| title | description | ms.topic | ms.date |
|---|---|---|---|
Set up Azure Arc for App Service, Functions, and Logic Apps |
For your Azure Arc enabled Kubernetes clusters, learn how to enable App Service apps, function apps, and logic apps. |
article |
08/17/2021 |
Set up an Azure Arc enabled Kubernetes cluster to run App Service, Functions, and Logic Apps (Preview)
If you have an Azure Arc enabled Kubernetes cluster, you can use it to create an App Service enabled custom location and deploy web apps, function apps, and logic apps to it.
Azure Arc enabled Kubernetes lets you make your on-premises or cloud Kubernetes cluster visible to App Service, Functions, and Logic Apps in Azure. You can create an app and deploy to it just like another Azure region.
If you don't have an Azure account, sign up today for a free account.
Launch the Bash environment in Azure Cloud Shell.
Because these CLI commands are not yet part of the core CLI set, add them with the following commands.
az extension add --upgrade --yes --name connectedk8s
az extension add --upgrade --yes --name k8s-extension
az extension add --upgrade --yes --name customlocation
az provider register --namespace Microsoft.ExtendedLocation --wait
az provider register --namespace Microsoft.Web --wait
az provider register --namespace Microsoft.KubernetesConfiguration --wait
az extension remove --name appservice-kube
az extension add --yes --source "https://aka.ms/appsvc/appservice_kube-latest-py2.py3-none-any.whl"
Note
This tutorial uses Azure Kubernetes Service (AKS) to provide concrete instructions for setting up an environment from scratch. However, for a production workload, you will likely not want to enable Azure Arc on an AKS cluster as it is already managed in Azure. The steps below will help you get started understanding the service, but for production deployments, they should be viewed as illustrative, not prescriptive. See Quickstart: Connect an existing Kubernetes cluster to Azure Arc for general instructions on creating an Azure Arc enabled Kubernetes cluster.
-
Create a cluster in Azure Kubernetes Service with a public IP address. Replace
<group-name>with the resource group name you want.aksClusterGroupName="<group-name>" # Name of resource group for the AKS cluster aksName="${aksClusterGroupName}-aks" # Name of the AKS cluster resourceLocation="eastus" # "eastus" or "westeurope" az group create -g $aksClusterGroupName -l $resourceLocation az aks create --resource-group $aksClusterGroupName --name $aksName --enable-aad --generate-ssh-keys infra_rg=$(az aks show --resource-group $aksClusterGroupName --name $aksName --output tsv --query nodeResourceGroup) az network public-ip create --resource-group $infra_rg --name MyPublicIP --sku STANDARD staticIp=$(az network public-ip show --resource-group $infra_rg --name MyPublicIP --output tsv --query ipAddress)$aksClusterGroupName="<group-name>" # Name of resource group for the AKS cluster $aksName="${aksClusterGroupName}-aks" # Name of the AKS cluster $resourceLocation="eastus" # "eastus" or "westeurope" az group create -g $aksClusterGroupName -l $resourceLocation az aks create --resource-group $aksClusterGroupName --name $aksName --enable-aad --generate-ssh-keys $infra_rg=$(az aks show --resource-group $aksClusterGroupName --name $aksName --output tsv --query nodeResourceGroup) az network public-ip create --resource-group $infra_rg --name MyPublicIP --sku STANDARD $staticIp=$(az network public-ip show --resource-group $infra_rg --name MyPublicIP --output tsv --query ipAddress)
-
Get the kubeconfig file and test your connection to the cluster. By default, the kubeconfig file is saved to
~/.kube/config.az aks get-credentials --resource-group $aksClusterGroupName --name $aksName --admin kubectl get ns -
Create a resource group to contain your Azure Arc resources. Replace
<group-name>with the resource group name you want.groupName="<group-name>" # Name of resource group for the connected cluster az group create -g $groupName -l $resourceLocation$groupName="<group-name>" # Name of resource group for the connected cluster az group create -g $groupName -l $resourceLocation
-
Connect the cluster you created to Azure Arc.
clusterName="${groupName}-cluster" # Name of the connected cluster resource az connectedk8s connect --resource-group $groupName --name $clusterName$clusterName="${groupName}-cluster" # Name of the connected cluster resource az connectedk8s connect --resource-group $groupName --name $clusterName
-
Validate the connection with the following command. It should show the
provisioningStateproperty asSucceeded. If not, run the command again after a minute.az connectedk8s show --resource-group $groupName --name $clusterName
While a Log Analytic workspace is not required to run App Service in Azure Arc, it's how developers can get application logs for their apps that are running in the Azure Arc enabled Kubernetes cluster.
-
For simplicity, create the workspace now.
workspaceName="$groupName-workspace" # Name of the Log Analytics workspace az monitor log-analytics workspace create \ --resource-group $groupName \ --workspace-name $workspaceName$workspaceName="$groupName-workspace" az monitor log-analytics workspace create ` --resource-group $groupName ` --workspace-name $workspaceName
-
Run the following commands to get the encoded workspace ID and shared key for an existing Log Analytics workspace. You need them in the next step.
logAnalyticsWorkspaceId=$(az monitor log-analytics workspace show \ --resource-group $groupName \ --workspace-name $workspaceName \ --query customerId \ --output tsv) logAnalyticsWorkspaceIdEnc=$(printf %s $logAnalyticsWorkspaceId | base64) # Needed for the next step logAnalyticsKey=$(az monitor log-analytics workspace get-shared-keys \ --resource-group $groupName \ --workspace-name $workspaceName \ --query primarySharedKey \ --output tsv) logAnalyticsKeyEncWithSpace=$(printf %s $logAnalyticsKey | base64) logAnalyticsKeyEnc=$(echo -n "${logAnalyticsKeyEncWithSpace//[[:space:]]/}") # Needed for the next step$logAnalyticsWorkspaceId=$(az monitor log-analytics workspace show ` --resource-group $groupName ` --workspace-name $workspaceName ` --query customerId ` --output tsv) $logAnalyticsWorkspaceIdEnc=[Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($logAnalyticsWorkspaceId))# Needed for the next step $logAnalyticsKey=$(az monitor log-analytics workspace get-shared-keys ` --resource-group $groupName ` --workspace-name $workspaceName ` --query primarySharedKey ` --output tsv) $logAnalyticsKeyEnc=[Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($logAnalyticsKey))
-
Set the following environment variables for the desired name of the App Service extension, the cluster namespace in which resources should be provisioned, and the name for the App Service Kubernetes environment. Choose a unique name for
<kube-environment-name>, because it will be part of the domain name for app created in the App Service Kubernetes environment.extensionName="appservice-ext" # Name of the App Service extension namespace="appservice-ns" # Namespace in your cluster to install the extension and provision resources kubeEnvironmentName="<kube-environment-name>" # Name of the App Service Kubernetes environment resource
$extensionName="appservice-ext" # Name of the App Service extension $namespace="appservice-ns" # Namespace in your cluster to install the extension and provision resources $kubeEnvironmentName="<kube-environment-name>" # Name of the App Service Kubernetes environment resource
-
Install the App Service extension to your Azure Arc connected cluster, with Log Analytics enabled. Again, while Log Analytics is not required, you can't add it to the extension later, so it's easier to do it now.
az k8s-extension create \ --resource-group $groupName \ --name $extensionName \ --cluster-type connectedClusters \ --cluster-name $clusterName \ --extension-type 'Microsoft.Web.Appservice' \ --release-train stable \ --auto-upgrade-minor-version true \ --scope cluster \ --release-namespace $namespace \ --configuration-settings "Microsoft.CustomLocation.ServiceAccount=default" \ --configuration-settings "appsNamespace=${namespace}" \ --configuration-settings "clusterName=${kubeEnvironmentName}" \ --configuration-settings "loadBalancerIp=${staticIp}" \ --configuration-settings "keda.enabled=true" \ --configuration-settings "buildService.storageClassName=default" \ --configuration-settings "buildService.storageAccessMode=ReadWriteOnce" \ --configuration-settings "customConfigMap=${namespace}/kube-environment-config" \ --configuration-settings "envoy.annotations.service.beta.kubernetes.io/azure-load-balancer-resource-group=${aksClusterGroupName}" \ --configuration-settings "logProcessor.appLogs.destination=log-analytics" \ --configuration-protected-settings "logProcessor.appLogs.logAnalyticsConfig.customerId=${logAnalyticsWorkspaceIdEnc}" \ --configuration-protected-settings "logProcessor.appLogs.logAnalyticsConfig.sharedKey=${logAnalyticsKeyEnc}"az k8s-extension create ` --resource-group $groupName ` --name $extensionName ` --cluster-type connectedClusters ` --cluster-name $clusterName ` --extension-type 'Microsoft.Web.Appservice' ` --release-train stable ` --auto-upgrade-minor-version true ` --scope cluster ` --release-namespace $namespace ` --configuration-settings "Microsoft.CustomLocation.ServiceAccount=default" ` --configuration-settings "appsNamespace=${namespace}" ` --configuration-settings "clusterName=${kubeEnvironmentName}" ` --configuration-settings "loadBalancerIp=${staticIp}" ` --configuration-settings "keda.enabled=true" ` --configuration-settings "buildService.storageClassName=default" ` --configuration-settings "buildService.storageAccessMode=ReadWriteOnce" ` --configuration-settings "customConfigMap=${namespace}/kube-environment-config" ` --configuration-settings "envoy.annotations.service.beta.kubernetes.io/azure-load-balancer-resource-group=${aksClusterGroupName}" ` --configuration-settings "logProcessor.appLogs.destination=log-analytics" ` --configuration-protected-settings "logProcessor.appLogs.logAnalyticsConfig.customerId=${logAnalyticsWorkspaceIdEnc}" ` --configuration-protected-settings "logProcessor.appLogs.logAnalyticsConfig.sharedKey=${logAnalyticsKeyEnc}"
[!NOTE] To install the extension without Log Analytics integration, remove the last three
--configuration-settingsparameters from the command.The following table describes the various
--configuration-settingsparameters when running the command:Parameter Description Microsoft.CustomLocation.ServiceAccountThe service account that should be created for the custom location that will be created. It is recommended that this be set to the value default.appsNamespaceThe namespace to provision the app definitions and pods. Must match that of the extension release namespace. clusterNameThe name of the App Service Kubernetes environment that will be created against this extension. loadBalancerIpThe public IP of the Kubernetes cluster. App Service apps receive traffic on this IP address. Also informs default DNS mapping. keda.enabledWhether KEDA should be installed on the Kubernetes cluster. Accepts trueorfalse.buildService.storageClassNameThe name of the storage class for the build service to store build artifacts. A value like defaultspecifies a class nameddefault, and not any class that is marked as default.buildService.storageAccessModeThe access mode to use with the named storage class above. Accepts ReadWriteOnceorReadWriteMany.customConfigMapThe name of the config map that will be set by the App Service Kubernetes environment. Currently, it must be <namespace>/kube-environment-config, replacing<namespace>with the value ofappsNamespaceabove.envoy.annotations.service.beta.kubernetes.io/azure-load-balancer-resource-groupThe name of the resource group in which the Azure Kubernetes Service cluster resides. Valid and required only when the underlying cluster is Azure Kubernetes Service. logProcessor.appLogs.destinationOptional. Accepts log-analytics.logProcessor.appLogs.logAnalyticsConfig.customerIdRequired only when logProcessor.appLogs.destinationis set tolog-analytics. The base64-encoded Log analytics workspace ID. This parameter should be configured as a protected setting.logProcessor.appLogs.logAnalyticsConfig.sharedKeyRequired only when logProcessor.appLogs.destinationis set tolog-analytics. The base64-encoded Log analytics workspace shared key. This parameter should be configured as a protected setting. -
Save the
idproperty of the App Service extension for later.extensionId=$(az k8s-extension show \ --cluster-type connectedClusters \ --cluster-name $clusterName \ --resource-group $groupName \ --name $extensionName \ --query id \ --output tsv)$extensionId=$(az k8s-extension show ` --cluster-type connectedClusters ` --cluster-name $clusterName ` --resource-group $groupName ` --name $extensionName ` --query id ` --output tsv)
-
Wait for the extension to fully install before proceeding. You can have your terminal session wait until this complete by running the following command:
az resource wait --ids $extensionId --custom "properties.installState!='Pending'" --api-version "2020-07-01-preview"
You can use kubectl to see the pods that have been created in your Kubernetes cluster:
kubectl get pods -n $namespaceYou can learn more about these pods and their role in the system from Pods created by the App Service extension.
The custom location in Azure is used to assign the App Service Kubernetes environment.
-
Set the following environment variables for the desired name of the custom location and for the ID of the Azure Arc connected cluster.
customLocationName="my-custom-location" # Name of the custom location connectedClusterId=$(az connectedk8s show --resource-group $groupName --name $clusterName --query id --output tsv)
$customLocationName="my-custom-location" # Name of the custom location $connectedClusterId=$(az connectedk8s show --resource-group $groupName --name $clusterName --query id --output tsv)
-
Create the custom location:
az customlocation create \ --resource-group $groupName \ --name $customLocationName \ --host-resource-id $connectedClusterId \ --namespace $namespace \ --cluster-extension-ids $extensionIdaz customlocation create ` --resource-group $groupName ` --name $customLocationName ` --host-resource-id $connectedClusterId ` --namespace $namespace ` --cluster-extension-ids $extensionId
-
Validate that the custom location is successfully created with the following command. The output should show the
provisioningStateproperty asSucceeded. If not, run it again after a minute.az customlocation show --resource-group $groupName --name $customLocationName -
Save the custom location ID for the next step.
customLocationId=$(az customlocation show \ --resource-group $groupName \ --name $customLocationName \ --query id \ --output tsv)$customLocationId=$(az customlocation show ` --resource-group $groupName ` --name $customLocationName ` --query id ` --output tsv)
Before you can start creating apps on the custom location, you need an App Service Kubernetes environment.
-
Create the App Service Kubernetes environment:
az appservice kube create \ --resource-group $groupName \ --name $kubeEnvironmentName \ --custom-location $customLocationId \ --static-ip $staticIpaz appservice kube create ` --resource-group $groupName ` --name $kubeEnvironmentName ` --custom-location $customLocationId ` --static-ip $staticIp
-
Validate that the App Service Kubernetes environment is successfully created with the following command. The output should show the
provisioningStateproperty asSucceeded. If not, run it again after a minute.az appservice kube show --resource-group $groupName --name $kubeEnvironmentName