Slide 1

Slide 1 text

#StockholmAzure Meetup Sponsors

Slide 2

Slide 2 text

Who am I ? • Lead Cloud Solutions Architect at PwC Sweden • Leading Cloud Center for Enablement and Cloud-native transformation initiative for the organization. • Architecture Council at PwC • Microsoft Azure Advisory group • Blogger https://www.msajid.cloud/ • Speaker (Swetugg, APIDays, Azure meetup) • Badminton • Photography • Ping pong 2 https://www.linkedin.com/in/musa/ https://twitter.com/sajid_nazeer

Slide 3

Slide 3 text

Azure App Configuration and Feature management Presentation by Muhammad Sajid November 2019

Slide 4

Slide 4 text

1. What is Azure App Configuration and why should you care 2. Using App Configuration in .NET Core, ASP.NET Core and Azure Functions 3. Integration with Azure Key Vault and Event Grid 4. High Availability -> replication and failover using import/export feature 5. Using App Configuration in Azure DevOps 6. ETA and Pricing 7. Feature management 8. Key Takeaways 4

Slide 5

Slide 5 text

What is Azure App Configuration 1

Slide 6

Slide 6 text

What is Azure App Configuration https://docs.microsoft.com/en-us/azure/azure-app-configuration/overview 6 • Centralize management and distribution of hierarchical configuration data • At the core its a key-value store • Great fit for Event-driven microservices architecture • Control feature availability in real-time • Cloud Native Implementation of the “External configuration store” pattern

Slide 7

Slide 7 text

Why should we care • Cloud Native applications are mostly polyglot Microservices (with different programming languages, technology stacks etc) but every Micoservice needs some kind of configuration • According to 12 factor App, It is recommended to separate Configuration from the Code https://12factor.net/config https://content.pivotal.io/blog/beyond-the-twelve-factor-app 7 App Configuration supports: • Namespaces • Labeling • Extensive queries • Batch retrieval • History • feature-management • Event-driven Architecture Author: Kevin Hoffman https://learning.oreilly.com/library/view/beyond-th e-twelve-factor/9781492042631/ Author: multiple authors https://www.amazon.in/Cloud-Native-Transforma tion-Pini-Reznik/dp/1492048909

Slide 8

Slide 8 text

Configuration information out of the application deployment package to a centralized location. This pattern is useful for: • Shared configuration between multiple applications or multiple instances of the same application. • A standard Key-Value configuration system • Simplify administration and monitoring of configuration settings External Configuration Store https://docs.microsoft.com/en-us/azure/architecture/patterns/external-configuration-store 8

Slide 9

Slide 9 text

9 Search App Configuration in Azure Portal and Create Creating the resource

Slide 10

Slide 10 text

10 Name should be globally unique Choose subscription, resource group and location

Slide 11

Slide 11 text

11 Endpoint to use Configuration and feature management Import/export configuration

Slide 12

Slide 12 text

12 Use read-only keys

Slide 13

Slide 13 text

13 https://docs.microsoft.com/en-us/azure/azure-app-configuration/cli-samples

Slide 14

Slide 14 text

14 Resource type Microsoft.AppConfiguration/configurationStores Api Version 2019-02-01-preview

Slide 15

Slide 15 text

Using Azure App Configuration in .NET Core, ASP.NET Core and Azure Functions 2

Slide 16

Slide 16 text

16 .NET Core Add nuget package Microsoft.Extensions.Configuration.AzureAppConfiguration

Slide 17

Slide 17 text

17 ManagedIdentity or Connect with Connection string Key to watch and if changed refresh everything

Slide 18

Slide 18 text

18 KeyVault client using ManagedIdentity for fetching secrets using Configuration provider Configuration and KeyVault client Glue Namespace/prefix to watch Trigger refresh only when sentinel is changed to avoid splicing

Slide 19

Slide 19 text

19 Role of a Sentinel • Sentinel is just another key-value item in the App Configuration • It is used as a signal for configuration provider client that one or more properties have changed • Sentinel or any other configuration item will only be checked for changes if cache has expired. Cache expiry is 30 seconds by default

Slide 20

Slide 20 text

20 Use Managed Identity Same identity will work with fetching Key Vault Secret ASP.NET Core

Slide 21

Slide 21 text

21 Middleware responsible for refreshing the configuration based on activity

Slide 22

Slide 22 text

How does configuration Refresh works at runtime? 22 Timer-based watch (Old design) • Configuration was kept in sync with Azure App Configuration using a watch mechanism which ran on a timer. Flaws • On-demand invocation not possible. • Background activity even in the dormant application instances. • Polling Activity-based watch (New design) • Uses a middleware to determine activity • Works only in ASP.NET (middleware dependency) https://devblogs.microsoft.com/aspnet/redesigning-configuration-refresh-for-azure-app-configuration/?WT.mc_id=cloudnative-ch9-shboyer

Slide 23

Slide 23 text

Activity based refresh 23

Slide 24

Slide 24 text

24 Azure Functions Use Azure functions Dependency injection to configure Azure App Configuration

Slide 25

Slide 25 text

25 Inject Settings using IOptionsSnapshot

Slide 26

Slide 26 text

26 Create a separate refresh function to refresh configuration. Refresh will only happen when Cache has expired

Slide 27

Slide 27 text

Integration with Azure Key Vault and Event Grid 3

Slide 28

Slide 28 text

Azure Key Vault Integration 28 https://github.com/Azure/AppConfiguration-Announcements/issues/1#issue-504279728 October 8, 2019 Lisa Guthrie Senior Program Manager

Slide 29

Slide 29 text

Azure Key Vault Integration 29 https://github.com/Azure/AppConfiguration-Announcements/issues/1#issue-504279728 • App Configuration and Key Vault are complementary services • App Configuration allows you to create Keys that reference value of Key Vault secrets • App Configuration stores the Uri or the secret not the Value • Client providers detect the key as a Key Vault secret and use Key Vault client to retrieve the actual value of the secret • App Configuration and Key Vault does not communicate to each other automatically Lisa Guthrie Senior Program Manager

Slide 30

Slide 30 text

30 App Configuration provider uses KeyVault client under the hood to fetch the value for a secret. Refresh works for both App Configuration Items and Key Vault Secret Use App Service token provider to get token for Accessing Key Vault

Slide 31

Slide 31 text

31 App Configuration provider will not know if you delete a secret from Key Vault until you restart. For running instances it will not crash or reload other configuration items.

Slide 32

Slide 32 text

32 How to handle transient errors? https://docs.microsoft.com/en-us/azure/architecture/best-practices/transient-faults • Due to the distributed nature of the cloud, transient faults are very common • Handling transient errors is very important for the building resilience applications • Use Polly to add retry policy while refreshing

Slide 33

Slide 33 text

33 Polly integration for Transient errors using custom refresh middleware Add Polly nuget package

Slide 34

Slide 34 text

34 Program.cs Configure App Configuration as usual

Slide 35

Slide 35 text

35 Startup.cs User custom middleware with Retry logic

Slide 36

Slide 36 text

36

Slide 37

Slide 37 text

37 • Storing data in a different store and passing a reference to the original data along. The receiver is responsible for retrieving original data from the store (in this case from Key Vault). • The pattern can also be used if the payload should be accessed only by services that are authorized to see it. (Skinny payload) Claim check? Also known as Reference-Based Messaging https://www.enterpriseintegrationpatterns.com/patter ns/messaging/StoreInLibrary.html https://docs.microsoft.com/en-us/azure/architecture/ patterns/claim-check Reference: {"uri":"https://abc1234keyvault.va ult.azure.net/secrets/testsecret"} Content Type: application/vnd.microsoft.appcon fig.keyvaultref+json;charset=utf-8

Slide 38

Slide 38 text

Event Grid Integration 38

Slide 39

Slide 39 text

39

Slide 40

Slide 40 text

40

Slide 41

Slide 41 text

High availability 4

Slide 42

Slide 42 text

Import/Export 42

Slide 43

Slide 43 text

43 Event-driven Sync • Use Event-Grid to receive changes and replicate configuration items to secondary store • Use special Sync sentinel if you want to control sync • Use App Configuration SDK to replicate configuration items using C#

Slide 44

Slide 44 text

Configure Event-Grid for Receiving Sync Sentinel signal 44

Slide 45

Slide 45 text

Configure Event-Grid for Receiving Sync Sentinel signal 45 Apply a filter to receive events only when Sync Sentinel is changed. Filter on subject suffix match You can specify empty labels as %00 Api-version is always included

Slide 46

Slide 46 text

Receive Events in a Bus, Storage or directly to an Azure Function 46 User App Configuration SDK to manage key-value pairs and you can use ConfigurationClient to replicate primary store to secondary store

Slide 47

Slide 47 text

47 Replicator function takes primary and secondary connection. Replicate only when you receive “Sync Sentinel” trigger via Event Grid string primaryConnection = "Endpoint=https://abc1234configstore.azconfig.io;Id=XXXX;Secret=YYYYYYY"; var primary = new ConfigurationClient(primaryConnection);

Slide 48

Slide 48 text

48

Slide 49

Slide 49 text

Azure DevOps Integration 5

Slide 50

Slide 50 text

Install App Configuration Task 50

Slide 51

Slide 51 text

51

Slide 52

Slide 52 text

52

Slide 53

Slide 53 text

ETA and Pricing 6

Slide 54

Slide 54 text

GA and Pricing Azure App Configuration Service is planned to be Generally available in January 2020 54 October 26, 2019 Lisa Guthrie Senior Program Manager

Slide 55

Slide 55 text

PwC 55 Free Standard Stores 1 / subscription Unlimited Keys 1000 or 1MB / store 20000 or 1GB / store History 7 days 30 days Requests / day 1000 Unlimited SLA N/A 99.9% Cost Free US$1.20/day + any additional changes at US$0.06/10000 requests ETA and Pricing Azure App Configuration Service is planned to be Generally available in January 2020

Slide 56

Slide 56 text

7Feature management

Slide 57

Slide 57 text

57

Slide 58

Slide 58 text

58

Slide 59

Slide 59 text

59

Slide 60

Slide 60 text

60

Slide 61

Slide 61 text

8Key takeaways

Slide 62

Slide 62 text

• Group keys using Prefixes and Labels • Design hierarchical namespaces • Always set a Content-Type • Use Sentinel to avoid splicing 62

Slide 63

Slide 63 text

63 Jimmy Campbell • Use Labels as an extra dimension for organizing/grouping settings

Slide 64

Slide 64 text

• Create separate stores if you want to separately control the permissions • If permission is not a concern then use one multi-tenant store

Slide 65

Slide 65 text

• Another reason to have multiple stores would be for disaster recovery https://docs.microsoft.com/en-us/azure/azure-app-configuration/concept-disaster-recovery

Slide 66

Slide 66 text

• Beware of the key storage and request limitations per store • Beware of limitations of creating multiple stores per subscription 66

Slide 67

Slide 67 text

• It is ok to store a secret in App Configuration but use Key Vault which is designed for this use case. 67

Slide 68

Slide 68 text

• Beware of the configuration stacking 68

Slide 69

Slide 69 text

• If an environment does not have possibility to fetch configuration at runtime (possibly due to a firewall) then inject the configuration using Azure DevOps 69

Slide 70

Slide 70 text

• Listen to configuration changes using Azure Event Grid and react accordingly • Use managed identity for authentication 70

Slide 71

Slide 71 text

• Sync configuration to multiple stores for high availability and disaster recovery • If you have a Key Vault referenced key you must add permission to Key Vault for both stores • Use Sync Sentinel 71

Slide 72

Slide 72 text

72 Questions

Slide 73

Slide 73 text

PwC Presentation Title [View > Master and edit/delete on very top slide master] Date [View > Master and edit/delete on very top slide master] 73 References: Icons @SandroPereira -> repo, blog | @Azurekid -> repo | @BenCodeGeek -> project | @David Summers -> repo Documentation https://docs.microsoft.com/en-us/azure/azure-app-configuration/ Feedback page https://feedback.azure.com/forums/920545-azure-app-configuration GitHub https://github.com/Azure/AppConfiguration/ Slack https://aka.ms/azconfig/slack Announcements https://github.com/Azure/AppConfiguration-Announcements CloudNativeShow episode https://www.youtube.com/watch?v=DJqmA5PcfzE DOTNETConf https://www.youtube.com/watch?v=zRstfC3Nn7M Thank you https://www.linkedin.com/in/musa/ https://twitter.com/sajid_nazeer