Azure#
To deploy FLINT.Cloud to Azure, we recommend using the Azure App Service
with a custom Microsoft Container Registry container built from our
local
directory. This setup uses Azure CLI to
deploy the infrastructure and the applications to be used. You need to
sign in to the Azure CLI by using the az login
command. To
finish the authentication process, follow the steps displayed in your
terminal. To build images, we use Docker and then push them to Azure Container Registry.
Download the project#
Clone the repository:
git clone https://github.com/moja-global/flint.cloud
Navigate to the local
directory:
sh local
Build the images locally#
To build the rest_api_gcbm
image locally, run the following command:
pushd rest_api_gcbm
docker build --build-arg BUILD_TYPE=RELEASE --build-arg NUM_CPU=4 -t gcbm-api .
popd
To build the rest_api_flint.example
image locally, run the following
command:
pushd rest_api_flint.example
docker build -t flint-api .
popd
Create a resource group#
To push images onto and deploy containers with the Azure App Service, you need to first prepare some resources. Start by creating a resource group that will collect all your resources.
az group create --name myResourceGroup --location centralindia
You can change the --location
value to specify a region near you.
Create a Container Registry#
You can now push the image to Azure Container Registry so that App Service can deploy it. Create an Azure Container Registry to push your images to:
az acr create --name <registry-name> --resource-group myResourceGroup --sku Basic --admin-enabled true
Replace <registry-name>
with a suitable name for your registry. The
name must contain only letters and numbers, and must be unique across all
of Azure.
Retrieve your credentials for the Container Registry:
az acr credential show --resource-group myResourceGroup --name <registry-name>
Use the docker login
command to sign in to the container registry:
docker login <registry-name>.azurecr.io --username <registry-username>
Replace <registry-name>
and <registry-username>
with values from
the previous steps. When prompted, type in one of the passwords from the
previous step.
Tag the images with the registry name:
docker tag rest_api_gcbm <registry-name>.azurecr.io/rest_api_gcbm:latest
docker tag rest_api_flint.example <registry-name>.azurecr.io/rest_api_flint.example:latest
Use the docker push command to push the image to the registry:
docker push <registry-name>.azurecr.io/rest_api_gcbm:latest
docker push <registry-name>.azurecr.io/rest_api_flint.example:latest
Use the az acr repository list
command to verify that the push was
successful:
az acr repository list -n <registry-name>
Deploy the image from registry#
To deploy a container to Azure App Service, you first create a web app on App Service, then connect the web app to the container registry. When the web app starts, App Service automatically pulls the image from the registry.
Create an App Service plan using the az appservice plan create
command:
az appservice plan create --name myAppServicePlan --resource-group myResourceGroup --is-linux
Create the web app with the az webpp create
command. Since we are
deploying two images to two different web apps, you need to
enter these commands twice. To deploy rest_api_gcbm
to the first
web app and rest_api_flint.example
to the second web app, run the
following commands:
az webapp create --resource-group myResourceGroup --plan myAppServicePlan --name <app-name-1> --deployment-container-image-name <registry-name>.azurecr.io/rest_api_gcbm:latest
az webapp create --resource-group myResourceGroup --plan myAppServicePlan --name <app-name-2> --deployment-container-image-name <registry-name>.azurecr.io/rest_api_flint.example:latest
Use the az webapp config appsettings set
to set the
WEBSITES_PORT
environment variable. In
our case, the port to be exposed is 8080
.
az webapp config appsettings set --resource-group myResourceGroup --name <app-name-1> --settings WEBSITES_PORT=8080
az webapp config appsettings set --resource-group myResourceGroup --name <app-name-2> --settings WEBSITES_PORT=8080
Enable the system-assigned managed identity for the web app by using the
az webapp identity assign
command:
az webapp identity assign --resource-group myResourceGroup --name <app-name-1> --query principalId --output tsv
az webapp identity assign --resource-group myResourceGroup --name <app-name-2> --query principalId --output tsv
Replace <app-name>
with the name you used in the previous step. The
output of the command (filtered by the --query
and --output
arguments) is the service principal of the assigned identity.
Retrieve your subscription ID with the az account show
command,
which you need in the next step:
az account show --query id --output tsv
Grant the managed identity permission to access the container registry:
az role assignment create --assignee <principal-id> --scope /subscriptions/<subscription-id>/resourceGroups/myResourceGroup/providers/Microsoft.ContainerRegistry/registries/<registry-name> --role "AcrPull"
Replace the following values:
<principal-id>
with the service principal ID from theaz webapp identity assign
command.<registry-name>
with the name of your container registry.<subscription-id>
with the subscription ID retrieved from theaz account show
command.
Make sure the above steps are repeated for both of the apps that you are going to deploy. Configure your app to use the managed identity to pull from Azure Container Registry.
az resource update --ids /subscriptions/<subscription-id>/resourceGroups/myResourceGroup/providers/Microsoft.Web/sites/<app-name-1>/config/web --set properties.acrUseManagedIdentityCreds=True
az resource update --ids /subscriptions/<subscription-id>/resourceGroups/myResourceGroup/providers/Microsoft.Web/sites/<app-name-2>/config/web --set properties.acrUseManagedIdentityCreds=True
Replace the following values:
<subscription-id>
with the subscription ID retrieved from the az account show command.<app-name>
with the name of your web app.
Deploy the image#
Use the az webapp config container set
command to specify the
container registry and the image to deploy for the web app:
az webapp config container set --name <app-name-1> --resource-group myResourceGroup --docker-custom-image-name <registry-name>.azurecr.io/rest_api_gcbm:latest --docker-registry-server-url https://<registry-name>.azurecr.io
az webapp config container set --name <app-name-2> --resource-group myResourceGroup --docker-custom-image-name <registry-name>.azurecr.io/rest_api_flint.example:latest --docker-registry-server-url https://<registry-name>.azurecr.io
Replace <app-name-1>
and <app-name-2>
with the name of your web
app, and replace all instances of <registry-name>
with the name of your
registry. When the az webapp config container set
command completes,
the web app is running in the container on App Service.
To test the app, browse to https://<app-name>.azurewebsites.net
,
replacing <app-name>
with the name of your web app. To clean up the
resources, you only need to delete the resource group that contains
them:
az group delete --name myResourceGroup