Exercise: build a container hosting environment

  • Create an Azure Key Vault
    • Create a randomly-generated azurerm_key_vault_secret called temp-password.
      • While this secret isn’t used, it validates that AKV can create (and destroy) secrets.
      • Create an output resource to show some information about the created secret.
    • The Key Vault must be created in its own isolated root module.
    • Declaring the Key Vault’s access policies inline (as part of the azurerm_key_vault resource) makes deletion easier and removes the need for manual depends_on references.
  • Provision an Azure Container registry using the azurerm_container_registry resource type.
    • The Container registry must be created in a separate root module.
    • Enable the admin user.
    • Record the admin user’s username and password in your Key Vault.
  • Use docker login to authenticate against your new container registry.
    • Extend your Container registry module to produce a docker login command as output to make command-line login easier.
      • You’ll need to inline the password for now with either --password or --password-stdin. While this is too insecure for production, it’s sufficient for a short-lived password in an IAC exercise.
      • Also provider a docker logout command as output.
  • Create a containerised Node.js application
    • You might choose to use the Dockerfile and management scripts that your wrote as your solution to the previous ‘environment variables’ exercise.
    • Configure docker to accept a PORT environment variable.
    • Modify your management scripts to build the container and upload it to your container registry.
      • Be careful to re-build and re-push your container if you re-create your container registry.
      • Verify you can see your repository and tag in the Azure Portal Container registry dashboard, Repositories blade
  • Create an azurerm_app_service instance.
    • Again, the instance must be created using a separate root module.
    • Initially configure the app service to run a public container image, before trying to authenticate against your Azure Container Registry.
      • Hint: use a public image that you’re familiar with (default ports etc.) from a previous exercise such as nginx:latest to make testing easier.
      • Output the app_service hostname to test your deployment in a browser.
        • Give azure_app_service plenty of time (2-3 minutes) to pull and start the container.
        • Check the start-up process using the logs visible in the Azure Portal App Service dashboard, Deployment Centre blade
  • Deploy a container from your Container registry to your App Service instance.
    • Set up authentication so that your App Service instance can pull container images from the Container Registry.
    • Output a URL that allows you to test you Node.js application from a browser.

This exercise is much more substantial than previous exercises. Please take it slowly, code a couple of lines then test and iterate, refactor as needed.

The solution to the ‘container hosting’ exercise is composed of both a Terraform solution, a Docker solution is available as part of our open-source Devops-Workstream.

Leave a comment