This sample application is designed to test Kubernetes deployment to Azure Cloud.
- Azure Blob Storage (used for SQLite database with file share enabled)
- Azure Key Vault
- Azure Container Registry
- Docker containers to be pulled from the private ACR repo (requires k8s authentication)
- Access
This app has a private Azure Container Registry (ACR), if desired to test with your cluster you can use a public docker image of this sample application.
# run commands from the root directory of this project
docker build --rm -f "src\Bet.K8s.Web.Sample\Dockerfile" -t {DOCKER_REGISTRY}/bet:k8sweb .
# publish
docker push {DOCKER_REGISTRY}/bet:k8sweb
Or with docker compose
# local or dev build and run
docker-compose -f "docker-compose.yml" -f "docker-compose.override.yml" up -d
# production build
docker-compose -f "docker-compose.yml" up -d --build --no-recreate bet.k8sweb
For Azure Vault to work
- had to refresh msi pods
- Added reader permission for key vault
Set up environment variables
- Create ACR if not already created
# creates azure container registry acr
az acr create -n $acrName -g bet-rg --sku Basic --admin-enabled --location centralus
- Create Kubernetes Secret for ACR access
This must be created per kubernetes namespace.
# set credentials for acr
$acrCredPass = az acr credential show -n $acrName --query "passwords[1].value" -o tsv
$acrCredUser = az acr credential show -n $acrName --query "username" -o tsv
$acrServer = az acr list -g bet-rg --query "[0].loginServer" -o tsv
$acrEmail = ""
# create kubernetes secret
kubectl create secret docker-registry "betacr-acr" --docker-server=$acrServer --docker-username=$acrCredUser --docker-password=$acrCredPass --docker-email=$acrEmail
# get the value of the docker registry
kubectl describe secret/betacr-acr
# renew password for rotations
az acr credential renew -n $arcName --password-name password2
- Deploy docker image to ACR
# login to acr
az acr login -n $acrName
# publish to acr
docker push
# setup fileshare storage secret for azurefile provider
kubectl create secret generic betshare-secret --from-literal=azurestorageaccountname=$storageName --from-literal=azurestorageaccountkey=$storageKey
kubectl describe secret/betshare-secret
Adding the required Secret to Azure Vault with Azure CLI command:
az keyvault secret set -n betk8sweb--testValue --vault-name [vaultName] --value MySuperSecretThatIDontWantToShareWithYou!
Please run this commands from the root of the application.
# local install
helm install betk8sweb k8s/betk8sweb --set ingress.enabled=false,local.enable=true
# install in the cluster
helm install betk8sweb k8s/betk8sweb --set ingress.enabled=true,aadpodidbinding=[podMsiId]
# uninstall
helm uninstall betk8sweb
# troubleshooting
kubectl get pods
kubectl describe pod betk8sweb-[id]
# login to pods
kubectl exec --stdin --tty betk8sweb-[id] -- /bin/sh
# list mounts
df -aTh
# lists all of the claims
kubectl get pv