Is it possible to host/deploy HashiCorp Vault on MS Azure App Services so that I can create, read, update and delete Vault secrets from my apps deployed on Azure App Services?
I can't find any documentation. I only know that I can host it on Windows virtual machine on-prem.
That's seems doable. I could think of a few options (#1 is specifically for AppServices as you have asked)
HashiCorpVault -> Docker -> App Service: I'm assuming you are familiar with Docker which is required for this step. You can create a container locally and deploy on AppService.
To do this, create a docker file and as a part of the build use brew to download Vault.
You will need to create your dockerfile in multi-steps to have Node and brew installed first.
Once that's done, the next step in build process is to get HashiCorp vault via brew https://www.vaultproject.io/downloads.
Alternatively, you could download the packages on your machine using brew, and then package your container.
You can run your container locally, make any configuration changes you prefer and create image once you are ready.
Once you have your image on your preferred repository, you could follow the Microsoft guide to deploy: https://learn.microsoft.com/en-us/learn/modules/deploy-run-container-app-service/
HashiCorp Integration with Azure: It can be integrated with Azure https://www.hashicorp.com/integrations/microsoft and ready to be used at scale.
I think a better option would be to run Vault in an Azure Container Instance. You can find the official vault container here: https://github.com/hashicorp/docker-vault
The App Service platform execution environment differs from a local execution environment mainly due to multi-tenancy — because a single physical machine in the data center can be concurrently executing apps and services belonging to a large number of differing customers, resources are more constrained than in the case of an app running on a single machine. The sandbox mechanism mitigates the risk of service disruption due to resource contention and depletion in two ways: it (1) ensures that each app receives a minimum guarantee of resources and quality-of-service, and conversely (2) enforces limits so that an app can not disrupt other concurrently-executing apps on the same machine.
More Details on Azure App Service Sandbox: https://github.com/projectkudu/kudu/wiki/Azure-Web-App-sandbox
Related
At the company that i work, they deploy applications to azure using Azure App Services.
This involves creating the App service manually, and setting up the pipelines manually.
My question is if there is another way to host and run applications in Azure without using App Services?
The reason for this is that i don't like the manually work when setting up a app service and all it's configuration.
Any suggestions?
What you actually need is setting up CI/CD pipelines for your application to create resource(AppService in this case) and deploy on them.
If you are new to Azure Devops, i would highly recommend to explore Devops starter service to deploy your application with few clicks and see how it creates resources and pipelines automatically
On the 2nd question, there are many compute options available on Azure such as Virtual Machines , AKS (Containers Orchestration) , Container instances etc.
You can explore those compute options using the decision tree here
There is a Cloud Service in Azure classic deployment model. In the Cloud Service you can add web role and set up a startup tasks. If your application has any dependencies that require installation on the destination VM or controll over IIS-related settings, you can use a startup tasks to provide an unattended deployment for this configuration. For example, if you need installed software on the backend side, you can run MSI in startup task to install it.
Unfortunately, I can't find this functionality in new Azure Resource Manager model. My Web App need some installed software on backend side, but I can't figure out how to install it. Could you help me with this?
You can't. Web App (or App Service) doesn't give you control over the underlying OS. You should consider containerizing your app and run it through using e. g. ACI or AKS.
A Cloud Service was nothing more than a VM with extended support in Visual Studio. Cloud Services are deprecated but you can still create a VM in Azure and install your dependencies.
I have some experience in using azure app services without docker. I did worked on k8 with docker. Now I am seeing an option to deploy containers in azure app services. As per my understanding app services internally use container and orchestration engine. Now someone can explain why this new docker option in azure app services? How it is going to help? When to use this option? Why I should bundle it as docker(extra effort eventhough it trivial)?
Azure App Service on Linux (Web App with built-in images)
The built-in image option running on Linux is an extension of a current Azure App Service offering, catering to developers who want to use FTP or GIT, deploy .NET Core, Node, PHP or Ruby applications to Azure App Service running on Linux
All of the built-in Docker images are open sourced on GitHub and available on DockerHub
Now someone can explain why this new docker option in the azure app
services?
Web App for Containers is catered more towards developers who want to have more control over, not just the code, but also the different packages, runtime framework, tooling etc. that are installed on their containers.
Customers of this offering prefer to package their code and dependencies into containers using various CI/CD systems like Jenkins, Maven, Travis CI or VSTS, alongside setting up continuous deployment webhooks with App Service.
This way you can easily deploy and run containerized applications that scale with your business.
How it is going to help?
This will make sure that the environment that you use locally, is
exactly the same as the one in the cloud.
Just pull container images from Docker Hub or a private Azure
Container Registry and Web App for Containers will deploy the containerized app with your preferred dependencies to production in seconds.
Automate and simplify your container image deployments through
continuous integration/continuous deployment (CI/CD) capabilities
with Docker Hub, Azure Container Registry, and Visual Studio Team
Services
Automatically scale vertically and horizontally based on application
needs. Granular scaling rules are available to handle peaks in
workload automatically while minimizing costs during off-peak times
When to use this option?
If you are so passionate/familiar with Docker/container then you can
use the Azure App service with the container.
If you are planning to host all your container in ACS(Azure Container
Service)/GitHub Repository then this service might be useful
You can refer to this blog for more details
I have deployed a Web API written with .net Core to a local dev Azure Service Fabric cluster on my machine. I have plenty of disk space, memory, etc, and the app gets deployed there. However, success is intermittent. Sometimes it doesn't deploy to all the nodes, and now I have it deployed to all the nodes, but within the Azure Service Fabric Manager page, I see each application in each node has an Error status with the message: "The ServiceType was not registered within the configured timeout." I don't THINK I should have to remove and redeploy everything. Is there some way I can force it to 're-register' the installed service type? Microsoft docs are really really thin on troubleshooting these clusters.
Is there some way I can force it to 're-register' the installed service type?
On your local machine you can set the deployment to always remove the application when you're done debugging. However, if it's not completing in the first place I'm not sure if this workflow would still work.
Since we're on the topic, in the cloud I think you'd just have to use the Powershell scripts to first compare the existing app types and version and remove them before "updating". Since the orchestration of this is complicated I like to use tools to manage it.
In VSTS for instance there is an overwrite SameAppTypeAndVersion option.
And finally, if you're just tired of using the Service Fabric UI to remove the Application over and over while you troubleshoot it might be faster to use the icon in the system tray to reset the cluster to a fresh state.
I got a cloud service (worker role) which I want to deploy to a beta and a production environment.
It seems a waste to have to create three projects (one with the actual implementation and two for deployment).
Is it possible to create two deployment profiles which links to different Azure destinations but uses the same worker role project?
This is very simple to do. Just build your Azure package without deploying, and keep your dev/beta/prod settings in the Service Configuration, not embedded anywhere like web.config/app.config. Then store both the deployment package and configuration in blob storage (speeding up deployment). You'll want multiple configuration files: one for each environment, each stored separately in blob storage.
Once this is done, you can just deploy the package to multiple cloud services, each with a different configuration file. This can be done either through the portal or through PowerShell / CLI.
If you've been deploying directly from Visual Studio, it might not seem quite as obvious. But from VS, you can build a package without actually deploying.