This is an Azure Cloud developer sandbox to enable software development for the OSDU™ data platform. It is not recommended for any production scenario. For a fully managed implementation please see Azure Data Manager for Energy.
The developer sandbox is built using the following principles from the Azure Well-Architected Framework.
- Cost Optimization - Creating a cost-effective solution while balancing security.
- Security - Enhancing security within a development context, adhering to a zero trust model.
- Operational Excellence - Prioritizing DevOps standards with automation to ensure efficient operations and robust monitoring.
Bicep: Desired State Configuration
Bicep is a domain-specific language (DSL) for deploying Azure resources declaratively. It simplifies authoring ARM templates and allows you to define the desired state of your Azure infrastructure in code. Azure Resource Manager (ARM) processes the Bicep file to ensure the Azure environment matches the defined desired state, correcting any drift through redeployment.
GitOps: Desired State Management
GitOps uses Git as a single source of truth for declarative components and applications. It ensures that the actual state of the components or application matches the desired state defined in the Git repository, automating updates through continuous monitoring and Git commits.
-
Azure Subscription: An active Microsoft Azure subscription.
-
Azure CLI: Install and configured on your local machine. You can download it here.
-
Azure Developer CLI: Install and configured on your local machine. You can download it here.
# Enable Resource Group Scoped Deployment azd config set alpha.resourceGroupDeployments on
-
Visual Studio Code: Install and configure on your local machine with the REST Client Extension. You can download it here
The recommended approach is to use the Azure Developer CLI, which allows for customization and additional configuration. You can use the ARM Template Deployment, but will require additional manual configuration for establishment of the first user and intial access tokens.
-
Authentication
# Login and set subscription az login az account set --subscription <your_subscription_id> azd auth login
-
Provisioning
# Initialize a new environment azd init -e dev # Provision the solution azd provision
-
Configuration
Once the environment has been provisioned, retrieve the ingress URL
https://<your_ingress>/auth/
and obtain an authorization code to use in getting a refresh token for calling APIs.# Open URL in browser azd env get-values |grep INGRESS_EXTERNAL # Set retrieved authorization code azd env set AUTH_CODE <your_auth_code> azd hooks run predeploy
-
Cleanup
# Remove all resources azd down --purge --force # Delete the environment rm -rf .azure/<your_environment_name>
Environment settings can be overriden as necessary.
# Override Default Subscription
azd env set AZURE_SUBSCRIPTION_ID <your_subscription_id>
# Override Client Id Creation
azd env set AZURE_CLIENT_ID <your_client_id>
# Override Software Location
azd env set SOFTWARE_REPOSITORY <your_git_url>
azd env set SOFTWARE_BRANCH <your_branch>
Deploying the resources is efficient and straightforward using an ARM (Azure Resource Manager) template. While this method utilizes default settings for ease of use, navigating parameter options can be challenging.
To facilitate a smooth deployment experience, we provide a "Deploy to Azure" button. Clicking this button will redirect you to the Azure portal, where the ARM template is pre-loaded for your convenience.
Important Parameter Requirement:
During the deployment process, identity information is necessary and required to be provided in the deployment form.:
Application Client Id
: Specify the Application Client Id. (This is the unique application ID of this application.)Application Client Secret
: Specify the Application Client Secret. (A valid secret for the application client ID.)Application Client Principal OID
: Specify the Enterprise Application Object Id. (This is the unique ID of the service principal object associated with the application.)
Upon completing the deployment, the infrastructure and software components will be automatically provisioned. This includes loading the software configuration through a GitOps approach, enabled by AKS (Azure Kubernetes Service).
To begin, simply click the button below:
For further understanding of the interactions of the Azure Developer CLI and the architecture of the solution, please refer to the Architecture Documentation which can be found here.
There are many ways to customize the deployment. For example, virtual network injection can be implemented. Details on how to perform such customizations can be found here.
Feature flags are leveraged to assist in major modifications to the solution, ensuring adherence to different policies and requirements. More information can be found here.
The repository is configured with Github Actions to automate the validation of pull requests.. The strategy for actions can be found here.
There are many things that can be done to customize the deployment. One example of this might be virtual network injection. More information can be found here.
This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.