Skip to main content

Az-204 Docker to Container registry to AKS

 1. https://github.com/Azure-Samples/azure-voting-app-redis.git -- pull this code from github

 2.  it has a docker-compose file . So run docker-compose up -d

 3. Create a container registry. 

4. Tag the docker image to the container registry.

docker tag hello-world demoacr5416.azurecr.io/hello-world-demo:v1

hello-world: name of the image

demoacr5416.azurecr.io -- name of the ACR

hello-world-demo:v1 -- what we want to call it inside ACR


5. push  

https://pascalnaber.wordpress.com/2020/01/21/access-keyvault-from-azure-kubernetes-service-aks-with-an-asp-net-core-application-using-a-managed-identity/

VISUAL STUDIO APP TO DOCKER

1. Publish the app to a folder (publish).


FROM mcr.microsoft.com/dotnet/core/aspnet:3.1
WORKDIR /app
EXPOSE 80
EXPOSE 443
COPY ./publish .
ENTRYPOINT ["dotnet""ACRTOAKS.dll"]

copy the publish file into a folder called publish and paste the docker file. Then copy everything inside the docker container.

docker build -t myacrtoaks .

build the publish folder to an image. The . at the end is the location for the docker file. -t is the name of the image we build 

docker run -d -p 8080:80 --name myacrtoaks myacrtoaks //name of the image

where --name is the name of the container



PUSH TO ACR


















Create an ACR and in Access keys enable admin user.

1. Open CMD and az login
2. Login to Acr
az acr login --name=demoacranish.azurecr.io --username=demoacranish --password=xxxx

3. tag the image
docker tag myacrtoaks demoacranish.azurecr.io/demoacrtoaks:v2

4. Push to acr

docker push demoacranish.azurecr.io/demoacrtoaks:v2

5.  List everything
az acr repository list --name=demoacranish -o=table


6. az acr repository show-tags

7. Delete
az acr repository delete --name=demoacranish -t demoacrtoaks:v2

MULTIPROJECT FILE

#See https://aka.ms/containerfastmode to understand how Visual Studio uses this Dockerfile to build your images for faster debugging.

FROM mcr.microsoft.com/dotnet/core/aspnet:3.1-buster-slim AS base
WORKDIR /app
EXPOSE 80
EXPOSE 443

FROM mcr.microsoft.com/dotnet/core/sdk:3.1-buster AS build
WORKDIR /src
COPY ["AppServiceDemo/AppServiceDemo.csproj", "AppServiceDemo/"]
COPY ["BAL/*.csproj", "BAL/"]
COPY ["DAL/*.csproj", "DAL/"]
RUN dotnet restore "AppServiceDemo/AppServiceDemo.csproj"
COPY . .
WORKDIR "/src/AppServiceDemo"
RUN dotnet build "AppServiceDemo.csproj" -c Release -o /app/build

FROM build AS publish
RUN dotnet publish "AppServiceDemo.csproj" -c Release -o /app/publish

FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "AppServiceDemo.dll"]


TO AKS

kubectl is like the azure cli. Used to work with kubernetes.

kubectl version --short  

az account set --subscription name or ID  -- select subscription

az group create --name=demorsaks -l centralus  -- create RG

az acr create --name=acrtoaksdemo -g demorsaks --sku=standard --create ACR

az acr login --name=acrtoaksdemo -- login to ACR

docker tag appservicedemo:v2 acrtoaksdemo.azurecr.io/appservicetoakscemo:v1 -- TAG with acr server name


Connect Kubectl with AKS

where kubernetesdemo is the name of an AKS cluster




Check if kubectl has connected

Kubectl get nodes  --this will return the number of nodes running in aks.


-- Run the yaml file


-- Get the running POD info

Kubectl get service  -- Get the services



Comments

Post a Comment

Popular posts from this blog

Azure AD Authentication And Authorization

ROLE BASED AUTHORIZATION Step1:   Setup  API. 1. Create an app registration and create an app role. Make sure that the app role is assigned to user and applications. We add it to both user groups and applications as this role can be then assigned to both users and applications. Scopes can only be assigned to apps. Now we can have only users with this role access our application. This app role behind the scenes adds an approles section to the manifest.json. We can directly add it to the manifest file also. Step 2:  Setup an app registration for the UI/ WEB App. . We will grant this app the read role created in the API app (shown above). Go to Azure AD and select the UI app registration. When we register an application 2 elements get created. 1. App registration  2. Enterprise Application -- service principal that get created for the app Adding roles to applications Go to the App registration => API Persmissions => Add a Permission => My API's The My Api's sec...
Post a Comment
Read more

Function APP and KV integration

 Create a function App and enable system assigned identity Create  a Keyvault and add a secret (Name in my case) Configure Access policies for the function app in keyvault Create an  access policy in Key Vault   for the application identity you created earlier. Enable the "Get" secret permission on this policy. Do not configure the "authorized application" or   applicationId   settings, as this is not compatible with a managed identity. https://docs.microsoft.com/en-us/azure/app-service/app-service-key-vault-references Key Vault references currently only support system-assigned managed identities. User-assigned identities cannot be used. We are granting our function app permissions to get and list all the secrets in this keyvault. Add Key Vault secrets reference in the Function App configuration Go to the keyvault and click on the secret we just created. Copy the secret identifier. We need to add this value to the function app configuration.  @Microsof...
Post a Comment
Read more

AZ-500 AppService Inside VNet

The intent is to create an appservice that is available inside a VNET. So we will create a vnet and put an appservice inside it. This Vnet will have 2 subnets. One that has the appservice and another one that will have a VM.. We need to make sure that this Appservice can be accessed only inside the VM (inside the same VNET)  1. Create a Vnet Total Address space is 256.. We split into 2 subnets 2. Create an Appservice in standard or above tier as the lower tiers dont support networking.  and select the Vnet and select the sub2 subnet 3. Create a Virtual Machine inside sub1. 4. Go to Appservices and onto the networking tab and select Access Restrictions Create a rule and select VNET and subnet that we created earlier. We can also specify IP Address. Then this appservice can be accessed by the specified IP's only. So this appservice can only be accessed within subnet 1. Which is where we have deployed the VM.. From Internet Inside VM (Subnet 1)
Post a Comment
Read more