Challenge-08A.md

Challenge 8 - Path A: Dapr-enabled Services running in Azure Kubernetes Service (AKS)

< Previous Challenge - Home

Introduction

In this challenge, you're going to deploy the Dapr-enabled services you have written locally to an Azure Kubernetes Service (AKS) cluster.

• Update all the host names & port numbers to use the Dapr defaults since it will be running in AKS.
• Create a Kubernetes secret in your AKS cluster that references your Azure Key Vault secrets.
• Update the Dapr secret configuration file to pull secrets from the Kubernetes secret.
• Build Docker images of all 3 services & upload to the Azure Container Registry.
• Deploy your service images to your AKS cluster.
• Run your Simulation service locally.

Success Criteria

To complete this challenge, you must reach the following goals:

• Validate that all 3 services are compiled into Docker images & stored in an Azure Container Registry.
• Validate that you have successfully deployed all 3 services (VehicleRegistrationService, TrafficControlService & FineCollectionService) to an AKS cluster.
• Validate that the local Simulation service runs & connects to your AKS-hosted services and that all the previous functionality still works (input messages, output messages, speeding violation emails, etc).

Tips

• Start the cluster if it is stopped.

• Change the host name for each service (in the Program.cs file) from http://localhost to http://* as this will allow the Kestrel server to bind to 0.0.0.0 instead of 127.0.0.1. This is needed to ensure the health probes work in Kubernetes.

  • Debugging K8S Connection Refused

• Use ACR Tasks to simplify creation & deployment of the images to the registry.

• Modify the Resources/Infrastructure/Helm/dapr-trafficcontrol/values.yaml with the specific connection strings, tenant IDs, registry names, etc for your deployment.

  • Note that the names of the components in the Helm chart YAML files (and in the values.yaml file) may not be exactly what you specified in your config files or put in your C# code. You should check all the names of each component to ensure they match.

• Use Helm to deploy all the AKS configuration files to Azure. Helm will substitute the values in the values.yaml file into the various configuration files.

  helm upgrade --install dapr-trafficcontrol . --namespace dapr-trafficcontrol --atomic

• Use various kubectl commands to validate that all the services are running in your AKS cluster. Here are some useful ones.

  • Set your current namespace to the dapr-trafficcontrol namespace

    kubectl config set-context --current --namespace=dapr-trafficcontrol

  • Get all pods (in the current namespace)

    kubectl get pods

  • Describe a specific pod (to help debug deployment issues)

    kubectl describe pod <pod-name>

  • Tail the logs of a specific pod (and follow)

    kubectl logs <pod-name> -f

  • Review the Dapr sidecar logs of a particular pod

    kubectl logs <pod-name> daprd

  • Restart a deployment after updating the Helm chart or image

    kubectl rollout restart deployment fine-collection-service

Learning Resources

• AKS Key Vault integration
• AKS Workload Identity

Thanks for participating in these hands-on challenges! Hopefully you've learned about Dapr and how to use it. Obviously, these challenges barely scratch the surface of what is possible with Dapr. We have not touched upon subjects like: hardening production environments, actors, integration with Azure Functions and Azure API Management just to name a few. So if you're interested in learning more, I suggest you read the Dapr documentation.