Instead of using App Services, I recommend ACS (Kubernetes).
For monitoring:
(New Relic does not support dotnet core for the forseeable future)
-
Sign up for Azure
-
Install Azure CLI (OSX Instructions - manual)
https://docs.microsoft.com/en-us/cli/azure/install-azure-cli
pip install azure-cli
Add
az.completion.sh
to~/.bash_profile
:grep az.completion ~/.bash_profile > source /usr/local/bin/az.completion.sh
-
Enable your device to use your cloud account:
az login To sign in, use a web browser to open the page https://aka.ms/devicelogin and enter the code ****** to authenticate... # once window is closed: [ { "cloudName": "AzureCloud", "id": "****", "isDefault": true, "state": "Enabled", "tenantId": "****", "user": { "name": "me@outlook.com", "type": "user" } } ]
See also az command reference
-
Set default region and other options
az configure az account list-locations | jq '.[].name' az configure --defaults location=southeastasia
See also: list of resource group locations
-
Get Kubernetes client
kubectl
:az acs kubernetes install-cli
-
Create Kubernetes cluster (list of resource group locations)
az group create --name acs az acs create -g acs -n kubernetes-service --dns-prefix=sample \ --orchestrator-type kubernetes \ --ssh-key-value ~/.ssh/id_test.pub \ --agent-count 1 \ --agent-vm-size Standard_DS1_v2
Depending on location and DNS prefix, returned masterprofile will be
sample.southeastasia.cloudapp.azure.com
Defaults:
--dns-prefix
: The concatenation of the domain name and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If not set and cluster name contains underscore, errorInvalidDomainNameLabel
is raised.--agent-vm-size
: set toStandard_DS1_v2
on Free Trial (default=Standard_D2_v2
) - see types--master-count
:1
--agent-count
: set to1
While on Free Trial (default =3
)--ssh-key-value
: default is~/.ssh/id_rsa.pub
, another option is to use--generate-ssh-keys
to automatically generate a new key.
az acs
Docs (with k8s as the orchestrator) -
Get
kubectl
credentials (this will add cluster definition if~/.kube/config
already exists):az acs kubernetes get-credentials --ssh-key-file ~/.ssh/id_rsa --resource-group=acs --name=kubernetes-service
Troubleshoot with:
az acs list -o table
in case your private key is not
id_rsa
, you need to pass in the--ssh-key-file
parameter.Get FQDN of master
az acs show --name kubernetes-service --resource-group acs --query "masterProfile.fqdn" -o tsv
-
launch the dashboard:
Using az tool
az acs kubernetes browse --resource-group acs --name kubernetes-service
Using just kubectl:
kubectl proxy -p 8002 open http://localhost:8002/ui
-
Download, Extract and Init Helm (OSX)
mkdir -p ~/bin/{helm,draft} curl -Lo ~/helm.tar.gz https://kubernetes-helm.storage.googleapis.com/helm-v2.5.0-darwin-amd64.tar.gz tar -zxvf ~/helm.tar.gz mv ~/darwin-amd64/helm ~/bin/helm/helm-v2.5.0 rm -rf ~/darwin-amd64/ ln -s ~/bin/helm/helm-v2.5.0 /usr/local/bin/helm helm init
-
Download and Extract Draft (OSX)
mkdir -p ~/bin/{helm,draft} curl -Lo ~/draft.tar.gz https://azuredraft.blob.core.windows.net/draft/draft-canary-darwin-amd64.tar.gz tar -zxvf ~/draft.tar.gz mv ~/darwin-amd64/draft ~/bin/draft/draft-canary rm -rf ~/darwin-amd64/ ln -s ~/bin/draft/draft-canary /usr/local/bin/draft # don't run draft init yet, set up registry first!
-
Create Azure Container Registry
az acr check-name --name sample az acr create --resource-group acs --name sample --sku Basic --admin-enabled true az acr list --resource-group acs --query "[].{acrName:name,acrLoginServer:loginServer}" -o table az acr credential show --name <acrName> --query passwords[0].value -o tsv
-
Use Docker with ACR
docker login sample.azurecr.io --username sample docker pull nginx:1.10-alpine docker tag nginx:1.10-alpine sample.azurecr.io/nginx:1.10-alpine docker push sample.azurecr.io/nginx:1.10-alpine az acr repository list --name sample -o table az acr repository show-tags --name sample --repository alpine -o table
-
Init Draft
draft init - sample.azurecr.io - sample - password - sample.southeastasia.cloudapp.azure.com
Note, you can retrieve docker credentials from existing docker config with following snippets:
read DOCKER_USERNAME DOCKER_PASSWORD <<<$( \ jq -r '.auths["sample.azurecr.io"].auth' ~/.docker/config.json \ | base64 -D | tr ":" " ")
if your config is using
osxkeychain
, then you verify you havewhich docker-credential-osxkeychain
.In this case, use this command:
read DOCKER_USERNAME DOCKER_PASSWORD <<<$( \ docker-credential-osxkeychain get <<<"sample.azurecr.io" \ | jq -r '"\(.Username) \(.Secret)"')
-
Init an Ingress controller (nginx or traefik)
helm install stable/nginx-ingress
wait for the LoadBalancer to provision and confirm default 404 backend works
kubectl get svc
Note IP and use below...
curl -H "Host: sample.southeastasia.cloudapp.azure.com" 52.187.59.77
-
Optional - Install vscode and Configure Docker / Kubernetes and Helm extensions use
CMD+,
to edit settings and point to sample.azurecr.io
- Do need CI/CD - https://www.visualstudio.com/en-us/docs/overview
- ACS CI/CD but using Kubernetes as an orchestrator
- Get Started with Kubernetes
to use draft with minikube set up dnsmasq on OSX:
10.0.0.0/24
subnet of minikube overlaps with VPN subnets to add fixed routings... need to figure out a way to change pod / svc network...Was having an issue setting up dnsmasq while also allowing OpenVPN to push DNS server for internal domain when on VPN