This is an automated email from the ASF dual-hosted git repository.
danhaywood pushed a commit to branch ISIS-3255
in repository https://gitbox.apache.org/repos/asf/isis.git
The following commit(s) were added to refs/heads/ISIS-3255 by this push:
new 40c7de2e34 ISIS-3255: updates docs on letsencrypt with ACA
40c7de2e34 is described below
commit 40c7de2e346d3c7380e58b16d3f876c392d0fae6
Author: danhaywood <[email protected]>
AuthorDate: Wed Jan 4 07:08:47 2023 +0000
ISIS-3255: updates docs on letsencrypt with ACA
---
.../images/image-2023-01-02-11-10-57-742.png | Bin 399828 -> 0 bytes
.../images/image-2023-01-02-11-15-22-937.png | Bin 177254 -> 0 bytes
.../images/image-2023-01-02-11-37-15-599.png | Bin 277941 -> 0 bytes
.../images/image-2023-01-02-11-39-16-947.png | Bin 123243 -> 0 bytes
.../images/image-2023-01-02-11-41-34-824.png | Bin 53087 -> 0 bytes
.../images/image-2023-01-02-18-54-07-844.png | Bin 44438 -> 0 bytes
.../images/image-2023-01-02-18-55-22-599.png | Bin 43113 -> 0 bytes
.../images/image-2023-01-02-18-57-10-836.png | Bin 30196 -> 0 bytes
.../images/image-2023-01-03-17-58-33-718.png | Bin 0 -> 109418 bytes
.../images/image-2023-01-03-18-07-57-499.png | Bin 0 -> 172103 bytes
.../images/image-2023-01-03-18-10-33-567.png | Bin 0 -> 304198 bytes
.../images/image-2023-01-03-18-16-01-614.png | Bin 0 -> 182994 bytes
.../images/image-2023-01-03-18-22-59-542.png | Bin 0 -> 196650 bytes
.../images/image-2023-01-03-18-27-32-832.png | Bin 0 -> 248437 bytes
.../images/image-2023-01-03-18-33-23-116.png | Bin 0 -> 71103 bytes
.../images/image-2023-01-04-06-23-41-099.png | Bin 0 -> 100404 bytes
.../images/image-2023-01-04-06-25-56-926.png | Bin 0 -> 58685 bytes
.../images/image-2023-01-04-06-26-42-960.png | Bin 0 -> 21755 bytes
.../images/image-2023-01-04-06-29-02-083.png | Bin 0 -> 106044 bytes
.../images/image-2023-01-04-06-31-36-293.png | Bin 0 -> 199485 bytes
.../conguide/modules/nightlies/pages/about.adoc | 271 +++++++++------------
21 files changed, 115 insertions(+), 156 deletions(-)
diff --git
a/antora/components/conguide/modules/nightlies/images/image-2023-01-02-11-10-57-742.png
b/antora/components/conguide/modules/nightlies/images/image-2023-01-02-11-10-57-742.png
deleted file mode 100644
index e07f4a0203..0000000000
Binary files
a/antora/components/conguide/modules/nightlies/images/image-2023-01-02-11-10-57-742.png
and /dev/null differ
diff --git
a/antora/components/conguide/modules/nightlies/images/image-2023-01-02-11-15-22-937.png
b/antora/components/conguide/modules/nightlies/images/image-2023-01-02-11-15-22-937.png
deleted file mode 100644
index acc9c9624a..0000000000
Binary files
a/antora/components/conguide/modules/nightlies/images/image-2023-01-02-11-15-22-937.png
and /dev/null differ
diff --git
a/antora/components/conguide/modules/nightlies/images/image-2023-01-02-11-37-15-599.png
b/antora/components/conguide/modules/nightlies/images/image-2023-01-02-11-37-15-599.png
deleted file mode 100644
index a4fac01fc6..0000000000
Binary files
a/antora/components/conguide/modules/nightlies/images/image-2023-01-02-11-37-15-599.png
and /dev/null differ
diff --git
a/antora/components/conguide/modules/nightlies/images/image-2023-01-02-11-39-16-947.png
b/antora/components/conguide/modules/nightlies/images/image-2023-01-02-11-39-16-947.png
deleted file mode 100644
index d373338784..0000000000
Binary files
a/antora/components/conguide/modules/nightlies/images/image-2023-01-02-11-39-16-947.png
and /dev/null differ
diff --git
a/antora/components/conguide/modules/nightlies/images/image-2023-01-02-11-41-34-824.png
b/antora/components/conguide/modules/nightlies/images/image-2023-01-02-11-41-34-824.png
deleted file mode 100644
index e55eb0e9e0..0000000000
Binary files
a/antora/components/conguide/modules/nightlies/images/image-2023-01-02-11-41-34-824.png
and /dev/null differ
diff --git
a/antora/components/conguide/modules/nightlies/images/image-2023-01-02-18-54-07-844.png
b/antora/components/conguide/modules/nightlies/images/image-2023-01-02-18-54-07-844.png
deleted file mode 100644
index 58659be179..0000000000
Binary files
a/antora/components/conguide/modules/nightlies/images/image-2023-01-02-18-54-07-844.png
and /dev/null differ
diff --git
a/antora/components/conguide/modules/nightlies/images/image-2023-01-02-18-55-22-599.png
b/antora/components/conguide/modules/nightlies/images/image-2023-01-02-18-55-22-599.png
deleted file mode 100644
index b67fb6242f..0000000000
Binary files
a/antora/components/conguide/modules/nightlies/images/image-2023-01-02-18-55-22-599.png
and /dev/null differ
diff --git
a/antora/components/conguide/modules/nightlies/images/image-2023-01-02-18-57-10-836.png
b/antora/components/conguide/modules/nightlies/images/image-2023-01-02-18-57-10-836.png
deleted file mode 100644
index 127baf44c5..0000000000
Binary files
a/antora/components/conguide/modules/nightlies/images/image-2023-01-02-18-57-10-836.png
and /dev/null differ
diff --git
a/antora/components/conguide/modules/nightlies/images/image-2023-01-03-17-58-33-718.png
b/antora/components/conguide/modules/nightlies/images/image-2023-01-03-17-58-33-718.png
new file mode 100644
index 0000000000..7c139ee581
Binary files /dev/null and
b/antora/components/conguide/modules/nightlies/images/image-2023-01-03-17-58-33-718.png
differ
diff --git
a/antora/components/conguide/modules/nightlies/images/image-2023-01-03-18-07-57-499.png
b/antora/components/conguide/modules/nightlies/images/image-2023-01-03-18-07-57-499.png
new file mode 100644
index 0000000000..ae4d29d131
Binary files /dev/null and
b/antora/components/conguide/modules/nightlies/images/image-2023-01-03-18-07-57-499.png
differ
diff --git
a/antora/components/conguide/modules/nightlies/images/image-2023-01-03-18-10-33-567.png
b/antora/components/conguide/modules/nightlies/images/image-2023-01-03-18-10-33-567.png
new file mode 100644
index 0000000000..45dcf85bb6
Binary files /dev/null and
b/antora/components/conguide/modules/nightlies/images/image-2023-01-03-18-10-33-567.png
differ
diff --git
a/antora/components/conguide/modules/nightlies/images/image-2023-01-03-18-16-01-614.png
b/antora/components/conguide/modules/nightlies/images/image-2023-01-03-18-16-01-614.png
new file mode 100644
index 0000000000..546fcb00a8
Binary files /dev/null and
b/antora/components/conguide/modules/nightlies/images/image-2023-01-03-18-16-01-614.png
differ
diff --git
a/antora/components/conguide/modules/nightlies/images/image-2023-01-03-18-22-59-542.png
b/antora/components/conguide/modules/nightlies/images/image-2023-01-03-18-22-59-542.png
new file mode 100644
index 0000000000..1ae67f86e5
Binary files /dev/null and
b/antora/components/conguide/modules/nightlies/images/image-2023-01-03-18-22-59-542.png
differ
diff --git
a/antora/components/conguide/modules/nightlies/images/image-2023-01-03-18-27-32-832.png
b/antora/components/conguide/modules/nightlies/images/image-2023-01-03-18-27-32-832.png
new file mode 100644
index 0000000000..3feadd5133
Binary files /dev/null and
b/antora/components/conguide/modules/nightlies/images/image-2023-01-03-18-27-32-832.png
differ
diff --git
a/antora/components/conguide/modules/nightlies/images/image-2023-01-03-18-33-23-116.png
b/antora/components/conguide/modules/nightlies/images/image-2023-01-03-18-33-23-116.png
new file mode 100644
index 0000000000..705de78206
Binary files /dev/null and
b/antora/components/conguide/modules/nightlies/images/image-2023-01-03-18-33-23-116.png
differ
diff --git
a/antora/components/conguide/modules/nightlies/images/image-2023-01-04-06-23-41-099.png
b/antora/components/conguide/modules/nightlies/images/image-2023-01-04-06-23-41-099.png
new file mode 100644
index 0000000000..539fb274df
Binary files /dev/null and
b/antora/components/conguide/modules/nightlies/images/image-2023-01-04-06-23-41-099.png
differ
diff --git
a/antora/components/conguide/modules/nightlies/images/image-2023-01-04-06-25-56-926.png
b/antora/components/conguide/modules/nightlies/images/image-2023-01-04-06-25-56-926.png
new file mode 100644
index 0000000000..ece903b8fa
Binary files /dev/null and
b/antora/components/conguide/modules/nightlies/images/image-2023-01-04-06-25-56-926.png
differ
diff --git
a/antora/components/conguide/modules/nightlies/images/image-2023-01-04-06-26-42-960.png
b/antora/components/conguide/modules/nightlies/images/image-2023-01-04-06-26-42-960.png
new file mode 100644
index 0000000000..6b146575db
Binary files /dev/null and
b/antora/components/conguide/modules/nightlies/images/image-2023-01-04-06-26-42-960.png
differ
diff --git
a/antora/components/conguide/modules/nightlies/images/image-2023-01-04-06-29-02-083.png
b/antora/components/conguide/modules/nightlies/images/image-2023-01-04-06-29-02-083.png
new file mode 100644
index 0000000000..6f10b2fe04
Binary files /dev/null and
b/antora/components/conguide/modules/nightlies/images/image-2023-01-04-06-29-02-083.png
differ
diff --git
a/antora/components/conguide/modules/nightlies/images/image-2023-01-04-06-31-36-293.png
b/antora/components/conguide/modules/nightlies/images/image-2023-01-04-06-31-36-293.png
new file mode 100644
index 0000000000..854a3ab44f
Binary files /dev/null and
b/antora/components/conguide/modules/nightlies/images/image-2023-01-04-06-31-36-293.png
differ
diff --git a/antora/components/conguide/modules/nightlies/pages/about.adoc
b/antora/components/conguide/modules/nightlies/pages/about.adoc
index d9c99f0587..5db1b649ee 100644
--- a/antora/components/conguide/modules/nightlies/pages/about.adoc
+++ b/antora/components/conguide/modules/nightlies/pages/about.adoc
@@ -8,7 +8,7 @@ This page describes how we deploy the
xref:docs:starters:simpleapp.adoc[], xref:
WARNING: work in progress
-The intention is to use
link:https://learn.microsoft.com/en-gb/azure/container-apps/[Azure Container
Apps].
+The intention is to use
link:https://learn.microsoft.com/en-gb/azure/container-apps/[Azure Container
Apps] (hereafter ACA).
== Azure Container Apps
@@ -51,16 +51,24 @@ az provider register --namespace
Microsoft.OperationalInsights
-=== Setup
+=== Setup the resource group and ACA environment
+
+In Azure, all resources live in resource groups.
+We will use a single resource group.
+
+One of the resources to be set up is an ACA environment, which creates a
secure boundary around a group of container apps.
+Container Apps deployed to the same environment are deployed in the same
virtual network and write logs to the same Log Analytics workspace.
+We will use a single ACA environment.
Create a resource group to organize the services related to the container apps.
-* set the environment variables:
+* set these environment variables:
+
[source,bash]
----
RESOURCE_GROUP="causeway-nightlies-rg"
LOCATION="uksouth"
+CONTAINERAPPS_ENVIRONMENT="causeway-nightlies-aca-env"
----
* create the resource group
@@ -89,19 +97,7 @@ resulting in:
}
----
-=== Create an environment
-
-An environment in Azure Container Apps creates a secure boundary around a
group of container apps.
-Container Apps deployed to the same environment are deployed in the same
virtual network and write logs to the same Log Analytics workspace.
-
-* set a further environment variable:
-+
-[source,bash]
-----
-CONTAINERAPPS_ENVIRONMENT="causeway-nightlies-aca-env"
-----
-
-* xxx
+* next, create the ACA environment:
+
[source,bash]
----
@@ -155,11 +151,15 @@ Container Apps environment created. To deploy a container
app, use: az container
}
----
+
=== Create container apps
-For
link:https://hub.docker.com/repository/docker/apacheisis/demo-wicket-jpa[apacheisis/demo-wicket-jpa]
+We will create a container app manually.
+In the <<#automation,automation (below)>>, we will simply update the container
(replacing the image with a new one).
+
+We'll start with the
link:https://hub.docker.com/repository/docker/apacheisis/demo-wicket-jpa[apacheisis/demo-wicket-jpa]
Docker image:
-* set a further environment variables:
+* set further environment variables:
+
[source,bash]
----
@@ -189,7 +189,96 @@ resulting in:
Container app created. Access your app at
https://demo-wicket-jpa.graytree-90c75749.uksouth.azurecontainerapps.io/
----
-=== Update the app
+* Change scaling from default (1-10) to just a single instance.
++
+image::image-2023-01-03-08-31-58-018.png[width=600]
+
+
+== Lets Encrypt
+
+as per:
link:https://dev.to/shibayan/how-to-quickly-setup-a-lets-encrypt-certificate-in-azure-container-apps-3nd7[this
blog post] blog, the
link:https://github.com/shibayan/containerapps-acmebot[shibayan/containerapps-acmebot]
repo provides an Azure deployment that handles the LetsEncrypt certificates.
+
+Following its
link:https://github.com/shibayan/containerapps-acmebot/wiki/Getting-Started[Getting-Started]
README:
+
+=== DNS management
+
+Created DNS zone for `incode.work`, and then a child zone `apps.incode.work`.
+
+NOTE: the intention is to change this to a more suitable domain.
+
+
+=== Deploy the Services
+
+* from the
link:https://github.com/shibayan/containerapps-acmebot/wiki/Getting-Started#1-deploy-acmebot[README]:
++
+image::image-2023-01-03-17-58-33-718.png[width=600]
+
+* add params:
++
+image::image-2023-01-03-18-07-57-499.png[width=800]
++
+results in:
++
+image::image-2023-01-03-18-10-33-567.png[width=800]
+
+
+== Enable App Service Authentication & Access control (IAM)
+
+Continuing with the
link:https://github.com/shibayan/containerapps-acmebot/wiki/Getting-Started#3-enable-app-service-authentication[README]:
+
+* add an identity provider to the function app:
++
+image::image-2023-01-03-18-16-01-614.png[width=800]
+
+* add contributor role assignment:
++
+image::image-2023-01-03-18-22-59-542.png[width=1000]
+
+
+== Access function app
+
+Continuing further with the
link:https://github.com/shibayan/containerapps-acmebot/wiki/Getting-Started#5-access-to-function-app[README]:
+
+* locate the name of the function app (`func-acmbeot-y3a6` above)
+
+* navigate to
link:https://func-acmbeot-y3a6.azurewebsites.net/add-certificate[], and grant
permissions to access the site:
++
+image::image-2023-01-03-18-27-32-832.png[width=300]
+
+
+* complete dialog:
++
+image::image-2023-01-04-06-23-41-099.png[width=600]
++
+and `Submit`.
+
+* The docs say "after a few tens of seconds, the certificate will be issued".
+Indeed so:
++
+image::image-2023-01-04-06-26-42-960.png[width=400]
++
+In the DNS zone, it creates this `TXT` record:
++
+image::image-2023-01-04-06-29-02-083.png[width=600]
+
+* Also create a `CNAME` for the app:
++
+image::image-2023-01-04-06-25-56-926.png[width=400]
+
+* Confirm that the app can be accessed:
++
+image::image-2023-01-04-06-31-36-293.png[width=800]
+
+
+== Automation
+
+The nightly automation simply needs to update the apps with new images; there
is no need to create ACA environments etc from scratch.
+
+=== Manual update first
+
+To see what this mean, let's first just update the app manually.
+
+Working with the `demo-wicket-jpa` app:
* update the environment variables:
+
@@ -198,9 +287,10 @@ Container app created. Access your app at
https://demo-wicket-jpa.graytree-90c75
IMAGE_VERSION="2.0.0-M9.20221229-0233-"
----
+
-NOTE: looks like there's an issue with our generation of the image version,
missing the sha Id suffix.
+NOTE: Hmm, looks like there's an issue with our generation of the image
version, missing the sha Id suffix.
+But this image _does_ exist.
-* Update the image
+* Update the image using `az containerapp update`:
+
[source,bash]
----
@@ -291,140 +381,9 @@ resulting in:
}
----
-== Custom domain
-
-=== Create self-signed certificate
+This results in a new revision being provisioned.
+Traffic is automatically migrated over to the new revision, and then the
previous revision is removed.
-* create `
-+
-[source,bash]
-----
-openssl req -new -newkey RSA:2048 -nodes -keyout ssl.key -out ssl.csr
-----
-+
-resulting in:
-+
-[source,bash]
-----
-Generating a RSA private key
-...............................+++++
-.+++++
-writing new private key to 'ssl.key'
------
-You are about to be asked to enter information that will be incorporated
-into your certificate request.
-What you are about to enter is what is called a Distinguished Name or a DN.
-There are quite a few fields but you can leave some blank
-For some fields there will be a default value,
-If you enter '.', the field will be left blank.
------
-Country Name (2 letter code) [AU]:UK
-State or Province Name (full name) [Some-State]:Worcestershire
-Locality Name (eg, city) []:Malvern
-Organization Name (eg, company) [Internet Widgits Pty Ltd]:Haywood Associates
Ltd.
-Organizational Unit Name (eg, section) []:
-Common Name (e.g. server FQDN or YOUR name) []:*.isis.incode.work
-Email Address []:[email protected]
-
-Please enter the following 'extra' attributes
-to be sent with your certificate request
-A challenge password []:
-An optional company name []:Haywood Associates Ltd.
-----
-+
-which results in two files:
-
-** `ssl.csr`
-** `ssl.key`
-
-* create the `.crt` self-signed certificate:
-+
-[source,bash]
-----
-openssl x509 -req -days 365 -in ssl.csr -signkey ssl.key -out ssl.crt
-----
-+
-resulting in:
-+
-[source,bash]
-----
-Signature ok
-subject=C = UK, ST = Worcestershire, L = Malvern, O = Haywood Associates Ltd.,
CN = *.isis.incode.work, emailAddress = [email protected]
-Getting Private key
-----
-+
-and the additional file:
-
-** `ssl.crt`
-
-
-* convert to a PKCS12 (`.pfx`) file
-+
-[source,bash]
-----
-openssl pkcs12 -inkey ssl.key -in ssl.crt -export -out ssl.pfx
-----
-+
-resulting in:
-+
-[source,bash]
-----
-Enter Export Password:
-Verifying - Enter Export Password:
-----
-+
-and the additional file:
-
-** `ssl.pfx`
-
-
-
-=== Add Custom domain and bind to cert
-
-As per MS docs on
https://learn.microsoft.com/en-us/azure/container-apps/custom-domains-certificates[adding
custom domain & certificates]
-
-in Azure Portal:
-
-* locate IP:
-+
-image::image-2023-01-02-11-10-57-742.png[width=800px]
-
-* add custom domain:
-+
-image::image-2023-01-02-11-15-22-937.png[width=400]
-
-in DNS nameserver (eg held by registrar)
-
-* add DNS records:
-+
-image::image-2023-01-02-11-37-15-599.png[width=800]
-
-in Azure Portal:
-
-* validate:
-+
-image::image-2023-01-02-11-39-16-947.png[width=400]
-
-* next:
-+
-image::image-2023-01-02-11-41-34-824.png[width=400]
-
-* use `create new` link
-+
-upload the .pfx file created earlier, and validate:
-+
-image::image-2023-01-02-18-54-07-844.png[width=400]
-
-* confirm
-+
-image::image-2023-01-02-18-55-22-599.png[width=400]
-
-* listed:
-+
-image::image-2023-01-02-18-57-10-836.png[width=800]
-
-
-* Change scaling from default (1-10) to just a single instance.
-+
-image::image-2023-01-03-08-31-58-018.png[width=600]
+=== Automation
+WARNING: todo.
