/aci-in-vnet-with-sidecars

Azure Container Instances deployed in a VNet with sidecar and init containers

Primary LanguageShellMIT LicenseMIT

ACI in VNet with Sidecar Containers

This repo is showing some advanced features of Azure Container Instances, amongst others:

  • Advanced scheduling of ACIs including:
    • Init containers
    • Sidecars
    • Deployment in Virtual Networks
    • YAML-based deployments
  • Getting certificates from LetsEncrypt into Azure Key Vault
  • Accessing Azure PaaS services via private endpoints
  • End-to-end SSL with Azure Application Gateway

Following is a screenshot of the dashboard, part of this repository, showing the overall application architecture:

dashboard

Sample deployment scripts are included, as well as Github workflows that can be run individually or in a group:

actions

Workflow details

There are 6 steps in the 00-deploy_app.yml workflow, that you can opt to run individually with these additional workflows:

  • 01-infra_setup.yml: creates a resource group and certain assets that will be leveraged in further workflows:
    • Azure Container Registry
    • Azure Key Vault
    • Azure Application Gateway
  • 02-build_images.yml: builds the images for the applications in this project and pushes them to the Azure Container Registry created in the previous step. The applications built are:
  • 03-gen_cert.yml: LetsEncrypt certificates will be generated for the domain specified in the environment variables. The certificate will be stored in the Azure Key Vault.
  • 04-deploy_images.yml: the images build in step 2 will be configured will the certificates generated in step 3 and will be deployed to the Virtual Network using YAML.
  • 05-config_appgw.yml: the Azure Application Gateway will be configured to send traffic to the deployed Azure Container Instances
  • 06-test_app.yml: a very simple script will initialize the database and send some traffic so that the dashboard's real time chart reflects some data

All of the workflows above use primarily the Azure CLI to provision and configure all the elements in this architecture.

Getting Started

Prerequisites

  • Valid Azure subscription with the possibility of creating Service Principal and role assignments.
  • Public DNS zone in Azure, required to validate LetsEncrypt certificates.

Quickstart

  1. Fork this repository.
  2. Create a Github secret with access to your subscription, called AZURE_CREDENTIALS.
  3. Modify the environment variables in the workflow 00-deploy_app.yml.
  4. Run the workflow 00-deploy_app.yml.