How to terraform an Azure app service using container?

Today three major companies share the cloud market: AWS, GCP and Azure. Here we are going to see an example of how to use one of Azure products: the app service. 

This document is a tutorial to terraform properly an Azure app service using Docker container.

Azure App Service is an HTTP-based service for hosting web applications, REST APIs, and mobile back ends. Code can be deployed directly in the app service in different languages, or with a container.

Prerequisites

  • Have an Azure account with those followings:
    • A resource group where resources will be declared (here we will use "MYRG" for example).
    • Azure Container Registry (ACR) - Azure solution to store docker images. (Here we will use "ACR01" for example). The application container image is push in the ACR01 with the name "myapp" and tag "latest".
    • Create a User (User_ACR_pull) in your Active Directory and assign it the AcrPull role for the Azure Container Registry "ARC01".
  • Have Terraform installed
  • Have Azure cli installed

Terraform an app service configuration

 

In the following section I describe the Terraform configuration.

 

Set up the provider for Azure

 

Get user assign identity

Load your user "User_ACR_pull" in Terraform. These informations will be used to give the correct right to your app service to pull images from the ACR.

 

 

Terraform documentation: azurerm_user_assigned_identity

 

App service plan

Before creating your app service you need first to create an app service plan. An App Service plan defines a set of compute resources for a web app to run. These compute resources are analogous to the server farm in conventional web hosting.

 

 

Terraform documentation: azurerm_app_service_plan

 

Warning: For high availability Azure advises to have at least 3 instances running (defined in capacity). In fact azure can do maintenance and if you have only one instance this one can be done during the maintenance process.

 

Environment variables

In order to use an Azure Container Registry, you need to declare some environment variables to your app service:

 

 

This is here where you will have to declare all other environment variables required for your application.

 

App service

Once you have declared your app service plan and the environment variables, you can declare your app service:

 

 

Terraform documentation: azurerm_app_service

 

Staging slot

In order to use blue/green deployment to avoid downtime during the deployment of a new version of the code, you need to declare a staging slot. During a new code version deployment, the new version will be deployed first in the staging slot. Once the application is fully started on this slot, the application will be swapped with the one running on the production slot and all the traffic will go through the new version.

 

 

Terraform documentation: azurerm_app_service_slot

 

Monitoring - app insight

You can also add an app insight to improve the monitoring of your application:

 

 

Terraform documentation: azurerm_application_insights

 

In order to connect the app insight to your app, you need to your application you need to add this environment variables:

 

 

Warning: when you add a new environment variable to your application this one restart. So you will have a down time. To avoid this down time:

 

1. Add the new environment variable only in the staging slot.

2. Swap the staging slot to the production slot.

3. Put the new environment variable in the production slot.

Apply your configuration in Azure

 

Here are the command you have to pass in your terminal

 

Login to Azure

 

 

Init terraform

 

 

Apply your configuration

 

 

Once applied, you can see the resources created in azure:

- App service plan: my_service_plan

- App service: my_app_service_container

- App insight: my_app_insight

 

You are now able to deploy from code, an high available application in a Azure app service with the required monitoring for production use with the possibility of of using blue/green deployment with the staging slot to avoid any downtime during your code deployment.

Cyprien Lecallier

Cyprien Lecallier

Cyprien is a Site Reliability Engineer (SRE) at Padok. He is passionate about DevOps technologies, and he loves facing new challenges every day.

What do you think? Leave your comments here !