Exercise: build a container hosting environment
- Create an Azure Key Vault
- Create a randomly-generated azurerm_key_vault_secret called
temp-password.- While this secret isn’t used, it validates that AKV can create (and destroy) secrets.
- Create an
outputresource to show some information about the created secret.
- The Key Vault must be created in its own isolated root module.
- Declaring the Key Vault’s access policies inline (as part of the azurerm_key_vault resource) makes deletion easier and removes the need for manual depends_on references.
- Create a randomly-generated azurerm_key_vault_secret called
- Provision an Azure Container registry using the azurerm_container_registry resource type.
- The Container registry must be created in a separate root module.
- Enable the admin user.
- Record the admin user’s username and password in your Key Vault.
- Use a azurerm_key_vault data source to reference your existing Key Vault.
- Store each credential in its own secret.
- Use docker login to authenticate against your new container registry.
- Extend your Container registry module to produce a
docker logincommand as output to make command-line login easier.- You’ll need to inline the password for now with either
--passwordor--password-stdin. While this is too insecure for production, it’s sufficient for a short-lived password in an IAC exercise. - Also provider a
docker logoutcommand as output.
- You’ll need to inline the password for now with either
- Extend your Container registry module to produce a
- Create a containerised Node.js application
- You might choose to use the
Dockerfileand management scripts that your wrote as your solution to the previous ‘environment variables’ exercise. - Configure docker to accept a
PORTenvironment variable. - Modify your management scripts to build the container and upload it to your container registry.
- Be careful to re-build and re-push your container if you re-create your container registry.
- Verify you can see your repository and tag in the Azure Portal
Container registrydashboard,Repositoriesblade
- You might choose to use the
- Create an azurerm_app_service instance.
- Again, the instance must be created using a separate root module.
- Hint: start by using a community module, such as this one by InnovationNorway, to create all the azurerm_app_service resources.
- Initially configure the app service to run a public container image, before trying to authenticate against your Azure Container Registry.
- Hint: use a public image that you’re familiar with (default ports etc.) from a previous exercise such as nginx:latest to make testing easier.
- Output the app_service hostname to test your deployment in a browser.
- Give azure_app_service plenty of time (2-3 minutes) to pull and start the container.
- Check the start-up process using the logs visible in the Azure Portal
App Servicedashboard,Deployment Centreblade
- Again, the instance must be created using a separate root module.
- Deploy a container from your Container registry to your App Service instance.
- Set up authentication so that your App Service instance can pull container images from the Container Registry.
- Output a URL that allows you to test you Node.js application from a browser.
This exercise is much more substantial than previous exercises. Please take it slowly, code a couple of lines then test and iterate, refactor as needed.
The solution to the ‘container hosting’ exercise is composed of both a Terraform solution, a Docker solution is available as part of our open-source Devops-Workstream.
Leave a comment