Exercise: build a container hosting environment
- Create an Azure Key Vault
- Create a randomly-generated azurerm_key_vault_secret called
temp-password.- While this secret isn’t used, it validates that AKV can create (and destroy) secrets.
- Create an
outputresource to show some information about the created secret.
- The Key Vault must be created in its own isolated root module.
- Declaring the Key Vault’s access policies inline (as part of the azurerm_key_vault resource) makes deletion easier and removes the need for manual depends_on references.
- Create a randomly-generated azurerm_key_vault_secret called
- Provision an Azure Container registry using the azurerm_container_registry resource type.
- The Container registry must be created in a separate root module.
- Enable the admin user.
- Record the admin user’s username and password in your Key Vault.
- Use a azurerm_key_vault data source to reference your existing Key Vault.
- Store each credential in its own secret.
- Use docker login to authenticate against your new container registry.
- Extend your Container registry module to produce a
docker logincommand as output to make command-line login easier.- You’ll need to inline the password for now with either
--passwordor--password-stdin. While this is too insecure for production, it’s sufficient for a short-lived password in an IAC exercise. - Also provider a
docker logoutcommand as output.
- You’ll need to inline the password for now with either
- Extend your Container registry module to produce a
- Create a containerised Node.js application
- You might choose to use the
Dockerfileand management scripts that your wrote as your solution to the previous ‘environment variables’ exercise. - Configure docker to accept a
PORTenvironment variable. - Modify your management scripts to build the container and upload it to your container registry.
- You might choose to use the
- Create an azurerm_app_service instance.
- Again, the instance must be created using a separate root module.
- Deploy a container from your Container registry to your App Service instance.
- Output a URL that allows you to test you Node.js application from a browser.
This exercise is much more substantial than previous exercises. Please take it slowly, code a couple of lines then test and iterate, refactor as needed.
The solution to the ‘container hosting’ exercise is composed of both a Terraform solution, a Docker solution is available as part of our open-source Devops-Workstream.
Leave a comment