Azure
/
dapr-java-workshop
зеркало из https://github.com/Azure/java-aks-aca-dapr-workshop.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Add more homogeinity in the documentation

This commit is contained in:
Pierre Malarme 2023-03-22 18:06:25 +01:00
Родитель dcaab2cba6
Коммит 6bb5daad30
20 изменённых файлов: 409 добавлений и 284 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

4
dapr/aca-azure-servicebus-pubsub.yaml
Просмотреть файл

@ -5,5 +5,5 @@ metadata:
- name: connectionString
value: "Endpoint=sb://{ServiceBusNamespace}.servicebus.windows.net/;SharedAccessKeyName={PolicyName};SharedAccessKey={Key};EntityPath={ServiceBus}"
scopes:
- trafficcontrolservice
- finecollectionservice
- traffic-control-service
- fine-collection-service

4
dapr/aca-redis-pubsub.yaml
Просмотреть файл

@ -9,5 +9,5 @@ metadata:
- name: enableTLS
value: "true"
scopes:
- trafficcontrolservice
- finecollectionservice
- traffic-control-service
- fine-collection-service

2
deploy/finecollectionservice-deployment.yaml
Просмотреть файл

@ -22,7 +22,7 @@ spec:
dapr.io/app-port: "6001"
spec:
containers:
- image: daprworkshopjava.azurecr.io/fine-collection-service:latest
- image: <REPLACE_WITH_CONTAINER_REGISTRY_NAME>.azurecr.io/fine-collection-service:latest
name: fine-collection-service
resources: {}
env:

2
deploy/simulation-deployment.yaml
Просмотреть файл

@ -18,7 +18,7 @@ spec:
app: simulation
spec:
containers:
- image: daprworkshopjava.azurecr.io/simulation:latest
- image: <REPLACE_WITH_CONTAINER_REGISTRY_NAME>.azurecr.io/simulation:latest
name: simulation
resources: {}
env:

2
deploy/trafficcontrolservice-deployment.yaml
Просмотреть файл

@ -22,7 +22,7 @@ spec:
dapr.io/app-port: "6000"
spec:
containers:
- image: daprworkshopjava.azurecr.io/traffic-control-service:latest
- image: <REPLACE_WITH_CONTAINER_REGISTRY_NAME>.azurecr.io/traffic-control-service:latest
name: traffic-control-service
resources: {}
status: {}

2
deploy/vehicleregistrationservice-deployment.yaml
Просмотреть файл

@ -22,7 +22,7 @@ spec:
# dapr.io/app-port: "6002"
spec:
containers:
- image: daprworkshopjava.azurecr.io/vehicle-registration-service:latest
- image: <REPLACE_WITH_CONTAINER_REGISTRY_NAME>.azurecr.io/vehicle-registration-service:latest
name: vehicle-registration-service
resources: {}
status: {}

6
docs/modules/00-intro/2-prerequisites.md
Просмотреть файл

@ -27,3 +27,9 @@ git clone https://github.com/Azure/dapr-java-workshop.git
```
**From now on, this folder is referred to as the 'source code' folder.**
{: .important-title }
> Powershell
>
> If you are using Powershell, you need to replace in multiline commands `\` by **`** at then end of each line.
>

31
docs/modules/03-assignment-3-azure-pub-sub/1-azure-service-bus.md
Просмотреть файл

@ -23,31 +23,52 @@ In the example, you will use Azure Service Bus as the message broker with the Da
1. Create a resource group
```bash
az group create --name dapr-workshop-java --location eastus
az group create --name rg-dapr-workshop-java --location eastus
```
A [resource group](https://learn.microsoft.com/azure/azure-resource-manager/management/manage-resource-groups-portal) is a container that holds related resources for an Azure solution. The resource group can include all the resources for the solution, or only those resources that you want to manage as a group. In our workshop, all the databases, all the microservices, etc. will be grouped into a single resource group.
1. [Azure Service Bus](https://learn.microsoft.com/en-us/azure/service-bus-messaging/) Namespace is a logical container for topics, queues, and subscriptions. This namespace needs to be globally unique. Use the following command to generate a unique name:
- Linux/Unix shell:
```bash
UNIQUE_IDENTIFIER=$(LC_ALL=C tr -dc a-z0-9 </dev/urandom | head -c 5)
SERVICE_BUS="sb-dapr-workshop-java-$UNIQUE_IDENTIFIER"
echo $SERVICE_BUS
```
- Powershell:
```powershell
$ACCEPTED_CHAR = [Char[]]'abcdefghijklmnopqrstuvwxyz0123456789'
$UNIQUE_IDENTIFIER = (Get-Random -Count 5 -InputObject $ACCEPTED_CHAR) -join ''
$SERVICE_BUS = "sb-dapr-workshop-java-$UNIQUE_IDENTIFIER"
$SERVICE_BUS
```
1. Create a Service Bus messaging namespace
```bash
az servicebus namespace create --resource-group dapr-workshop-java --name DaprWorkshopJavaNS --location eastus
az servicebus namespace create --resource-group rg-dapr-workshop-java --name $SERVICE_BUS --location eastus
```
1. Create a Service Bus topic
```bash
az servicebus topic create --resource-group dapr-workshop-java --namespace-name DaprWorkshopJavaNS --name test
az servicebus topic create --resource-group rg-dapr-workshop-java --namespace-name $SERVICE_BUS --name test
```
1. Create authorization rules for the Service Bus topic
```bash
az servicebus topic authorization-rule create --resource-group dapr-workshop-java --namespace-name DaprWorkshopJavaNS --topic-name test --name DaprWorkshopJavaAuthRule --rights Manage Send Listen
az servicebus topic authorization-rule create --resource-group rg-dapr-workshop-java --namespace-name $SERVICE_BUS --topic-name test --name DaprWorkshopJavaAuthRule --rights Manage Send Listen
```
1. Get the connection string for the Service Bus topic and copy it to the clipboard
```bash
az servicebus topic authorization-rule keys list --resource-group dapr-workshop-java --namespace-name DaprWorkshopJavaNS --topic-name test --name DaprWorkshopJavaAuthRule --query primaryConnectionString --output tsv
az servicebus topic authorization-rule keys list --resource-group rg-dapr-workshop-java --namespace-name $SERVICE_BUS --topic-name test --name DaprWorkshopJavaAuthRule --query primaryConnectionString --output tsv
```
## Step 2: Configure the pub/sub component

3
docs/modules/03-assignment-3-azure-pub-sub/2-azure-cache-redis.md
Просмотреть файл

@ -19,7 +19,6 @@ In the example, you will use Azure Cache for Redis as the message broker with th
az login
```
2. Create a C0 Redis Cache
```bash
@ -28,7 +27,7 @@ In the example, you will use Azure Cache for Redis as the message broker with th
# Variable block
let "randomIdentifier=$RANDOM*$RANDOM"
location="East US"
resourceGroup="msdocs-redis-cache-rg-$randomIdentifier"
resourceGroup="rg-dapr-workshop-java"
tag="create-manage-cache"
cache="msdocs-redis-cache-$randomIdentifier"
sku="basic"

2
docs/modules/05-assignment-5-aks-aca/01-aks/1-dapr-sidecar-in-k8s.md
Просмотреть файл

@ -39,7 +39,7 @@ spec:
dapr.io/app-port: "6000"
spec:
containers:
- image: daprworkshopjava.azurecr.io/traffic-control-service:latest
- image: <REPLACE_WITH_CONTAINER_REGISTRY_NAME>.azurecr.io/traffic-control-service:latest
name: traffic-control-service
resources: {}
status: {}

193
docs/modules/05-assignment-5-aks-aca/01-aks/2-aks-instructions.md
Просмотреть файл

@ -12,139 +12,162 @@ layout: default
## Setup
1. Install [Helm](https://helm.sh/docs/intro/install/)
2. Login to azure
```bash
az login
```
1. Login to azure
3. Create an Azure Container Registry (ACR) resource
```bash
az login
```
- create Resource Group (if not already created)
1. Create a resource group
```bash
az group create --name dapr-workshop-java --location eastus
```
- create Resource Group (if not already created)
- set Resource Group as default
```bash
az group create --name rg-dapr-workshop-java --location eastus
```
```bash
az configure --defaults group=dapr-workshop-java
```
- set Resource Group as default
- create acr
```bash
az configure --defaults group=rg-dapr-workshop-java
```
```bash
az acr create --name daprworkshopjava --sku Basic
```
1. [Azure Container Registry](https://learn.microsoft.com/en-us/azure/container-registry/) is a private registry for hosting container images. Using the Azure Container Registry, you can store Docker images for all types of container deployments. This registry needs to be gloablly unique. Use the following command to generate a unique name:
4. Create an AKS cluster with the ACR attached
- Linux/Unix shell:
```bash
az aks create \
--name dapr-workshop-java-aks \
--generate-ssh-keys \
--attach-acr daprworkshopjava \
--enable-managed-identity
```
```bash
UNIQUE_IDENTIFIER=$(LC_ALL=C tr -dc a-z0-9 </dev/urandom | head -c 5)
CONTAINER_REGISTRY="crdapr-workshop-java-$UNIQUE_IDENTIFIER"
echo $CONTAINER_REGISTRY
```
5. Update AKS with Dapr extension
- Powershell:
```bash
az k8s-extension create --cluster-type managedClusters \
--cluster-name dapr-workshop-java-aks \
--name myDaprExtension \
--extension-type Microsoft.Dapr
```
```powershell
$ACCEPTED_CHAR = [Char[]]'abcdefghijklmnopqrstuvwxyz0123456789'
$UNIQUE_IDENTIFIER = (Get-Random -Count 5 -InputObject $ACCEPTED_CHAR) -join ''
$CONTAINER_REGISTRY = "sb-dapr-workshop-java-$UNIQUE_IDENTIFIER"
$CONTAINER_REGISTRY
```
6. Download AKS cluster kubecofig file, and install kubectl CLI
1. Create an Azure Container Registry (ACR) resource
```bash
az aks install-cli
az aks get-credentials -n dapr-workshop-java-aks -g <NAME-OF-RESOURCE-GROUP>
```
```bash
az acr create --name "$CONTAINER_REGISTRY" --sku Basic
```
1. Create an AKS cluster with the ACR attached
```bash
az aks create \
--name aks-dapr-workshop-java \
--generate-ssh-keys \
--attach-acr "$CONTAINER_REGISTRY" \
--enable-managed-identity
```
1. Update AKS with Dapr extension
```bash
az k8s-extension create --cluster-type managedClusters \
--cluster-name aks-dapr-workshop-java \
--name myDaprExtension \
--extension-type Microsoft.Dapr
```
1. Download AKS cluster kubecofig file, and install kubectl CLI
```bash
az aks install-cli
az aks get-credentials -n aks-dapr-workshop-java -g rg-dapr-workshop-java
```
## Step 1 - Deploy kafka to AKS, and configure Dapr
1. Deploy kafka to kubernetes using helm chart
```bash
helm repo add bitnami https://charts.bitnami.com/bitnami
helm install my-release bitnami/kafka
```
```bash
helm repo add bitnami https://charts.bitnami.com/bitnami
helm install my-release bitnami/kafka
```
2. Configure Dapr to use kafka for pubsub
```bash
cd deploy
kubectl apply -f kafka-pubsub.yaml
```
```bash
cd deploy
kubectl apply -f kafka-pubsub.yaml
```
## Step 2 - Generate Docker images for applications, and push them to ACR
1. login to your ACR repository
```bash
az acr login --name daprworkshopjava
```
```bash
az acr login --name "$CONTAINER_REGISTRY"
```
1. In the root folder of TravelRegistrationService microservice, run the following command
```bash
mvn spring-boot:build-image
docker tag vehicle-registration-service:1.0-SNAPSHOT daprworkshopjava.azurecr.io/vehicle-registration-service:latest
docker push daprworkshopjava.azurecr.io/vehicle-registration-service:latest
```
```bash
mvn spring-boot:build-image
docker tag vehicle-registration-service:1.0-SNAPSHOT "$CONTAINER_REGISTRY".azurecr.io/vehicle-registration-service:latest
docker push "$CONTAINER_REGISTRY".azurecr.io/vehicle-registration-service:latest
```
1. In the root folder of FineCollectionService microservice, run the following command
```bash
mvn spring-boot:build-image
docker tag fine-collection-service:1.0-SNAPSHOT daprworkshopjava.azurecr.io/fine-collection-service:latest
docker push daprworkshopjava.azurecr.io/fine-collection-service:latest
```
```bash
mvn spring-boot:build-image
docker tag fine-collection-service:1.0-SNAPSHOT "$CONTAINER_REGISTRY".azurecr.io/fine-collection-service:latest
docker push "$CONTAINER_REGISTRY".azurecr.io/fine-collection-service:latest
```
1. In the root folder of TrafficControlService microservice, run the following command
```bash
mvn spring-boot:build-image
docker tag traffic-control-service:1.0-SNAPSHOT daprworkshopjava.azurecr.io/traffic-control-service:latest
docker push daprworkshopjava.azurecr.io/traffic-control-service:latest
```
```bash
mvn spring-boot:build-image
docker tag traffic-control-service:1.0-SNAPSHOT "$CONTAINER_REGISTRY".azurecr.io/traffic-control-service:latest
docker push "$CONTAINER_REGISTRY".azurecr.io/traffic-control-service:latest
```
1. In the root folder of the simulation (`Simulation`), run the following command
```bash
mvn spring-boot:build-image
docker tag simulation:1.0-SNAPSHOT daprworkshopjava.azurecr.io/simulation:latest
docker push daprworkshopjava.azurecr.io/simulation:latest
```
```bash
mvn spring-boot:build-image
docker tag simulation:1.0-SNAPSHOT "$CONTAINER_REGISTRY".azurecr.io/simulation:latest
docker push "$CONTAINER_REGISTRY".azurecr.io/simulation:latest
```
## Step 3 - Deploy Kubernetes manifest files for applications to AKS
1. From the root folder of the repo, run the following command.
1. In the `deploy` folder, update all `<service-name>-deployment.yaml` files to use the correct container registry: replace `<REPLACE_WITH_CONTAINER_REGISTRY_NAME>` with the name of the container registry (`$CONTAINER_REGISTRY`).
Please note below the `kubectl apply` is with **-k** option, which is applying `kustomize.yaml` file in the `deploy` folder
1. From the root folder of the repo, run the following command:
```bash
kubectl apply -k deploy
```
```bash
kubectl apply -k deploy
```
Please note below the `kubectl apply` is with **-k** option, which is applying `kustomize.yaml` file in the `deploy` folder
## Step 4 - Test the applications running in AKS
1. run the following command to identify the name of each microservice pod
1. Run the following command to identify the name of each microservice pod
```bash
kubectl get pods
```
```bash
kubectl get pods
```
2. look at the log file of each application pod to see the same output as seen when running on your laptop. For example,
2. Look at the log file of each application pod to see the same output as seen when running on your laptop. For example,
```bash
kubectl logs trafficcontrolservice-7d8f48b778-rx8l8 -c traffic-control-service
```
```bash
kubectl logs trafficcontrolservice-7d8f48b778-rx8l8 -c traffic-control-service
```
3. delete all application deployments
3. Delete all application deployments
```bash
kubectl delete -k deploy
```
```bash
kubectl delete -k deploy
```

2
docs/modules/05-assignment-5-aks-aca/01-aks/3-observability-with-open-telemetry.md
Просмотреть файл

@ -16,7 +16,7 @@ In this section, you will deploy the [OpenTelemetry Collector](https://github.co
Run the following Azure CLI command to create the Application Insights resource in Azure.
```bash
az monitor app-insights component create --app dapr-workshop-java-aks --location eastus --kind web -g dapr-workshop-java --application-type web
az monitor app-insights component create --app aks-dapr-workshop-java --location eastus --kind web -g rg-dapr-workshop-java --application-type web
```
> You may receive a message to install the application-insights extension, if so please install the extension for this exercise.

4
docs/modules/05-assignment-5-aks-aca/01-aks/4-gitops.md
Просмотреть файл

@ -37,7 +37,7 @@ az extension add -n k8s-extension
```bash
az k8s-extension create --cluster-type managedClusters \
--cluster-name dapr-workshop-java-aks \
--cluster-name aks-dapr-workshop-java \
--name myGitopsExtension \
--extension-type Microsoft.Gitops
```
@ -45,7 +45,7 @@ az k8s-extension create --cluster-type managedClusters \
6. Apply Flux configuration
```bash
az k8s-configuration flux create -c dapr-workshop-java-aks -n dapr-workshop-java-flux --namespace cluster-config -t managedClusters --scope cluster -u $GITHUB_REPO --branch main --kustomization name=test path=./deploy prune=true --https-user $GITHUB_USER --https-key $GITHUB_TOKEN
az k8s-configuration flux create -c aks-dapr-workshop-java -n dapr-workshop-java-flux --namespace cluster-config -t managedClusters --scope cluster -u $GITHUB_REPO --branch main --kustomization name=test path=./deploy prune=true --https-user $GITHUB_USER --https-key $GITHUB_TOKEN
```
7. verify all application pods are running by executing the following command: `kubectl get pods`

350
docs/modules/05-assignment-5-aks-aca/02-aca/1-aca-instructions.md
Просмотреть файл

@ -33,130 +33,126 @@ This assignement is about deploying our microservices to [Azure Container Apps](
Now, let's create the infrastructure for our application, so we can later deploy our microservices to [Azure Container Apps](https://learn.microsoft.com/en-us/azure/container-apps/).
### Setting Up the Environment Variables
Let's first set a few environment variables that will help us in creating the Azure infrastructure.
{: .important }
Some resources in Azure need to have a unique name across the globe (for example Azure Registry or Azure Load Testing).
For that, we use the `UNIQUE_IDENTIFIER` environment variable to make sure we don't have any name collision.
If you are developing in your local machine, the `UNIQUE_IDENTIFIER` will be your username (which is not totally unique, but it's a good start).
Please make sure to use a lowercase value, as it's used as a suffix to create resources that cannot stand uppercase.
```bash
PROJECT="dapr-java-workshop"
RESOURCE_GROUP="rg-${PROJECT}"
LOCATION="eastus"
TAG="dapr-java-aca"
LOG_ANALYTICS_WORKSPACE="logs-dapr-java-aca"
CONTAINERAPPS_ENVIRONMENT="cae-dapr-java-aca"
# If you're using a dev container, you should manually set this to
# a unique value (here randomly generated) to avoid conflicts with other users.
UNIQUE_IDENTIFIER=$(LC_ALL=C tr -dc a-z0-9 </dev/urandom | head -c 5)
REGISTRY="crdaprjavaaca${UNIQUE_IDENTIFIER}"
IMAGES_TAG="1.0"
TRAFFIC_CONTROL_SERVICE="ca-traffic-control-service"
FINE_COLLECTION_SERVICE="ca-fine-collection-service"
VEHICLE_REGISTRATION_SERVICE="ca-vehicle-registration-service"
```
{: .note }
> Notice that we are using a specific location.
> This means that all the Azure resources that we are creating will be created in the same location.
> Depending on your geographical location, the resources might be created in different datacenters closer to you.
> If you want to know the list of available locations, you can execute the following command:
>
> ```
> az account list-locations --query "[].name"
> ```
>
>You can update the `LOCATION` environment variable to use a different location.
>
{: .note }
> If you need to force a specific `UNIQUE_IDENTIFIER`, you can update the command about with your own identifier: `UNIQUE_IDENTIFIER=<your-unique-identifier>`.
>
### Log Analytics Workspace
[Log Analytics workspace](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/log-analytics-workspace-overview) is the environment for Azure Monitor log data. Each workspace has its own data repository and configuration, and data sources and solutions are configured to store their data in a particular workspace. We will use the same workspace for most of the Azure resources we will be creating.
Create a Log Analytics workspace with the following command:
1. Create a Log Analytics workspace with the following command:
```bash
az monitor log-analytics workspace create \
--resource-group "$RESOURCE_GROUP" \
--location "$LOCATION" \
--tags system="$TAG" \
--workspace-name "$LOG_ANALYTICS_WORKSPACE"
```
```bash
az monitor log-analytics workspace create \
--resource-group rg-dapr-workshop-java \
--location eastus \
--workspace-name log-dapr-workshop-java
```
Let's also retrieve the Log Analytics Client ID and client secret and store them in environment variables:
1. Retrieve the Log Analytics Client ID and client secret and store them in environment variables:
```bash
LOG_ANALYTICS_WORKSPACE_CUSTOMER_ID=$(
az monitor log-analytics workspace show \
--resource-group "$RESOURCE_GROUP" \
--workspace-name "$LOG_ANALYTICS_WORKSPACE" \
--query customerId \
--output tsv | tr -d '[:space:]'
)
echo "LOG_ANALYTICS_WORKSPACE_CLIENT_ID=$LOG_ANALYTICS_WORKSPACE_CLIENT_ID"
- Linux/Unix shell:
LOG_ANALYTICS_WORKSPACE_CLIENT_SECRET=$(
az monitor log-analytics workspace get-shared-keys \
--resource-group "$RESOURCE_GROUP" \
--workspace-name "$LOG_ANALYTICS_WORKSPACE" \
--query primarySharedKey \
--output tsv | tr -d '[:space:]'
)
echo "LOG_ANALYTICS_WORKSPACE_CLIENT_SECRET=$LOG_ANALYTICS_WORKSPACE_CLIENT_SECRET"
```
```bash
LOG_ANALYTICS_WORKSPACE_CUSTOMER_ID=$(
az monitor log-analytics workspace show \
--resource-group rg-dapr-workshop-java \
--workspace-name log-dapr-workshop-java \
--query customerId \
--output tsv | tr -d '[:space:]'
)
echo "LOG_ANALYTICS_WORKSPACE_CLIENT_ID=$LOG_ANALYTICS_WORKSPACE_CLIENT_ID"
LOG_ANALYTICS_WORKSPACE_CLIENT_SECRET=$(
az monitor log-analytics workspace get-shared-keys \
--resource-group rg-dapr-workshop-java \
--workspace-name log-dapr-workshop-java \
--query primarySharedKey \
--output tsv | tr -d '[:space:]'
)
echo "LOG_ANALYTICS_WORKSPACE_CLIENT_SECRET=$LOG_ANALYTICS_WORKSPACE_CLIENT_SECRET"
```
- Powershell:
```powershell
$LOG_ANALYTICS_WORKSPACE_CUSTOMER_ID=$(
az monitor log-analytics workspace show `
--resource-group rg-dapr-workshop-java `
--workspace-name log-dapr-workshop-java `
--query customerId `
--output tsv | tr -d '[:space:]'
)
Write-Output "LOG_ANALYTICS_WORKSPACE_CLIENT_ID=$LOG_ANALYTICS_WORKSPACE_CLIENT_ID"
$LOG_ANALYTICS_WORKSPACE_CLIENT_SECRET=$(
az monitor log-analytics workspace get-shared-keys `
--resource-group rg-dapr-workshop-java `
--workspace-name log-dapr-workshop-java `
--query primarySharedKey `
--output tsv | tr -d '[:space:]'
)
Write-Output "LOG_ANALYTICS_WORKSPACE_CLIENT_SECRET=$LOG_ANALYTICS_WORKSPACE_CLIENT_SECRET"
```
### Azure Container Registry
In the next chapter we will be creating Docker containers and pushing them to the Azure Container Registry. [Azure Container Registry](https://learn.microsoft.com/en-us/azure/container-registry/) is a private registry for hosting container images.
Using the Azure Container Registry, you can store Docker-formatted images for all types of container deployments.
Later, you will be creating Docker containers and pushing them to the Azure Container Registry.
First, let's create an Azure Container Registry with the following command (notice that we create the registry with admin rights `--admin-enabled true` which is not suited for real production, but well for our workshop):
1. [Azure Container Registry](https://learn.microsoft.com/en-us/azure/container-registry/) is a private registry for hosting container images. Using the Azure Container Registry, you can store Docker images for all types of container deployments. This registry needs to be gloablly unique. Use the following command to generate a unique name:
```bash
az acr create \
--resource-group "$RESOURCE_GROUP" \
--location "$LOCATION" \
--tags system="$TAG" \
--name "$REGISTRY" \
--workspace "$LOG_ANALYTICS_WORKSPACE" \
--sku Standard \
--admin-enabled true
```
- Linux/Unix shell:
Update the registry to allow anonymous users to pull the images (this can be handy if you want other attendees of the workshop to use your registry, but this is not suite for production):
```bash
UNIQUE_IDENTIFIER=$(LC_ALL=C tr -dc a-z0-9 </dev/urandom | head -c 5)
CONTAINER_REGISTRY="crdapr-workshop-java-$UNIQUE_IDENTIFIER"
echo $CONTAINER_REGISTRY
```
```bash
az acr update \
--resource-group "$RESOURCE_GROUP" \
--name "$REGISTRY" \
--anonymous-pull-enabled true
```
- Powershell:
Get the URL of the Azure Container Registry and set it to the `REGISTRY_URL` variable with the following command:
```powershell
$ACCEPTED_CHAR = [Char[]]'abcdefghijklmnopqrstuvwxyz0123456789'
$UNIQUE_IDENTIFIER = (Get-Random -Count 5 -InputObject $ACCEPTED_CHAR) -join ''
$CONTAINER_REGISTRY = "sb-dapr-workshop-java-$UNIQUE_IDENTIFIER"
$CONTAINER_REGISTRY
```
```bash
REGISTRY_URL=$(
az acr show \
--resource-group "$RESOURCE_GROUP" \
--name "$REGISTRY" \
--query "loginServer" \
--output tsv
)
1. Create an Azure Container Registry with the following command:
echo "REGISTRY_URL=$REGISTRY_URL"
```
```bash
az acr create \
--resource-group rg-dapr-workshop-java \
--location eastus \
--name "$$CONTAINER_REGISTRY" \
--workspace log-dapr-workshop-java \
--sku Standard \
--admin-enabled true
```
Notice that we create the registry with admin rights `--admin-enabled true` which is not suited for real production, but well for our workshop
1. Update the registry to allow anonymous users to pull the images ():
```bash
az acr update \
--resource-group rg-dapr-workshop-java \
--name "$$CONTAINER_REGISTRY" \
--anonymous-pull-enabled true
```
This can be handy if you want other attendees of the workshop to use your registry, but this is not suite for production
1. Get the URL of the Azure Container Registry and set it to the `CONTAINER_REGISTRY_URL` variable with the following command:
```bash
CONTAINER_REGISTRY_URL=$(
az acr show \
--resource-group rg-dapr-workshop-java \
--name "$$CONTAINER_REGISTRY" \
--query "loginServer" \
--output tsv
)
echo "CONTAINER_REGISTRY_URL=$CONTAINER_REGISTRY_URL"
```
### Container Apps environment
@ -166,10 +162,10 @@ Create the container apps environment with the following command:
```bash
az containerapp env create \
--resource-group "$RESOURCE_GROUP" \
--location "$LOCATION" \
--resource-group rg-dapr-workshop-java \
--location eastus \
--tags system="$TAG" \
--name "$CONTAINERAPPS_ENVIRONMENT" \
--name cae-dapr-workshop-java \
--logs-workspace-id "$LOG_ANALYTICS_WORKSPACE_CUSTOMER_ID" \
--logs-workspace-key "$LOG_ANALYTICS_WORKSPACE_CLIENT_SECRET"
```
@ -212,7 +208,7 @@ The Dapr component structure for Azure Container Apps is different from the stan
```bash
az containerapp env dapr-component set \
--name "$CONTAINERAPPS_ENVIRONMENT" --resource-group $RESOURCE_GROUP \
--name cae-dapr-workshop-java --resource-group rg-dapr-workshop-java \
--dapr-component-name pubsub \
--yaml ./dapr/components/aca-azure-servicebus-pubsub.yaml
```
@ -237,8 +233,8 @@ The Dapr component structure for Azure Container Apps is different from the stan
- name: enableTLS
value: "true"
scopes:
- trafficcontrolservice
- finecollectionservice
- traffic-control-service
- fine-collection-service
```
2. **Copy or Move** this file `dapr/aca-redis-pubsub.yaml` to `dapr/components` folder.
@ -251,7 +247,7 @@ The Dapr component structure for Azure Container Apps is different from the stan
```bash
az containerapp env dapr-component set \
--name "$CONTAINERAPPS_ENVIRONMENT" --resource-group $RESOURCE_GROUP \
--name cae-dapr-workshop-java --resource-group rg-dapr-workshop-java \
--dapr-component-name pubsub \
--yaml ./dapr/components/aca-redis-pubsub.yaml
```
@ -263,31 +259,31 @@ Since we don't have any container images ready yet, we'll build and push contain
1. Login to your ACR repository
```bash
az acr login --name $REGISTRY
az acr login --name $CONTAINER_REGISTRY
```
2. In the root folder of VehicleRegistrationService microservice, run the following command
```bash
mvn spring-boot:build-image
docker tag vehicle-registration-service:1.0-SNAPSHOT "$REGISTRY.azurecr.io/vehicle-registration-service:latest"
docker push $REGISTRY.azurecr.io/vehicle-registration-service:latest
docker tag vehicle-registration-service:1.0-SNAPSHOT "$CONTAINER_REGISTRY.azurecr.io/vehicle-registration-service:latest"
docker push $CONTAINER_REGISTRY.azurecr.io/vehicle-registration-service:latest
```
3. In the root folder of FineCollectionService microservice, run the following command
```bash
mvn spring-boot:build-image
docker tag fine-collection-service:1.0-SNAPSHOT "$REGISTRY.azurecr.io/fine-collection-service:latest"
docker push $REGISTRY.azurecr.io/fine-collection-service:latest
docker tag fine-collection-service:1.0-SNAPSHOT "$CONTAINER_REGISTRY.azurecr.io/fine-collection-service:latest"
docker push $CONTAINER_REGISTRY.azurecr.io/fine-collection-service:latest
```
4. In the root folder of TrafficControlService microservice, run the following command
```bash
mvn spring-boot:build-image
docker tag traffic-control-service:1.0-SNAPSHOT "$REGISTRY.azurecr.io/traffic-control-service:latest"
docker push $REGISTRY.azurecr.io/traffic-control-service:latest
docker tag traffic-control-service:1.0-SNAPSHOT "$CONTAINER_REGISTRY.azurecr.io/traffic-control-service:latest"
docker push $CONTAINER_REGISTRY.azurecr.io/traffic-control-service:latest
```
## Step 3 - Deploy the Container Apps
@ -300,43 +296,56 @@ You will create three container apps, one for each of our Java services: Traffic
```bash
az containerapp create \
--name $VEHICLE_REGISTRATION_SERVICE \
--resource-group $RESOURCE_GROUP \
--environment $CONTAINERAPPS_ENVIRONMENT \
--image "$REGISTRY_URL"/vehicle-registration-service:latest \
--name ca-vehicle-registration-service \
--resource-group rg-dapr-workshop-java \
--environment cae-dapr-workshop-java \
--image "$CONTAINER_REGISTRY_URL"/vehicle-registration-service:latest \
--target-port 6002 \
--ingress internal \
--min-replicas 1 \
--max-replicas 1
```
Note that internal ingress is enable. This is because we want to provide access to the service only from within the container apps environment. FineCollectionService will be able to access the VehicleRegistrationService using the internal ingress FQDN.
Notice that internal ingress is enable. This is because we want to provide access to the service only from within the container apps environment. FineCollectionService will be able to access the VehicleRegistrationService using the internal ingress FQDN.
1. Get the FQDN of VehicleRegistrationService and save it in a variable:
```bash
VEHICLE_REGISTRATION_SERVICE_FQDN=$(az containerapp show \
--name $VEHICLE_REGISTRATION_SERVICE \
--resource-group $RESOURCE_GROUP \
--query "properties.configuration.ingress.fqdn" \
-o tsv)
echo $VEHICLE_REGISTRATION_SERVICE_FQDN
```
- Linux/Unix shell:
Note that the FQDN is in the format `<service-name>.internal.<unique-name>.<region>.azurecontainerapps.io` where internal indicates that the service is only accessible from within the container apps environment, i.e. exposed with internal ingress.
```bash
VEHICLE_REGISTRATION_SERVICE_FQDN=$(az containerapp show \
--name ca-vehicle-registration-service \
--resource-group rg-dapr-workshop-java \
--query "properties.configuration.ingress.fqdn" \
-o tsv)
echo $VEHICLE_REGISTRATION_SERVICE_FQDN
```
- Powershell:
```powershell
$VEHICLE_REGISTRATION_SERVICE_FQDN = az containerapp show `
--name ca-vehicle-registration-service `
--resource-group rg-dapr-workshop-java `
--query "properties.configuration.ingress.fqdn" `
-o tsv
$VEHICLE_REGISTRATION_SERVICE_FQDN
```
Notice that the FQDN is in the format `<service-name>.internal.<unique-name>.<region>.azurecontainerapps.io` where internal indicates that the service is only accessible from within the container apps environment, i.e. exposed with internal ingress.
1. Create a Container App for FineCollectionService with the following command:
```bash
az containerapp create \
--name $FINE_COLLECTION_SERVICE \
--resource-group $RESOURCE_GROUP \
--environment $CONTAINERAPPS_ENVIRONMENT \
--image "$REGISTRY_URL"/fine-collection-service:latest \
--name ca-fine-collection-service \
--resource-group rg-dapr-workshop-java \
--environment cae-dapr-workshop-java \
--image "$CONTAINER_REGISTRY_URL"/fine-collection-service:latest \
--min-replicas 1 \
--max-replicas 1 \
--enable-dapr \
--dapr-app-id finecollectionservice \
--dapr-app-id fine-collection-service \
--dapr-app-port 6001 \
--dapr-app-protocol http \
--env-vars "VEHICLE_REGISTRATION_SERVICE_BASE_URL=https://$VEHICLE_REGISTRATION_SERVICE_FQDN"
@ -346,40 +355,61 @@ You will create three container apps, one for each of our Java services: Traffic
```bash
az containerapp create \
--name $TRAFFIC_CONTROL_SERVICE \
--resource-group $RESOURCE_GROUP \
--environment $CONTAINERAPPS_ENVIRONMENT \
--image "$REGISTRY_URL"/traffic-control-service:latest \
--name ca-traffic-control-service \
--resource-group rg-dapr-workshop-java \
--environment cae-dapr-workshop-java \
--image "$CONTAINER_REGISTRY_URL"/traffic-control-service:latest \
--target-port 6000 \
--ingress external \
--min-replicas 1 \
--max-replicas 1 \
--enable-dapr \
--dapr-app-id trafficcontrolservice \
--dapr-app-id traffic-control-service \
--dapr-app-port 6000 \
--dapr-app-protocol http
```
1. Get the FQDN of TrafficControlService and save it in a variable:
1. Get the FQDN of traffic control service and save it in a variable:
```bash
TRAFFIC_CONTROL_SERVICE_FQDN=$(az containerapp show \
--name $TRAFFIC_CONTROL_SERVICE \
--resource-group $RESOURCE_GROUP \
--query "properties.configuration.ingress.fqdn" \
-o tsv)
echo $TRAFFIC_CONTROL_SERVICE_FQDN
```
- Linux/Unix shell:
Note that the FQDN is in the format `<service-name>.<unique-name>.<region>.azurecontainerapps.io` where internal is not present. Indeed, traffic control service is exposed with external ingress, i.e. it is accessible from outside the container apps environment. It will be used by the simulation to test the application.
```bash
TRAFFIC_CONTROL_SERVICE_FQDN=$(az containerapp show \
--name ca-traffic-control-service \
--resource-group rg-dapr-workshop-java \
--query "properties.configuration.ingress.fqdn" \
-o tsv)
echo $TRAFFIC_CONTROL_SERVICE_FQDN
```
- Powershell:
```powershell
$TRAFFIC_CONTROL_SERVICE_FQDN = $(az containerapp show `
--name ca-traffic-control-service `
--resource-group rg-dapr-workshop-java `
--query "properties.configuration.ingress.fqdn" `
-o tsv)
$TRAFFIC_CONTROL_SERVICE_FQDN
```
Notice that the FQDN is in the format `<service-name>.<unique-name>.<region>.azurecontainerapps.io` where internal is not present. Indeed, traffic control service is exposed with external ingress, i.e. it is accessible from outside the container apps environment. It will be used by the simulation to test the application.
## Step 4 - Run the simulation
1. Set the following environment variable:
```bash
export TRAFFIC_CONTROL_SERVICE_BASE_URL=https://$TRAFFIC_CONTROL_SERVICE_FQDN
```
- Linux/Unix shell:
```bash
export TRAFFIC_CONTROL_SERVICE_BASE_URL=https://$TRAFFIC_CONTROL_SERVICE_FQDN
```
- Powershell:
```powershell
$env:TRAFFIC_CONTROL_SERVICE_BASE_URL = "https://$TRAFFIC_CONTROL_SERVICE_FQDN"
```
1. In the root folder of the simulation (`Simulation`), start the simulation using `mvn spring-boot:run`.
@ -393,7 +423,7 @@ You can access the log of the container apps from the [Azure Portal](https://por
1. Run the following command to identify the running revision of traffic control service container apps:
```bash
TRAFFIC_CONTROL_SERVICE_REVISION=$(az containerapp revision list -n $TRAFFIC_CONTROL_SERVICE -g $RESOURCE_GROUP --query "[0].name" -o tsv)
TRAFFIC_CONTROL_SERVICE_REVISION=$(az containerapp revision list -n ca-traffic-control-service -g rg-dapr-workshop-java --query "[0].name" -o tsv)
echo $TRAFFIC_CONTROL_SERVICE_REVISION
```
@ -411,7 +441,7 @@ You can access the log of the container apps from the [Azure Portal](https://por
1. Run the following command to identify the running revision of fine collection service container apps:
```bash
FINE_COLLECTION_SERVICE_REVISION=$(az containerapp revision list -n $FINE_COLLECTION_SERVICE -g $RESOURCE_GROUP --query "[0].name" -o tsv)
FINE_COLLECTION_SERVICE_REVISION=$(az containerapp revision list -n ca-fine-collection-service -g rg-dapr-workshop-java --query "[0].name" -o tsv)
echo $FINE_COLLECTION_SERVICE_REVISION
```
@ -429,7 +459,7 @@ You can access the log of the container apps from the [Azure Portal](https://por
1. Run the following command to identify the running revision of vehicle registration service container apps:
```bash
VEHICLE_REGISTRATION_SERVICE_REVISION=$(az containerapp revision list -n $VEHICLE_REGISTRATION_SERVICE -g $RESOURCE_GROUP --query "[0].name" -o tsv)
VEHICLE_REGISTRATION_SERVICE_REVISION=$(az containerapp revision list -n ca-vehicle-registration-service -g rg-dapr-workshop-java --query "[0].name" -o tsv)
echo $VEHICLE_REGISTRATION_SERVICE_REVISION
```

10
docs/modules/09-bonus-assignments/01-service-to-service-invocation/2-deploying-to-aks.md
Просмотреть файл

@ -34,17 +34,21 @@ layout: default
```bash
docker rmi fine-collection-service:1.0-SNAPSHOT
az acr repository delete -n daprworkshopjava --image fine-collection-service:latest
az acr repository delete -n $CONTAINER_REGISTRY --image fine-collection-service:latest
```
Where `$CONTAINER_REGISTRY` is the name of your Azure Container Registry.
1. In the root folder of FineCollectionService microservice, run the following command
```bash
mvn spring-boot:build-image
docker tag fine-collection-service:1.0-SNAPSHOT daprworkshopjava.azurecr.io/fine-collection-service:latest
docker push daprworkshopjava.azurecr.io/fine-collection-service:latest
docker tag fine-collection-service:1.0-SNAPSHOT $CONTAINER_REGISTRY.azurecr.io/fine-collection-service:latest
docker push $CONTAINER_REGISTRY.azurecr.io/fine-collection-service:latest
```
Where `$CONTAINER_REGISTRY` is the name of your Azure Container Registry.
1. From the root folder of the repo, run the following command
```bash

29
docs/modules/09-bonus-assignments/02-state-store/1-azure-cosmos-db-state-store.md
Просмотреть файл

@ -15,10 +15,29 @@ This bonus assignment is about using Azure Cosmos DB as a [state store](https://
1. Open a terminal window.
1. Azure Cosmos DB account for SQL API is a globally distributed multi-model database service. This account needs to be globally unique. Use the following command to generate a unique name:
- Linux/Unix shell:
```bash
UNIQUE_IDENTIFIER=$(LC_ALL=C tr -dc a-z0-9 </dev/urandom | head -c 5)
COSMOS_DB="cosno-dapr-workshop-java-$UNIQUE_IDENTIFIER"
echo $COSMOS_DB
```
- Powershell:
```powershell
$ACCEPTED_CHAR = [Char[]]'abcdefghijklmnopqrstuvwxyz0123456789'
$UNIQUE_IDENTIFIER = (Get-Random -Count 5 -InputObject $ACCEPTED_CHAR) -join ''
$COSMOS_DB = "cosno-dapr-workshop-java-$UNIQUE_IDENTIFIER"
$COSMOS_DB
```
1. Create a Cosmos DB account for SQL API
```bash
az cosmosdb create --name dapr-java-workshop-cosmosdb-account --resource-group dapr-workshop-java --locations regionName=eastus failoverPriority=0 isZoneRedundant=False
az cosmosdb create --name $COSMOS_DB --resource-group rg-dapr-workshop-java --locations regionName=eastus failoverPriority=0 isZoneRedundant=False
```
{: .important }
@ -27,13 +46,13 @@ This bonus assignment is about using Azure Cosmos DB as a [state store](https://
1. Create a SQL API database
```bash
az cosmosdb sql database create --account-name dapr-java-workshop-cosmosdb-account --resource-group dapr-workshop-java --name dapr-workshop-java-database
az cosmosdb sql database create --account-name $COSMOS_DB --resource-group rg-dapr-workshop-java --name dapr-workshop-java-database
```
1. Create a SQL API container
```bash
az cosmosdb sql container create --account-name dapr-java-workshop-cosmosdb-account --resource-group dapr-workshop-java --database-name dapr-workshop-java-database --name vehicle-state --partition-key-path /partitionKey --throughput 400
az cosmosdb sql container create --account-name $COSMOS_DB --resource-group rg-dapr-workshop-java --database-name dapr-workshop-java-database --name vehicle-state --partition-key-path /partitionKey --throughput 400
```
{: .important }
@ -42,13 +61,13 @@ This bonus assignment is about using Azure Cosmos DB as a [state store](https://
1. Get the Cosmos DB account URL and note it down. You will need it in the next step and to deploy it to Azure.
```bash
az cosmosdb show --name dapr-java-workshop-cosmosdb-account --resource-group dapr-workshop-java --query documentEndpoint -o tsv
az cosmosdb show --name $COSMOS_DB --resource-group rg-dapr-workshop-java --query documentEndpoint -o tsv
```
1. Get the master key and note it down. You will need it in the next step and to deploy it to Azure.
```bash
az cosmosdb keys list --name dapr-java-workshop-cosmosdb-account --resource-group dapr-workshop-java --type keys --query primaryMasterKey -o tsv
az cosmosdb keys list --name $COSMOS_DB --resource-group rg-dapr-workshop-java --type keys --query primaryMasterKey -o tsv
```
## Step 2: Configure the Azure Cosmos DB state store component

10
docs/modules/09-bonus-assignments/02-state-store/2-deploying-to-aks.md
Просмотреть файл

@ -72,17 +72,21 @@ layout: default
```bash
docker rmi traffic-control-service:1.0-SNAPSHOT
az acr repository delete -n daprworkshopjava --image traffic-control-service:latest
az acr repository delete -n $CONTAINER_REGISTRY --image traffic-control-service:latest
```
Where `$CONTAINER_REGISTRY` is the name of the Azure Container Registry.
1. In the root folder of TrafficControlService microservice, run the following command
```bash
mvn spring-boot:build-image
docker tag traffic-control-service:1.0-SNAPSHOT daprworkshopjava.azurecr.io/traffic-control-service:latest
docker push daprworkshopjava.azurecr.io/traffic-control-service:latest
docker tag traffic-control-service:1.0-SNAPSHOT $CONTAINER_REGISTRY.azurecr.io/traffic-control-service:latest
docker push $CONTAINER_REGISTRY.azurecr.io/traffic-control-service:latest
```
Where `$CONTAINER_REGISTRY` is the name of the Azure Container Registry.
1. From the root folder of the repo, run the following command
```bash

27
docs/modules/09-bonus-assignments/03-secret-store/1-azure-key-vault-secret-store-setup.md
Просмотреть файл

@ -50,9 +50,28 @@ This bonus assignment is about using Azure Key Vault as a [secret store](https:/
1. Open a terminal window.
1. [Azure Key Vault](https://learn.microsoft.com/en-us/azure/key-vault/general/) is a manage service to securely store and access secrets. This key vault needs to be globally unique. Use the following command to generate a unique name:
- Linux/Unix shell:
```bash
UNIQUE_IDENTIFIER=$(LC_ALL=C tr -dc a-z0-9 </dev/urandom | head -c 5)
KEY_VAULT="kv-daprworkshopjava$UNIQUE_IDENTIFIER"
echo $KEY_VAULT
```
- PowerShell:
```powershell
$ACCEPTED_CHAR = [Char[]]'abcdefghijklmnopqrstuvwxyz0123456789'
$UNIQUE_IDENTIFIER = (Get-Random -Count 5 -InputObject $ACCEPTED_CHAR) -join ''
$KEY_VAULT = "kv-daprworkshopjava$UNIQUE_IDENTIFIER"
$KEY_VAULT
```
1. Create an Azure Key Vault
```bash
az keyvault create --name kv-dapr-java-workshop --resource-group dapr-workshop-java --location eastus --enable-rbac-authorization true
az keyvault create --name $KEY_VAULT --resource-group rg-dapr-workshop-java --location eastus --enable-rbac-authorization true
```
1. Get the id of the subscription and note it down. You will need it in the next step.
@ -62,7 +81,7 @@ This bonus assignment is about using Azure Key Vault as a [secret store](https:/
1. Assign a role using RBAC to the Azure AD application to access the Key Vault. The role "Key Vault Secrets User" is sufficient for this workshop. Replace `<servicePrincipalId>` with the Service Principal ID you noted down and `<subscriptionId>` with the value you noted in the previous step:
```bash
az role assignment create --role "Key Vault Secrets User" --assignee <servicePrincipalId> --scope "/subscriptions/<subscriptionid>/resourcegroups/dapr-workshop-java/providers/Microsoft.KeyVault/vaults/kv-dapr-java-workshop"
az role assignment create --role "Key Vault Secrets User" --assignee <servicePrincipalId> --scope "/subscriptions/<subscriptionid>/resourcegroups/dapr-workshop-java/providers/Microsoft.KeyVault/vaults/$KEY_VAULT"
```
## Step 4: Create a secret in the Azure Key Vault
@ -83,14 +102,14 @@ To assign to you the role of `Key Vault Secrets Officer`, follow these steps:
1. Assign you `Key Vault Secrets Officer` role:
```bash
az role assignment create --role "Key Vault Secrets Officer" --assignee <userId> --scope "/subscriptions/<subscriptionid>/resourcegroups/dapr-workshop-java/providers/Microsoft.KeyVault/vaults/kv-dapr-java-workshop"
az role assignment create --role "Key Vault Secrets Officer" --assignee <userId> --scope "/subscriptions/<subscriptionid>/resourcegroups/dapr-workshop-java/providers/Microsoft.KeyVault/vaults/$KEY_VAULT"
```
Replace `<userId>` with the value you noted down in the previous step.
To create a secret in the Azure Key Vault, use the following command and replace `<secret-name>` and `<secret-value>` with the name and value of the secret you want to create:
```bash
az keyvault secret set --vault-name kv-dapr-java-workshop --name <secret-name> --value <secret-value>
az keyvault secret set --vault-name $KEY_VAULT --name <secret-name> --value <secret-value>
```
## Step 5: Set the Azure Key Vault secret store component

2
docs/modules/09-bonus-assignments/03-secret-store/2-azure-key-vault-secret-store-code.md
Просмотреть файл

@ -24,7 +24,7 @@ Previously, you have created an Azure Key Vault and added the Dapr component. No
1. Create a secret in the Azure Key Vault for the license key:
```bash
az keyvault secret set --vault-name kv-dapr-java-workshop --name license-key --value HX783-5PN1G-CRJ4A-K2L7V
az keyvault secret set --vault-name $KEY_VAULT --name license-key --value HX783-5PN1G-CRJ4A-K2L7V
```
## Step 2: Use the secret in the application `FineCollectionService`

2
docs/modules/09-bonus-assignments/03-secret-store/3-azure-key-vault-secret-store-component.md
Просмотреть файл

@ -27,7 +27,7 @@ Azure Service Bus' connection string will be store as a string/literal secret:
1. Create a secret in the Azure Key Vault for Azure Service Bus' connection string:
```bash
az keyvault secret set --vault-name kv-dapr-java-workshop --name azSericeBusconnectionString --value "<connection-string>"
az keyvault secret set --vault-name $KEY_VAULT --name azSericeBusconnectionString --value "<connection-string>"
```
Replace `<connection-string>` with the connection string of the Azure Service Bus created in assignement 3.