4 January 2021
This document is a tutorial to terraform properly an Azure app service using Docker container.
Azure App Service is an HTTP-based service for hosting web applications, REST APIs, and mobile back ends. Code can be deployed directly in the app service in different languages, or with a container.
- Have an Azure account with those followings:
- A resource group where resources will be declared (here we will use "MYRG" for example).
- Azure Container Registry (ACR) - Azure solution to store docker images. (Here we will use "ACR01" for example). The application container image is push in the ACR01 with the name "myapp" and tag "latest".
- Create a User (User_ACR_pull) in your Active Directory and assign it the AcrPull role for the Azure Container Registry "ARC01".
- Have Terraform installed
- Have Azure cli installed
Terraform an app service configuration
In the following section, I describe the Terraform configuration.
Set up the provider for Azure
Get user assign identity
Load your user "User_ACR_pull" in Terraform. These pieces of information will be used to give the correct right to your app service to pull images from the ACR.
Terraform documentation: azurerm_user_assigned_identity
App service plan
Before creating your app service you need first to create an app service plan. An App Service plan defines a set of computing resources for a web app to run. These compute resources are analogous to the server farm in conventional web hosting.
Terraform documentation: azurerm_app_service_plan
Warning: For high availability, Azure advises to have at least 3 instances running (defined incapacity). In fact, azure can do maintenance and if you have only one instance this one can be done during the maintenance process.
In order to use an Azure Container Registry, you need to declare some environment variables to your app service:
This is here where you will have to declare all other environment variables required for your application.
Once you have declared your app service plan and the environment variables, you can declare your app service:
Terraform documentation: azurerm_app_service
In order to use blue/green deployment to avoid downtime during the deployment of a new version of the code, you need to declare a staging slot. During a new code version deployment, the new version will be deployed first in the staging slot. Once the application is fully started on this slot, the application will be swapped with the one running on the production slot and all the traffic will go through the new version.
Terraform documentation: azurerm_app_service_slot
Monitoring - app insight
You can also add an app insight to improve the monitoring of your application:
Terraform documentation: azurerm_application_insights
In order to connect the app insight to your app, you need to your application you need to add these environment variables:
Warning: when you add a new environment variable to your application this one restarts. So you will have a downtime. To avoid this downtime:
1. Add the new environment variable only in the staging slot.
2. Swap the staging slot to the production slot.
3. Put the new environment variable in the production slot.
Apply your configuration in Azure
Here is the command you have to pass in your terminal
Login to Azure
Apply your configuration
Once applied, you can see the resources created in azure:
- App service plan: my_service_plan
- App service: my_app_service_container
- App insight: my_app_insight
You are now able to deploy from code, an high available application in an Azure app service with the required monitoring for production use with the possibility of using blue/green deployment with the staging slot to avoid any downtime during your code deployment.