from the settings blade of the Web App. This configuration handles the generation of a new Docker image of the application when the code is checked in and the build process triggered, and lets the updated Web application be deployed and tested in the staging slot first, prior to push- ing the image to the production slot.
Enabling SSL on
the Web Applications
At this time, with AKS, the Web
applications deployed are available
using an HTTP endpoint only. To enable the endpoints for HTTPS instead, one of the options available is to deploy Azure Application Gateway, which would expose an HTTPS URL, perform SSL termi- nation, and route the requests to the admin and customer portals.
Azure Application Gateway uses a custom probe to periodically monitor the health of the Web applications in the back-end pool. In order for the health probe to access a page in the Web appli- cation to check for application health, minor changes were made to both the portal applications by disabling authentication on the /home page, which doesn’t contain business-critical information. This page was then configured in the custom probe definition in Application Gateway to be used for the health check.
At this time, with AKS, the Web applications deployed are available using an HTTP endpoint only.
Alternatively, the Nginx Ingress Controller for Kubernetes sup- ports TLS termination and can be used to SSL-enable access to the Web applications.
Deploying the Solution in Your Subscription
Ifyou’dliketotryoutthissolutiononyourown,youcandownload the source files and scripts from the GitHub repository at bit.ly/2DRvwdh. You’ll need the following software to implement this solution:
• Visual Studio 2017 Preview, Community or Enterprise Edition with Update 3
• An Azure subscription
• A Windows PowerShell script editor
• Azure CLI (bit.ly/2w3J00u)
• Docker Community Edition for Windows (dockr.ly/2mnfX7M)
• Visual Studio Tools for Docker (bit.ly/2F6YBRb)
• The Kubectl command tool for Windows (bit.ly/2swZVLJ)
The GitHub repository contains the source files for the admin and customer portals used in the solution. For this article, the single solution that contained the ASP.NET Core 2.0 MVC projects for msdnmagazine.com
Figure 7 The Admin Portal Running in AKS
both Web applications were separated into two individual solution projects so they could be packaged and deployed to containers sep- arately. However, these individual solution files haven’t been added to the GitHub repository.
Minor code changes were made in both the projects to suit this article. In the previous article, I used .pfx files in the certificate store on the local machine, which the client embeds in its request to authenticate itself with the Azure Key Vault Service. In this issue, for simplicity, the client secret is used instead, along with the application ID, to authenticate the Web application with Azure Key Vault. The recommended approach is to use certificates in the request for authentication.
To deploy the two solution files to your Azure subscription, refer to the code snippets and reference documentation provided in this article.
Wrapping Up
Azure Key Vault is an effective mechanism that allows businesses to securely manage their sensitive business information using indus- try standard algorithms and techniques to perform cryptographic operations. Azure provides you with SDKs to consume this service on a variety of platforms in the language of your choice. Without having to make any significant code changes to your application, you could choose to deploy your solutions either as Web applica- tions in Azure App Services or package them as Docker-enabled applications to Azure Container Services or Azure Web Apps for Containers. Visual Studio 2017 tooling for Docker provides a turnkey implementation to Docker-enable a Web application, hid- ing all the complexity and letting you focus on building business functionality. Azure Container Service gives you access to best-in- class, open source tooling support with Kubernetes for container orchestration. This, combined with the integrated tooling support for continuous integration and deployment with Azure Team Services, ensures organizations have the right tools for agile soft- ware delivery across all the phases of a project lifecycle. n
Srikantan Sankaran is a principal technical evangelist from the One Commercial Partner team in India, based out of Bangalore. He works with numerous ISVs in India and helps them architect and deploy their solutions on Microsoft Azure. Reach him at sansri@microsoft.com.
thankS to the following Microsoft technical expert for reviewing this article: Anil Dwarakanath
April 2018 27