-
Notifications
You must be signed in to change notification settings - Fork 195
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Question] Aspire - Deploy To Existing RG/Container Env #4029
Comments
@bakes82 , in theory you can do it, but it is all a very manual process. Azd doesn't have an out-of-the-box feature to cover this scenario for you. Here's what you can try:
"environmentName": {
"value": "name-to-remember"
},
|
/unresolve Your response is to still generate a new RG and entities. My question is to deploy to existing infrastructure, why would I need to spin up another container registry, rg, and container environment for every aspire application I create? The org I'm in doesn't work like that nor does it really follow MS best practices. Why can't I tell aspire to use existing resources, as long as I have the permissions needed there should be 0 issues correct? The 1x per aspire application doesn't seem logical epically in larger organizations where we have numerous azure policies in place that require certain "standards" for resources, so your generated infra doesn't align with what "our" standard is. Now if you want to say aspire isn't geared toward production/enterprise use then make that known. |
I know Aspire is still bringing new features and better experiences for all scenarios, including production/enterprise. You can follow their latest work from https://github.com/dotnet/aspire. For deploying Aspire projects with Azd, it is common to expect developers to run The manual instructions I shared before are meant for a world where a user is not allowed to create new resources in the Azure subscription, and they need to ask their company to create resources. |
Really, you think people don't use shared key vaults, shared sql databases, storage accounts etc across multiple applications? (Note: some resources like Azure Open AI are also heavily limited so its not like I can just spin one up per aspire application) Who says I'm even using aspire to generate those resources? Aspire lets you use preexisting resources, I don't need 15 container registries to push dockers in to when I can have 1 per app team, nor do you need 15 AKS clusters/container environments. One key benefit to aspire is the centralized registration of services and the ability for the deployment to push out the variables required on deployments for each docker. I don't see any reason an AZD Environment cant be an existing RG/Registry and the azd up command would still work using a shared container registry and aks/container app. Clearly, we can do it manually. At the end of the day its still using basic dot net commands and the generated yaml file. The issue seems to be on the AZD side and allowing for easy creation of environments that use existing resources, it seems like you just need to take in a RG/Container Registry/AKS/Container App/Managed Identity (optional?) based on what I see this sample yaml. In my aspire app, Im only using pre-existing resources so I just want it to do the image creation and container creation/deployment. api-version: 2024-02-02-preview
location: {{ .Env.AZURE_LOCATION }}
identity:
type: UserAssigned
userAssignedIdentities:
? "{{ .Env.AZURE_CONTAINER_REGISTRY_MANAGED_IDENTITY_ID }}"
: {}
properties:
environmentId: {{ .Env.AZURE_CONTAINER_APPS_ENVIRONMENT_ID }}
configuration:
activeRevisionsMode: single
runtime:
dotnet:
autoConfigureDataProtection: true
ingress:
external: true
targetPort: {{ targetPortOrDefault 8080 }}
transport: http
allowInsecure: false
registries:
- server: {{ .Env.AZURE_CONTAINER_REGISTRY_ENDPOINT }}
identity: {{ .Env.AZURE_CONTAINER_REGISTRY_MANAGED_IDENTITY_ID }}
secrets:
- name: connectionstrings--testsbconnectionstring
value: '{{ securedParameter "TestSBConnectionString" }}'
- name: connectionstrings--teststorageconnectionstring
value: '{{ securedParameter "TestStorageConnectionString" }}'
- name: connectionstrings--openaiconnectionname
value: '{{ securedParameter "openAiConnectionName" }}'
template:
containers:
- image: {{ .Image }}
name: webfrontend
env:
- name: AZURE_CLIENT_ID
value: {{ .Env.MANAGED_IDENTITY_CLIENT_ID }}
- name: ASPNETCORE_FORWARDEDHEADERS_ENABLED
value: "true"
- name: AZURE_EXPERIMENTAL_ENABLE_ACTIVITY_SOURCE
value: "true"
- name: OTEL_DOTNET_EXPERIMENTAL_OTLP_EMIT_EVENT_LOG_ATTRIBUTES
value: "true"
- name: OTEL_DOTNET_EXPERIMENTAL_OTLP_EMIT_EXCEPTION_LOG_ATTRIBUTES
value: "true"
- name: OTEL_DOTNET_EXPERIMENTAL_OTLP_RETRY
value: in_memory
- name: services__apiservice__http__0
value: http://apiservice.internal.{{ .Env.AZURE_CONTAINER_APPS_ENVIRONMENT_DEFAULT_DOMAIN }}
- name: services__apiservice__https__0
value: https://apiservice.internal.{{ .Env.AZURE_CONTAINER_APPS_ENVIRONMENT_DEFAULT_DOMAIN }}
- name: ConnectionStrings__TestSBConnectionString
secretRef: connectionstrings--testsbconnectionstring
- name: ConnectionStrings__TestStorageConnectionString
secretRef: connectionstrings--teststorageconnectionstring
- name: ConnectionStrings__openAiConnectionName
secretRef: connectionstrings--openaiconnectionname
scale:
minReplicas: 1
tags:
azd-service-name: webfrontend
aspire-resource-name: webfrontend
|
Yeah, you can use Another alternative for bringing your existing infrastructure is by using AddBicepTemplate. You can define your own bicep module which uses the However, from Aspire <= 8.0.2, you can't (yet) define/re-use existing You can manually update the I am not sure if the current work-in-progress changes to allow customers configure the From my POV, it makes sense to think about a matching one-to-one relation between one Aspire AppHost and one set of hosting-components only. Specially on Production. I wouldn't expect one Aspire Project to have access to one container registry which has images for multiple projects; that might be seen as a security concern. The same way for the container environment, which provides the network and Aspire dashboard for your services. It's hard to think using one only Container Environment for multiple projects. But this 100% a question Aspire to answer |
Yes Im aware..... this is my point I can create an aspire application w/out any need for new resources.
Im not seeing the security concern here, maybe we just split our code base into multiple solutions. There are also limits to the number of container registrations per subscription, while I know these can be increased dosent mean its logical. We tend to have sprawling applications. Last check I we had over 1200 function apps, so are you saying if they were aspire applications instead, we should have 1200 container registries ;) Some reusability tends to make sense to me. |
@bakes82 on the Aspire side we are looking at ways where we can shift more of the control of the auxiliary resources that Aspire relies on into the application model to allow for this kind of flexibility. The current behavior of In time we hope to deliver greater flexibility here, and when that happens Here is a PR were we've been doing some experimentation along these lines on the Aspire side: We aren't there yet though. Here is a related issue on the |
Output from
azd version
Run
azd version
and copy and paste the output here:azd version 1.9.3 (commit e162433)
Additional context
Is there a way to use azd deploy/etc to push an aspire app to an existing RG/ContainerE Eng/Reg? Our org has numerous policies so a direct azd up fails due to missing tags and what not. AZD Up works great to my VS Enterprise Subscription, I see there is azd package but that doesnt seem to output anything when I run it.
The text was updated successfully, but these errors were encountered: