ಈతͳ ()"Ͱ͢ ॳճσϓϩΠ࣌༻
BicepͰContainer AppΛσϓϩΠ secrets: [ { name: 'acr-secret' value: acrSecret }
] registries: [ { server: '${acrUserName}.azurecr.io' username: acrUserName passwordSecretRef: 'acr-secret' } ] } template: { revisionSuffix: revisionSuffix containers: [ { image: '${acrUserName}.azurecr.io/${imageName}:${tagName}' name: containerAppName resources: { cpu: any('0.5') memory: '1Gi' } } ] scale: { minReplicas: 0 maxReplicas: 5 rules: [ { name: 'http-scaling-rule' http: { metadata: { concurrentRequests: '60' } } } ] } } } } output fqdn string = containerApp.properties.configuration.ingress.fqdn ίϯςφͷઃఆ εέʔϦϯάϧʔϧ
Azure Container Apps(࠶ܝ) ࣮ߦڥͷΠϝʔδ CONTAINER APP 1 CONTAINER(S) REPLICA REVISION
1 CONTAINER(S) REPLICA REVISION 2 CONTAINER APP 2 CONTAINER(S) REPLICA REVISION 1 CONTAINER(S) REPLICA REVISION 2 CONTAINER APPS ENVIRONMENT
#JDFQͰ$POUBJOFS"QQΛσϓϩΠ ϦϏδϣϯΛͲ͏ࢦఆ͢Δ͔ʁ w ҙͷจࣈྻΛࢦఆՄೳ w Ͳͷίʔυ͔Λ༰қʹࣝผ͍ͨ͠ w ϦϙδτϦͷUBHΛྲྀ༻͢Δ w ϦϏδϣϯʹ
υοτ ͑ͳ͍ w ҎԼͷΑ͏ʹมͯ͠ར༻ v1.0.0 => v100
(JUIVC"DUJPOTͰͷϑϩʔΠϝʔδ ϦϏδϣϯΛར༻ͨ͠#(σϓϩΠϝϯτ ։ൃ୲ Github 3. PR࡞ ςετͳͲΛ࣮ߦ 1. ίʔυ࡞ɾมߋ 2.
Push 4. work fl ow࣮ߦ 6. σϒϩΠ༻ͷtagΛଧͭ Deploy to Green 7. work fl ow࣮ߦ OPS୲ऀ 5. Review 9. ঝೝͪ 8. σϓϩΠ ։ൃνʔϜ 10. FlipΛঝೝ Build& Push Flip 11. ঝೝͪ Deactivate 12. DeactivateΛঝೝ
$*ͷϫʔΫϑϩʔ ϦϏδϣϯΛར༻ͨ͠#(σϓϩΠϝϯτ ί υ ͷ ν Ϋ Ξ τ
ί ϯ ς φ Ϩ δ ε τ Ϧ ʹ ϩ ά Π ϯ λ ά ໊ Λ औ ಘ ί ϯ ς φ Λ build & push bicep ϑ Π ϧ Λ Artifact ʹ Ξ ϓ ϩ υ bicep ϑ Π ϧ Λ Artifact ͔ Β μ ϯ ϩ υ λ ά ໊ ͔ Β Ϧ Ϗ δ ϯ ໊ Λ ࡞ Azure ϩ ά Π ϯ ࣮ ߦ த ͷ Ϧ Ϗ δ ϯ Λ औ ಘ ৽ ͠ ͍ Ϧ Ϗ δ ϯ Λ σ ϓ ϩ Π (traf c: 0%) Azure ϩ ά Π ϯ ৽ چ ͷ Ϧ Ϗ δ ϯ ͷ traf c Λ ೖ ସ ͑ Azure ϩ ά Π ϯ چ Ϧ Ϗ δ ϯ Λ আ Build Deploy Flip Deactivate ঝೝ ঝೝ
$*ͷϫʔΫϑϩʔ ϦϏδϣϯΛར༻ͨ͠#(σϓϩΠϝϯτ
$*ͷϫʔΫϑϩʔ ϦϏδϣϯΛར༻ͨ͠#(σϓϩΠϝϯτ
$*ͷϫʔΫϑϩʔ ()"+PC࣮ߦʹঝೝΛڬΉ
$*ͷϫʔΫϑϩʔ ϦϏδϣϯΛར༻ͨ͠#(σϓϩΠϝϯτ
$%ͷϫʔΫϑϩʔͷൈਮ - name: Deploy to containerapp uses: azure/CLI@v1 with: inlineScript:
| az extension add --upgrade --name containerapp az config set bicep.use_binary_from_path=False az bicep install az deployment group create \ -f ./deploy.bicep \ -g ${{ env.RESOURCE_GROUP_NAME }} \ --name "${{ env.APP_NAME }}-${{ env.REVISION_SUFFIX }}" \ --parameters \ acrUserName=${{ secrets.AZURE_CONTAINER_REGISTRY_USERNAME }} \ acrSecret=${{ secrets.AZURE_CONTAINER_REGISTRY_PASSWORD }} \ tagName="${{ env.TAG }}" \ revisionSuffix=${{ env.REVISION_SUFFIX }} \ oldRevisionSuffix=${{ env.PREVIOUS_REVISION_NAME }} - name: Flip revisions uses: azure/CLI@v1 with: inlineScript: | az extension add --upgrade --name containerapp az containerapp ingress traffic set \ -g ${{ env.RESOURCE_GROUP_NAME }} \ -n ${{ env.APP_NAME }} \ --revision-weight \ ${{ env.APP_NAME }}--${{ needs.deploy.outputs.revision_suffix }}=100 \ ${{ env.APP_NAME }}--${{ needs.deploy.outputs.previous_revision_suffix }}=0 - name: Deactivate previous revision uses: azure/CLI@v1 with: inlineScript: | az extension add --upgrade --name containerapp az containerapp revision deactivate \ -g ${{ env.RESOURCE_GROUP_NAME }} \ -n ${{ env.APP_NAME }} \ --revision \ ${{ env.APP_NAME }}--${{ needs.deploy.outputs.previous_revision_suffix }} Deploy Flip Deactivate
·ͱΊ • Container Appsͱ͍ͯ͢αʔϏε • Webαʔό͚ͩͰͳ͘ɺQueueϫʔΧʔCron Jobͷ࣮ߦՄೳ • ༷ʑͳεέʔϧϧʔϧͰॊೈʹautoscaleՄೳ •
BicepΛར༻͢Δ͜ͱͰൺֱత؆୯ʹIaCΛ࣮ݱͰ͖Δ • what-ifͰࠩΛ֬ೝͭͭ͠ίʔυϨϏϡʔ • Github ActionsʹదٓঝೝΛڬΉ͜ͱͰݖݶΛͯ҆͠શʹࣗಈԽ
͓͠·͍ IUUQTHJUIVCDPNLB[DPOUBJOFSBQQTFYBNQMF