Figure 3 Configured Reply URLs—Azure AD App Registration
registration pages in Azure AD for the admin portal and in Azure AD B2C for the consumer portal. Figure 3 shows the reply URL that’s configured for a Web application deployed to ACI or AKS.
Before you can deploy the application to AKS from your local developer machine, you must have the “kubectl” command tools for Windows installed.
Deploying to Azure Web App for Containers Deploying an application to Azure Web App for Containers is similar to deploying to Azure Container Instances in that there are no virtual machines to provision and no orchestrator for dealing with more complex scenarios. Instead, the containers are deployed to a man- aged Azure App Service Instance endpoint in Azure.
Figure 4 shows the settings required to create an Azure Web App for Containers instance in the Azure Portal. The URL to the Docker container image uploaded to the Azure container registry is captured as part of the configuration.
Deploying to Web App for Containers provides other handy features that are available with Azure App Service, like the ability to scale out the Web app, configure auto scaling, and use deployment slots for staging and production.
Deploying to Azure Container Services for Kubernetes (AKS) The first step here is creating and configuring an AKS cluster. Before you can deploy the application to AKS from your local developer machine, you must have the
“kubectl” command tools for Windows installed.
While the procedure can also be performed from the Azure
Portal, the steps I’ll describe here are to provision an AKS cluster in Azure using the Azure CLI. Note that at this time, while ACS is generally available across all the Azure regions, AKS, which pro- vides managed Kubernetes clusters with enhanced capabilities not available in ACS, and which is currently in Preview, is available in only a few regions around the world. In this case, I’m creating the cluster in West Europe. Here are the commands I use to do so:
az group create --name contosoinsacsrg --location westeurope
az aks create -g contosoinsacsrg --name contosoinsacsportal --generate- ssh-keys --admin-username <username> --node-count 1
az aks get-credentials -g contosoinsacsrg -n contosoinsacsportal
To enable the AKS cluster to access the Azure container registry in order to pull the container images, the service principal of the AKS cluster is given a “Reader” role; that is, it’s given read access to the ACR instance hosting the images. Refer to the documentation at bit.ly/2ErvcBq for more details on this. Here are the CLI commands you use to perform these actions:
# Get the id of the service principal configured for AKS
az aks show --resource-group contosoinsacsrg --name contosoinsacsportal --query "servicePrincipalProfile.clientId" --output tsv
# Get the ACR registry resource id
az acr show --name contosoinsacr --resource-group contosoInsAuthRG --query "id" --output tsv
# Create role assignment
az role assignment create --assignee <ServicePrincipalId> --role Reader --scope <resourceid>
Now let’s deploy the application to the AKS cluster. The steps I’ll explain here involve the use of kubectl com- mands on my development worksta- tion running Windows and Docker.
I’ll deploy the application using “YAML” files. (YAML is a data serial- ization language often used for configuration files.) Figure 5 shows the YAML file used to deploy the admin portal in the solution. As an outcome of this step, the container image of the admin portal is pulled from ACR, provisioned in the AKS cluster and exposed through an Azure load balancer and public IP address.
Azure
Figure 4 Azure Web App for Containers 24 msdn magazine