$30 off During Our Annual Pro Sale. View Details »

Azure App configuration

Azure App configuration

Use App Configuration to store all the settings for your application and secure their accesses in one place.

Centralize management and distribution of hierarchical configuration data for different environments and geographies
Dynamically change application settings without the need to redeploy or restart an application

At the core its a key-value store
Supports history
Great fit for Event-driven microservices architecture
Control feature availability in real-time
Cloud Native Implementation of the “External configuration store” pattern
https://www.meetup.com/Stockholm-Azure-Meetup/events/265524268/

Muhammad Sajid

November 06, 2019
Tweet

More Decks by Muhammad Sajid

Other Decks in Programming

Transcript

  1. #StockholmAzure
    Meetup Sponsors

    View Slide

  2. Who am I ?
    • Lead Cloud Solutions Architect at PwC Sweden
    • Leading Cloud Center for Enablement and
    Cloud-native transformation initiative for the
    organization.
    • Architecture Council at PwC
    • Microsoft Azure Advisory group
    • Blogger https://www.msajid.cloud/
    • Speaker (Swetugg, APIDays, Azure meetup)
    • Badminton
    • Photography
    • Ping pong
    2
    https://www.linkedin.com/in/musa/
    https://twitter.com/sajid_nazeer

    View Slide

  3. Azure App
    Configuration and
    Feature management
    Presentation by Muhammad Sajid
    November 2019

    View Slide

  4. 1. What is Azure App Configuration and why should you care
    2. Using App Configuration in .NET Core, ASP.NET Core and Azure Functions
    3. Integration with Azure Key Vault and Event Grid
    4. High Availability -> replication and failover using import/export feature
    5. Using App Configuration in Azure DevOps
    6. ETA and Pricing
    7. Feature management
    8. Key Takeaways
    4

    View Slide

  5. What is Azure App
    Configuration
    1

    View Slide

  6. What is Azure App Configuration
    https://docs.microsoft.com/en-us/azure/azure-app-configuration/overview
    6
    • Centralize management and distribution of hierarchical
    configuration data
    • At the core its a key-value store
    • Great fit for Event-driven microservices architecture
    • Control feature availability in real-time
    • Cloud Native Implementation of the “External
    configuration store” pattern

    View Slide

  7. Why should we care
    • Cloud Native applications are
    mostly polyglot Microservices (with
    different programming languages,
    technology stacks etc) but every
    Micoservice needs some kind of
    configuration
    • According to 12 factor App, It is
    recommended to separate
    Configuration from the Code
    https://12factor.net/config
    https://content.pivotal.io/blog/beyond-the-twelve-factor-app
    7
    App Configuration supports:
    • Namespaces
    • Labeling
    • Extensive queries
    • Batch retrieval
    • History
    • feature-management
    • Event-driven Architecture
    Author: Kevin Hoffman
    https://learning.oreilly.com/library/view/beyond-th
    e-twelve-factor/9781492042631/
    Author: multiple authors
    https://www.amazon.in/Cloud-Native-Transforma
    tion-Pini-Reznik/dp/1492048909

    View Slide

  8. Configuration information out of the application
    deployment package to a centralized location.
    This pattern is useful for:
    • Shared configuration between multiple
    applications or multiple instances of the same
    application.
    • A standard Key-Value configuration system
    • Simplify administration and monitoring of
    configuration settings
    External Configuration Store
    https://docs.microsoft.com/en-us/azure/architecture/patterns/external-configuration-store
    8

    View Slide

  9. 9
    Search App Configuration in Azure Portal and
    Create
    Creating the resource

    View Slide

  10. 10
    Name should be globally unique
    Choose subscription, resource group and
    location

    View Slide

  11. 11
    Endpoint to use
    Configuration and feature
    management Import/export configuration

    View Slide

  12. 12
    Use read-only keys

    View Slide

  13. 13
    https://docs.microsoft.com/en-us/azure/azure-app-configuration/cli-samples

    View Slide

  14. 14
    Resource type
    Microsoft.AppConfiguration/configurationStores
    Api Version
    2019-02-01-preview

    View Slide

  15. Using Azure App
    Configuration in
    .NET Core, ASP.NET
    Core and Azure
    Functions
    2

    View Slide

  16. 16
    .NET Core
    Add nuget package Microsoft.Extensions.Configuration.AzureAppConfiguration

    View Slide

  17. 17
    ManagedIdentity or Connect with
    Connection string
    Key to watch and if changed refresh
    everything

    View Slide

  18. 18
    KeyVault client using ManagedIdentity for
    fetching secrets using Configuration provider
    Configuration and KeyVault
    client Glue
    Namespace/prefix to watch
    Trigger refresh only when
    sentinel is changed to
    avoid splicing

    View Slide

  19. 19
    Role of a Sentinel
    • Sentinel is just another key-value item in the
    App Configuration
    • It is used as a signal for configuration
    provider client that one or more properties
    have changed
    • Sentinel or any other configuration item will
    only be checked for changes if cache has
    expired. Cache expiry is 30 seconds by
    default

    View Slide

  20. 20
    Use Managed Identity
    Same identity will work with fetching Key Vault Secret
    ASP.NET Core

    View Slide

  21. 21
    Middleware responsible for refreshing the configuration
    based on activity

    View Slide

  22. How does configuration Refresh works at runtime?
    22
    Timer-based watch (Old design)
    • Configuration was kept in sync with
    Azure App Configuration using a
    watch mechanism which ran on a
    timer.
    Flaws
    • On-demand invocation not possible.
    • Background activity even in the
    dormant application instances.
    • Polling
    Activity-based watch (New design)
    • Uses a middleware to determine
    activity
    • Works only in ASP.NET (middleware
    dependency)
    https://devblogs.microsoft.com/aspnet/redesigning-configuration-refresh-for-azure-app-configuration/?WT.mc_id=cloudnative-ch9-shboyer

    View Slide

  23. Activity based refresh
    23

    View Slide

  24. 24
    Azure Functions
    Use Azure functions Dependency injection to configure
    Azure App Configuration

    View Slide

  25. 25
    Inject Settings using IOptionsSnapshot

    View Slide

  26. 26
    Create a separate refresh function to refresh
    configuration.
    Refresh will only happen when Cache has expired

    View Slide

  27. Integration with Azure
    Key Vault and Event
    Grid
    3

    View Slide

  28. Azure Key Vault Integration
    28
    https://github.com/Azure/AppConfiguration-Announcements/issues/1#issue-504279728
    October 8, 2019
    Lisa Guthrie
    Senior Program
    Manager

    View Slide

  29. Azure Key Vault Integration
    29
    https://github.com/Azure/AppConfiguration-Announcements/issues/1#issue-504279728
    • App Configuration and Key Vault are complementary services
    • App Configuration allows you to create Keys that reference
    value of Key Vault secrets
    • App Configuration stores the Uri or the secret not the Value
    • Client providers detect the key as a Key Vault secret and use
    Key Vault client to retrieve the actual value of the secret
    • App Configuration and Key Vault does not communicate to
    each other automatically
    Lisa Guthrie
    Senior Program Manager

    View Slide

  30. 30
    App Configuration provider uses KeyVault client under the hood
    to fetch the value for a secret.
    Refresh works for both App Configuration Items and Key Vault
    Secret
    Use App Service token provider to get token for Accessing Key
    Vault

    View Slide

  31. 31
    App Configuration provider will not know
    if you delete a secret from Key Vault until
    you restart. For running instances it will
    not crash or reload other configuration
    items.

    View Slide

  32. 32
    How to handle transient errors?
    https://docs.microsoft.com/en-us/azure/architecture/best-practices/transient-faults
    • Due to the distributed nature of the cloud, transient
    faults are very common
    • Handling transient errors is very important for the
    building resilience applications
    • Use Polly to add retry policy while refreshing

    View Slide

  33. 33
    Polly integration for Transient errors using custom refresh
    middleware
    Add Polly nuget package

    View Slide

  34. 34
    Program.cs
    Configure App Configuration as usual

    View Slide

  35. 35
    Startup.cs
    User custom middleware with Retry logic

    View Slide

  36. 36

    View Slide

  37. 37
    • Storing data in a different store and
    passing a reference to the original
    data along. The receiver is
    responsible for retrieving original
    data from the store (in this case
    from Key Vault).
    • The pattern can also be used if the
    payload should be accessed only
    by services that are authorized to
    see it. (Skinny payload)
    Claim check?
    Also known as Reference-Based Messaging
    https://www.enterpriseintegrationpatterns.com/patter
    ns/messaging/StoreInLibrary.html
    https://docs.microsoft.com/en-us/azure/architecture/
    patterns/claim-check
    Reference:
    {"uri":"https://abc1234keyvault.va
    ult.azure.net/secrets/testsecret"}
    Content Type:
    application/vnd.microsoft.appcon
    fig.keyvaultref+json;charset=utf-8

    View Slide

  38. Event Grid Integration
    38

    View Slide

  39. 39

    View Slide

  40. 40

    View Slide

  41. High availability
    4

    View Slide

  42. Import/Export
    42

    View Slide

  43. 43
    Event-driven Sync
    • Use Event-Grid to receive changes and replicate
    configuration items to secondary store
    • Use special Sync sentinel if you want to control
    sync
    • Use App Configuration SDK to replicate
    configuration items using C#

    View Slide

  44. Configure Event-Grid for Receiving Sync Sentinel signal
    44

    View Slide

  45. Configure Event-Grid for Receiving Sync Sentinel signal
    45
    Apply a filter to receive events only when
    Sync Sentinel is changed.
    Filter on subject suffix match
    You can specify empty labels as %00
    Api-version is always included

    View Slide

  46. Receive Events in a Bus, Storage or directly to an Azure
    Function
    46
    User App Configuration SDK to manage key-value
    pairs and you can use ConfigurationClient to
    replicate primary store to secondary store

    View Slide

  47. 47
    Replicator function takes primary and secondary connection.
    Replicate only when you receive “Sync Sentinel” trigger via Event Grid
    string primaryConnection = "Endpoint=https://abc1234configstore.azconfig.io;Id=XXXX;Secret=YYYYYYY";
    var primary = new ConfigurationClient(primaryConnection);

    View Slide

  48. 48

    View Slide

  49. Azure DevOps
    Integration
    5

    View Slide

  50. Install App Configuration Task
    50

    View Slide

  51. 51

    View Slide

  52. 52

    View Slide

  53. ETA and Pricing
    6

    View Slide

  54. GA and Pricing
    Azure App Configuration Service is planned to be Generally available in January 2020
    54
    October 26, 2019
    Lisa Guthrie
    Senior Program
    Manager

    View Slide

  55. PwC 55
    Free Standard
    Stores 1 / subscription Unlimited
    Keys 1000 or 1MB / store 20000 or 1GB / store
    History 7 days 30 days
    Requests / day 1000 Unlimited
    SLA N/A 99.9%
    Cost Free
    US$1.20/day + any
    additional changes at
    US$0.06/10000 requests
    ETA and Pricing
    Azure App Configuration Service is planned to be Generally available in January 2020

    View Slide

  56. 7Feature management

    View Slide

  57. 57

    View Slide

  58. 58

    View Slide

  59. 59

    View Slide

  60. 60

    View Slide

  61. 8Key takeaways

    View Slide

  62. • Group keys using Prefixes and Labels
    • Design hierarchical namespaces
    • Always set a Content-Type
    • Use Sentinel to avoid splicing
    62

    View Slide

  63. 63
    Jimmy Campbell
    • Use Labels as an extra dimension for organizing/grouping settings

    View Slide

  64. • Create separate stores if you want to separately control the permissions
    • If permission is not a concern then use one multi-tenant store

    View Slide

  65. • Another reason to have multiple stores would be for disaster recovery
    https://docs.microsoft.com/en-us/azure/azure-app-configuration/concept-disaster-recovery

    View Slide

  66. • Beware of the key storage and request limitations per store
    • Beware of limitations of creating multiple stores per subscription
    66

    View Slide

  67. • It is ok to store a secret in App Configuration but use Key Vault which is
    designed for this use case.
    67

    View Slide

  68. • Beware of the configuration stacking
    68

    View Slide

  69. • If an environment does not have possibility to fetch configuration at runtime
    (possibly due to a firewall) then inject the configuration using Azure DevOps
    69

    View Slide

  70. • Listen to configuration changes using Azure Event Grid and react accordingly
    • Use managed identity for authentication
    70

    View Slide

  71. • Sync configuration to multiple stores for high availability and disaster recovery
    • If you have a Key Vault referenced key you must add permission to Key Vault for
    both stores
    • Use Sync Sentinel
    71

    View Slide

  72. 72
    Questions

    View Slide

  73. PwC
    Presentation Title [View > Master and edit/delete on very top slide master] Date [View > Master and edit/delete on very top slide master]
    73
    References:
    Icons @SandroPereira -> repo, blog | @Azurekid -> repo | @BenCodeGeek -> project | @David Summers -> repo
    Documentation https://docs.microsoft.com/en-us/azure/azure-app-configuration/
    Feedback page https://feedback.azure.com/forums/920545-azure-app-configuration
    GitHub https://github.com/Azure/AppConfiguration/
    Slack https://aka.ms/azconfig/slack
    Announcements https://github.com/Azure/AppConfiguration-Announcements
    CloudNativeShow episode https://www.youtube.com/watch?v=DJqmA5PcfzE
    DOTNETConf https://www.youtube.com/watch?v=zRstfC3Nn7M
    Thank you
    https://www.linkedin.com/in/musa/
    https://twitter.com/sajid_nazeer

    View Slide