Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Azure Container Apps + Bicep 〜 こんな感じで運用しています
Search
Kaz Watanabe
April 20, 2024
Technology
3
870
Azure Container Apps + Bicep 〜 こんな感じで運用しています
Bicepを利用してAzure Container Appsの環境構築、運用保守、自動デプロイなどをどのように実現しているかを解説します
Kaz Watanabe
April 20, 2024
Tweet
Share
More Decks by Kaz Watanabe
See All by Kaz Watanabe
PHPCon福岡2024-Azureもなかなかいいですよ.pdf
kaz29
2
110
20220908_フロントエンドパフォーマンス改善.pdf
kaz29
2
130
PHP製のPodCast配信用WebアプリをReact+Next.jsなSSGで作り直してみた話
kaz29
3
580
バックエンドエンジニアの私がお勧めする SPAフロントエンド開発環境
kaz29
6
6k
201909-PHPCon北海道-PHPでCI_CD.pdf
kaz29
0
3.5k
2019/02/27 PHP勉強会 #135 PHPでCI・CD
kaz29
0
310
PHPでもserverless framework!?
kaz29
2
3.3k
PHPでもサーバーレスしたい
kaz29
6
1.9k
ちいさな会社でのAnsible活用事例
kaz29
0
820
Other Decks in Technology
See All in Technology
AWS CDKでデータリストアの運用、どのように設計する?~Aurora・EFSの実践事例を紹介~/aws-cdk-data-restore-aurora-efs
mhrtech
4
850
プロダクトエンジニアが活躍する環境を作りたくて 事業責任者になった話 ~プロダクトエンジニアの行き着く先~
gimupop
1
600
End of Barrel Files: New Modularization Techniques with Sheriff
rainerhahnekamp
0
270
AI長期記憶システム構築のための LLMマルチエージェントの取り組み / Awarefy-LLM-Multi-Agent
iktakahiro
2
280
プロポーザルのつくり方 〜個人技編〜 / How to come up with proposals
ohbarye
4
300
Deno+JSRでパッケージを作って公開する
askua
0
100
オーティファイ会社紹介資料 / Autify Company Deck
autifyhq
9
120k
ドメイン名の終活について - JPAAWG 7th -
mikit
16
8.5k
SREの前に
nwiizo
11
2.5k
2024年グライダー曲技世界選手権参加報告/2024 WGAC report
jscseminar
0
140
Intuneお役立ちツールのご紹介
sukank
3
700
社内で最大の技術的負債のリファクタリングに取り組んだお話し
kidooonn
0
300
Featured
See All Featured
10 Git Anti Patterns You Should be Aware of
lemiorhan
654
59k
Imperfection Machines: The Place of Print at Facebook
scottboms
264
13k
How STYLIGHT went responsive
nonsquared
95
5.2k
What's in a price? How to price your products and services
michaelherold
243
12k
For a Future-Friendly Web
brad_frost
175
9.4k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
27
4.2k
Product Roadmaps are Hard
iamctodd
PRO
49
11k
Become a Pro
speakerdeck
PRO
25
5k
The Cost Of JavaScript in 2023
addyosmani
45
6.6k
Documentation Writing (for coders)
carmenintech
65
4.4k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
246
1.3M
Transcript
Azure Container Apps + Bicep ͜Μͳײ͡Ͱӡ༻͍ͯ͠·͢ 2024/04/20 Global Azure 2024
JCOMגࣜձࣾ Θͨͳ(@kaz_29)
WHO? ลҰ (Θͨͳ ͔ͣͻΖ) @kaz_29 JCOMגࣜձࣾ
Agenda •Azure Container Apps •Bicep •Infrastructure as Code(IaC) •Continuous Delivery(CD)
Container Apps
Azure Container Apps ֓ཁ • ϑϧϚωʔδυk8sϕʔεͷΞϓϦέʔγϣϯϓϥοτϑΥʔϜ • KEDAΛར༻ͨ͠ಈతεέʔϦϯά HTTP /
TCP / Azure Storage Queue / Azure Service Bus / Azure Event Hubs etc… • ϓϥϯ • Consumption Plan(ফඅ) • Dedicated(ઐ༻) • ैྔ՝ۚϫʔΫϩʔυϓϩϑΝΠϧ • ઐ༻ϫʔΫϩʔυϓϩϑΝΠϧ
Azure Container Apps ར༻Մೳͳ CPU ͱϝϞϦ IUUQTMFBSONJDSPTPGUDPNKBKQB[VSFDPOUBJOFSBQQTDPOUBJOFST
Azure Container Apps ࣮ߦڥͷΠϝʔδ CONTAINER APP 1 CONTAINER(S) REPLICA REVISION
1 CONTAINER(S) REPLICA REVISION 2 CONTAINER APP 2 CONTAINER(S) REPLICA REVISION 1 CONTAINER(S) REPLICA REVISION 2 CONTAINER APPS ENVIRONMENT
Bicep
Bicep ֓ཁ • AzureϦιʔεΛσϓϩΠ༻ͷDSL • ߏจ͕؆ܿ • શͯͷϦιʔεɾόʔδϣϯΛαϙʔτ ϓϨϏϡʔ൛ͷαʔϏεͰαϙʔτ͞Ε͍ͯΔ(ͱࢥ͏) •
VSCodeͷBicep֦ு IntelliSenceߏจݕূͳͲͰޮతʹฤूͰ͖Δ IUUQTMFBSONJDSPTPGUDPNKBKQB[VSFB[VSFSFTPVSDFNBOBHFSCJDFQPWFSWJFX UBCTCJDFQ
Bicep αϯϓϧ IUUQTMFBSONJDSPTPGUDPNKBKQB[VSFB[VSFSFTPVSDFNBOBHFSCJDFQPWFSWJFX UBCTCJDFQ param location string = resourceGroup().location param
acrName string param acrSku string param encription string resource acrResource 'Microsoft.ContainerRegistry/registries@2023-01-01-preview' = { name: acrName location: location sku: { name: acrSku } properties: { adminUserEnabled: true encryption: { status: encription } dataEndpointEnabled: false } } output loginServer string = acrResource.properties.loginServer CJDFQBDSCJDFQ
Bicep αϯϓϧ IUUQTMFBSONJDSPTPGUDPNKBKQB[VSFB[VSFSFTPVSDFNBOBHFSCJDFQPWFSWJFX UBCTCJDFQ param location string = resourceGroup().location param
acrName string = 'exampleacr' param acrSku string = 'Standard' param encription string = 'disabled' module acr 'acr.bicep' = { name: 'example-acr' params: { location: location acrName: acrName acrSku: acrSku encription: encription } } $ az deployment group create \ -f ./bicep/acr-test.bicep \ -g $RESOURCE_GROUP_NAME CJDFQBDSUFTUCJDFQ
Infrastructure as Code(IaC)
BicepͰContainer AppsڥΛߏங
BicepͰContainer AppsڥΛߏங ैྔ՝ۚϫʔΫϩʔυϓϩϑΝΠϧ resource environment 'Microsoft.App/managedEnvironments@2023-05-01' = { name: environmentName
location: location properties: { appLogsConfiguration: { destination: 'log-analytics' logAnalyticsConfiguration: { customerId: logAnalyticsWorkspace.properties.customerId sharedKey: logAnalyticsWorkspace.listKeys().primarySharedKey } } daprAIInstrumentationKey: appInsights.properties.InstrumentationKey zoneRedundant: false workloadProfiles: [{ name: 'Consumption' workloadProfileType: 'Consumption' }] } }
BicepͰContainer AppsڥΛߏங ઐ༻ϫʔΫϩʔυϓϩϑΝΠϧ resource environment 'Microsoft.App/managedEnvironments@2023-05-01' = { name: environmentName
location: location properties: { appLogsConfiguration: { destination: 'log-analytics' logAnalyticsConfiguration: { customerId: logAnalyticsWorkspace.properties.customerId sharedKey: logAnalyticsWorkspace.listKeys().primarySharedKey } } daprAIInstrumentationKey: appInsights.properties.InstrumentationKey zoneRedundant: true workloadProfiles: [{ name: 'myworkload' maximumCount: 10 minimumCount: 3 workloadProfileType: 'D4' }] } }
(JUIVC"DUJPOTͰͷϑϩʔΠϝʔδ OPS୲ Bicep Github 3. PR࡞ Diff 1. ίʔυ࡞ɾมߋ 2.
Push 4. work fl ow࣮ߦ 5. ࠩΛऔಘ 6. ࠩΛPRίϝϯτʹߘ 8. ϓϩϏδϣχϯά༻ͷtagΛଧͭ Provision 9. work fl ow࣮ߦ OPSऀ 7. Review Deployment protection Required reviewers 10. ঝೝͪ 11. Approve 12. มߋΛө
ࠩऔಘϫʔΫϑϩʔ ί υ ͷ ν Ϋ Ξ τ "[VSF
ϩ ά Π ϯ #JDFQ ϑ Π ϧ ͷ จ ๏ ν Ϋ B[EFQMPZNFOUHSPVQXIBUJG Ͱ ࠩ औ ಘ 13 ί ϝ ϯ τ Λ ߘ
#JDFQσϓϩΠͷ8IBU*Gૢ࡞ ʙ Bicep ϑΝΠϧΛσϓϩΠ͢ΔલʹɺߦΘΕΔมߋΛϓϨϏϡʔͰ͖·͢ɻ Azure Resource Manager ͷ What-if ૢ࡞Λ͏ͱɺBicep
ϑΝΠϧΛσϓϩΠͨ͠߹ʹϦ ιʔε͕ͲͷΑ͏ʹมߋ͞ΕΔ͔Λ֬ೝͰ͖·͢ɻ what-if ૢ࡞ͰɺطଘͷϦιʔε ʹର͍͔ͯ͠ͳΔมߋߦΘΕ·ͤΜɻ ΘΓʹɺࢦఆͨ͠ Bicep ϑΝΠϧ͕σϓϩ Π͞Εͨ߹ͷมߋ͕༧ଌ͞Ε·͢ɻ what-if ૢ࡞ Azure PowerShellɺAzure CLIɺ·ͨ REST API ૢ࡞Ͱ༻Ͱ͖·͢ɻ What-if ɺϦιʔε άϧʔϓɺαϒεΫϦϓγϣϯɺཧάϧʔϓɺςφϯτ Ϩϕϧ ͷσϓϩΠͰαϙʔτ͞Ε͍ͯ·͢ɻʙ IUUQTMFBSONJDSPTPGUDPNKBKQB[VSFB[VSFSFTPVSDFNBOBHFSCJDFQEFQMPZXIBUJGΑΓҾ༻
#JDFQσϓϩΠͷ8IBU*Gૢ࡞
ࠩऔಘϫʔΫϑϩʔ name: Diff resources on: pull_request: types: [opened, synchronize, reopened]
branches: - master env: RESOURCE_GROUP_NAME: container-apps-example-rg permissions: id-token: write contents: read pull-requests: write jobs: diff: name: Diff resources environment: name: diff runs-on: ubuntu-latest steps: - name: checkout uses: actions/checkout@v3 - name: Azure Login uses: azure/login@v1 with: client-id: ${{ secrets.AZURE_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - name: Lint bicep file uses: azure/CLI@v1 with: inlineScript: | az config set bicep.use_binary_from_path=False az bicep install az bicep lint -f ./bicep/container-apps-env.bicep - name: Diff Container Apps Env settings uses: azure/CLI@v1 with: inlineScript: | az config set bicep.use_binary_from_path=False az bicep install echo -e '## Container Apps Env\n<details><summary>Resource \ and property changes details</summary>\n\n```' >> diff.txt az deployment group what-if \ -f ./bicep/container-apps-env.bicep \ --name "container-apps-diff" \ -g ${{ env.RESOURCE_GROUP_NAME }} \ | tee -a diff.txt echo -e '```\n</details>\n\n' >> diff.txt - name: Post diff uses: marocchino/sticky-pull-request-comment@v1 with: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} header: header-of-comment path: ./diff.txt
Continuous Delivery(CD) ܧଓతσϦόϦʔ
BicepͰContainer AppΛσϓϩΠ
BicepͰContainer AppΛσϓϩΠ param environmentName string = 'example-container-apps-env' param containerAppName string
= 'example-app' param location string = resourceGroup().location param imageName string = 'example-app' param tagName string param acrUserName string @secure() param acrSecret string param revisionSuffix string param oldRevisionSuffix string param isExternalIngress bool = true @allowed([ 'multiple' 'single' ]) param revisionMode string = 'multiple' resource environment 'Microsoft.App/managedEnvironments@2022-03-01' existing = { name: environmentName } resource containerApp 'Microsoft.App/containerApps@2023-04-01-preview' = { name: containerAppName location: location properties: { workloadProfileName: 'Consumption' managedEnvironmentId: environment.id configuration: { activeRevisionsMode: revisionMode dapr:{ enabled:false } ingress: { external: isExternalIngress targetPort: 80 transport: 'auto' allowInsecure: false traffic: ((contains(revisionSuffix, oldRevisionSuffix)) ? [ { weight: 100 latestRevision: true } ] : [ { weight: 0 latestRevision: true } { weight: 100 revisionName: '${containerAppName}--${oldRevisionSuffix}' } ]) } ಈతͳ ()"Ͱ͢ ॳճσϓϩΠ࣌༻
BicepͰContainer AppΛσϓϩΠ secrets: [ { name: 'acr-secret' value: acrSecret }
] registries: [ { server: '${acrUserName}.azurecr.io' username: acrUserName passwordSecretRef: 'acr-secret' } ] } template: { revisionSuffix: revisionSuffix containers: [ { image: '${acrUserName}.azurecr.io/${imageName}:${tagName}' name: containerAppName resources: { cpu: any('0.5') memory: '1Gi' } } ] scale: { minReplicas: 0 maxReplicas: 5 rules: [ { name: 'http-scaling-rule' http: { metadata: { concurrentRequests: '60' } } } ] } } } } output fqdn string = containerApp.properties.configuration.ingress.fqdn ίϯςφͷઃఆ εέʔϦϯάϧʔϧ
Azure Container Apps(࠶ܝ) ࣮ߦڥͷΠϝʔδ CONTAINER APP 1 CONTAINER(S) REPLICA REVISION
1 CONTAINER(S) REPLICA REVISION 2 CONTAINER APP 2 CONTAINER(S) REPLICA REVISION 1 CONTAINER(S) REPLICA REVISION 2 CONTAINER APPS ENVIRONMENT
#JDFQͰ$POUBJOFS"QQΛσϓϩΠ ϦϏδϣϯΛͲ͏ࢦఆ͢Δ͔ʁ w ҙͷจࣈྻΛࢦఆՄೳ w Ͳͷίʔυ͔Λ༰қʹࣝผ͍ͨ͠ w ϦϙδτϦͷUBHΛྲྀ༻͢Δ w ϦϏδϣϯʹ
υοτ ͑ͳ͍ w ҎԼͷΑ͏ʹมͯ͠ར༻ v1.0.0 => v100
(JUIVC"DUJPOTͰͷϑϩʔΠϝʔδ ϦϏδϣϯΛར༻ͨ͠#(σϓϩΠϝϯτ ։ൃ୲ Github 3. PR࡞ ςετͳͲΛ࣮ߦ 1. ίʔυ࡞ɾมߋ 2.
Push 4. work fl ow࣮ߦ 6. σϒϩΠ༻ͷtagΛଧͭ Deploy to Green 7. work fl ow࣮ߦ OPS୲ऀ 5. Review 9. ঝೝͪ 8. σϓϩΠ ։ൃνʔϜ 10. FlipΛঝೝ Build& Push Flip 11. ঝೝͪ Deactivate 12. DeactivateΛঝೝ
$*ͷϫʔΫϑϩʔ ϦϏδϣϯΛར༻ͨ͠#(σϓϩΠϝϯτ ί υ ͷ ν Ϋ Ξ τ
ί ϯ ς φ Ϩ δ ε τ Ϧ ʹ ϩ ά Π ϯ λ ά ໊ Λ औ ಘ ί ϯ ς φ Λ build & push bicep ϑ Π ϧ Λ Artifact ʹ Ξ ϓ ϩ υ bicep ϑ Π ϧ Λ Artifact ͔ Β μ ϯ ϩ υ λ ά ໊ ͔ Β Ϧ Ϗ δ ϯ ໊ Λ ࡞ Azure ϩ ά Π ϯ ࣮ ߦ த ͷ Ϧ Ϗ δ ϯ Λ औ ಘ ৽ ͠ ͍ Ϧ Ϗ δ ϯ Λ σ ϓ ϩ Π (traf c: 0%) Azure ϩ ά Π ϯ ৽ چ ͷ Ϧ Ϗ δ ϯ ͷ traf c Λ ೖ ସ ͑ Azure ϩ ά Π ϯ چ Ϧ Ϗ δ ϯ Λ আ Build Deploy Flip Deactivate ঝೝ ঝೝ
$*ͷϫʔΫϑϩʔ ϦϏδϣϯΛར༻ͨ͠#(σϓϩΠϝϯτ
$*ͷϫʔΫϑϩʔ ϦϏδϣϯΛར༻ͨ͠#(σϓϩΠϝϯτ
$*ͷϫʔΫϑϩʔ ()"+PC࣮ߦʹঝೝΛڬΉ
$*ͷϫʔΫϑϩʔ ϦϏδϣϯΛར༻ͨ͠#(σϓϩΠϝϯτ
$%ͷϫʔΫϑϩʔͷൈਮ - name: Deploy to containerapp uses: azure/CLI@v1 with: inlineScript:
| az extension add --upgrade --name containerapp az config set bicep.use_binary_from_path=False az bicep install az deployment group create \ -f ./deploy.bicep \ -g ${{ env.RESOURCE_GROUP_NAME }} \ --name "${{ env.APP_NAME }}-${{ env.REVISION_SUFFIX }}" \ --parameters \ acrUserName=${{ secrets.AZURE_CONTAINER_REGISTRY_USERNAME }} \ acrSecret=${{ secrets.AZURE_CONTAINER_REGISTRY_PASSWORD }} \ tagName="${{ env.TAG }}" \ revisionSuffix=${{ env.REVISION_SUFFIX }} \ oldRevisionSuffix=${{ env.PREVIOUS_REVISION_NAME }} - name: Flip revisions uses: azure/CLI@v1 with: inlineScript: | az extension add --upgrade --name containerapp az containerapp ingress traffic set \ -g ${{ env.RESOURCE_GROUP_NAME }} \ -n ${{ env.APP_NAME }} \ --revision-weight \ ${{ env.APP_NAME }}--${{ needs.deploy.outputs.revision_suffix }}=100 \ ${{ env.APP_NAME }}--${{ needs.deploy.outputs.previous_revision_suffix }}=0 - name: Deactivate previous revision uses: azure/CLI@v1 with: inlineScript: | az extension add --upgrade --name containerapp az containerapp revision deactivate \ -g ${{ env.RESOURCE_GROUP_NAME }} \ -n ${{ env.APP_NAME }} \ --revision \ ${{ env.APP_NAME }}--${{ needs.deploy.outputs.previous_revision_suffix }} Deploy Flip Deactivate
·ͱΊ • Container Appsͱ͍ͯ͢αʔϏε • Webαʔό͚ͩͰͳ͘ɺQueueϫʔΧʔCron Jobͷ࣮ߦՄೳ • ༷ʑͳεέʔϧϧʔϧͰॊೈʹautoscaleՄೳ •
BicepΛར༻͢Δ͜ͱͰൺֱత؆୯ʹIaCΛ࣮ݱͰ͖Δ • what-ifͰࠩΛ֬ೝͭͭ͠ίʔυϨϏϡʔ • Github ActionsʹదٓঝೝΛڬΉ͜ͱͰݖݶΛͯ҆͠શʹࣗಈԽ
͓͠·͍ IUUQTHJUIVCDPNLB[DPOUBJOFSBQQTFYBNQMF