Giter VIP home page Giter VIP logo

tailwindtraders-backend's Introduction

Tailwind Traders Backend Services

Build status

This repository contains all code + deployment scripts for the Tailwind Traders Backend.

Table of contents

Repositories

For this demo reference, we built several consumer and line-of-business applications and a set of backend services. You can find all repositories in the following locations:

Deployment scenarios

Tailwind Traders supports two deployment scenarios:

  1. Deploy Tailwind Traders Backend on Azure AKS and Azure resources (CosmosDb and Storage accounts)
  2. Deploy Tailwind Traders Backend on Windows and Linux containers in AKS

Service Principal

A Service Principal is needed for creating the AKS. If you use the CLI for create the resources, you can reuse a SP one passing to the script the id and password as optional parameters; if not, the script will create a new one for you and will print the details (id and password among them).

In case you use Azure Portal for the resources' creation, you can also reuse a SP or create manually a new one for passing the credentials to the template.

If you want to create a Service Principal, you can do so via the CLI

az ad sp create-for-rbac --skip-assignment --name myAKSClusterServicePrincipal

The output is similar to the following example. Make a note of your own appId and password. These values are used when you create an AKS cluster throughout this guide.

{
  "appId": "559513bd-0c19-4c1a-87cd-851a26afd5fc",
  "displayName": "myAKSClusterServicePrincipal",
  "name": "http://myAKSClusterServicePrincipal",
  "password": "e763725a-5eee-40e8-a466-dc88d980f415",
  "tenant": "72f988bf-86f1-41af-91ab-2d7cd011db48"
}

Deploy using one script

You can deploy all basics scenarios using one script under /Deploy folder.

  • Deploy Tailwind Traders Backend on Azure AKS and Azure resources (CosmosDb and Storage accounts)

    Running the following command you can deploy starting with the infrastructure and ending with deploying the images on the storage:

.\Deploy-Unified.ps1 -resourceGroup <resource-group-name> -location <location> -clientId <service-principal-id> -password <service-principal-password> -subscription <subscription-id>
  • resourceGroup: The name of your resource group where all infrastructure will be created Required
  • location: Select where you want to create your resource group, for example: eastus Required
  • clientId: Id of the service principal used to create the AKS Required if your user does not have permissions to create a new one
  • password: Password of the service principal Required
  • subscription: Id of your subscription where you are going to deploy your resource group Required

The process will take few minutes.

  • Deploy Tailwind Traders Backend on Windows and Linux containers in AKS

    Running the following command you can deploy starting with the infrastructure and ending with deploying the images on the storage. This command requires more parameters than Linux scenario because we need to build and deploy a WCF service.

    Note For mixed (Windows and Linux containers) scenario we need to deploy Tailwind Traders Rewards before it. Because you are going to need some resources that Tailwind Traders Rewards creates.

.\Deploy-Unified-WinLinux.ps1 -resourceGroup <resource-group-name> -location <location> -clientId <service-principal-id> -password <service-principal-password> -subscription <subscription-id> -deployWinLinux $true -rewardsResourceGroup <resource-group-rewards-name> -rewardsDbPassword <database-rewards-password>
  • deployWinLinux: Flag needed to execute Windows-Linux scenario
  • csprojPath: Path location where Tailwind.Traders.Rewards.Registration.Api.csproj is in your machine Required
  • msBuildPath: Path location where MSBuild.exe is, for example: C:\Program Files (x86)\Microsoft Visual Studio\2019\Professional\MSBuild\Current\Bin
  • rewardsResourceGroup: The name of the resource group where Tailwind Traders Rewards is deployed Required
  • rewardsDbPassword: Tailwind Traders Rewards database password (Tailwind Traders Rewards Registration, WCF service, connects to this database) Required

The process will take few minutes, more than Linux scenario, it will create an Azure Kubernetes Service with Windows and Linux nodes.

In addition to the following documentation you can also deploy infrastructure and services step by step.

Deploy Tailwind Traders on AKS and Azure Resources (CosmosDb and Storage accounts)

To run Tailwind Traders you need to create the Azure infrastructure. There are two ways to do it. Using Azure portal or using a Powershell script.

Step 1 - Option 1: Creating infrastructure using Azure Portal

An ARM script is provided so you can automate the creation of the resources required for the backend services just clicking following button:

Deploy to Azure

Azure portal will ask you for the following parameters:

  • servicePrincipalId: Id of the service principal used to create the AKS
  • servicePrincipalSecret: Password of the service principal
  • aksVersion: AKS version to use (at least 1.14).

The deployment could take more than 10 minutes, and once finished all needed resources will be created:

Resource group with all azure resources created

Step 1 - Option 2: Create the resources using the CLI

You can use the CLI to deploy the ARM script. Open a Powershell window from the /Deploy/powershell folder and run the Deploy-Arm-Azure.ps1 with following parameters:

  • -resourceGroup: Name of the resource group
  • -location: Location of the resource group

You can optionally pass two additional parameters:

  • -clientId: Id of the service principal uesd to create the AKS
  • -password: Password of the service principal

If these two parameters are not passed a new service principal will be created.

There is an additional optional parameters to control some aspects of what is created:

  • -deployAks: If set to $false AKS and ACR are not created. This is useful if you want to create the AKS yourself or use an existing AKS. Defaults to $true. If this parameter is $true the resource group can't exist (AKS must be deployed in a new resource group).

Once script finishes, everything is installed. If a service principal has been created, the script will output the service principal details - please, take note of the appId and password properties for use them in the AKS deployment

Step 2: Deploy Backend services on AKS

Pre-requisites for this deployment are to have:

  • The AKS and all related resources deployed in Azure
  • A terminal with Powershell environment
  • Azure CLI 2.0 installed.
  • Kubectl installed with the last version (v1.15.0 at this moment).
  • Helm 3 installed with 3.0 or superior version (v3.0.0 at this moment).
  • Docker installed

Connecting kubectl to AKS

From the terminal type:

  • az login and follow instructions to log into your Azure.
  • If you have more than one subscription type az account list -o table to list all your Azure subscriptions. Then type az account set --subscription <subscription-id> to select your subscription
  • az aks get-credentials -n <your-aks-name> -g <resource-group-name> to download the configuration files that kubectl needs to connect to your AKS.

At this point if you type kubectl config current-context the name of your AKS cluster should be displayed. That means that kubectl is ready to use your AKS

Configuring services

Before deploying services using Helm, you need to setup the configuration. We refer to the configuration file with the name of gvalues file. This file contains all secrets and connection strings so beware to not commit in your repo accidentally.

An example of this file is in helm/gvalues.yaml. The deployment scripts use this file by default, but do not rely on editing this file. Instead create a copy of it a folder outside the repository and use the -valuesFile parameter of the deployment script.

Note: The folder /Deploy/helm/__values/ is added to .gitignore, so you can keep all your configuration files in it, to avoid accidental pushes.

Note: If you come from the Windows and Linux containers scenario you must add the Rewards database's connection string, in the values file you are using, for example:

inf:
(...)
  db:
  (...)
    rewards:
      host: tcp:*****.database.windows.net
      port: "1433"
      catalog: rewardsdb # you must not modify this name
      user: ttuser
      pwd: YourPassword
    (...)

Please refer to the comments of the file for its usage. Just ignore (but not delete) the tls section (it is used if TLS is enabled).

Auto generating the configuration file

Generating a valid gvalues file can be a bit harder, so there is a Powershell script that can do all work by you. This script assumes that all resources are deployed in the same resource group, and this resource group contains only the Tailwind Traders resources. Also assumes the Azure resources have been created using the tools provided in this repo.

Note The Generate-Config.ps1 uses the application-insights CLI extension to find the application insights id. Install it with az extension add --name application-insights

To auto-generate your gvalues file just go to /Deploy/powershell folder and from a Powershell window, type the following:

.\Generate-Config.ps1 -resourceGroup <your-resource-group> -outputFile ..\helm\__values\<name-of-your-file>

The parameters that Generate-Config.ps1 accepts are:

  • -resourceGroup: Resource group where all Azure resources are. Required.
  • -outputFile: Full path of the output file to generate. A good idea is to generate a file in /Deploy/helm/__values/ folder as this folder is ignored by Git. If not passed the result file is written on screen.
  • -gvaluesTemplate: Template of the gvalues file to use. The parameter defaults to the /Deploy/helm/gvalues.template which is the only template provided.

The script checks that all needed resources exists in the resource group. If some resource is missing or there is an unexpected resource, the script exits.

If you come from the Windows and Linux containers in AKS scenario and you want to use the rewards registration service you have to pass also the following parameters:

  • -rewardsResourceGroup: Fill it if you are going to use Rewards DB (this is used, for example in the Windows and Linux containers in AKS scenarios).
  • -rewardsDbPassword: The database password for the administrator user. Required if a rewardsResourceGroup is provided.

Otherwise the script will disable the rewards registration service.

Create secrets on the AKS

Docker images are stored in a ACR (a private Docker Registry hosted in Azure).

Before deploying anything on AKS, a secret must be installed to allow AKS to connect to the ACR through a Kubernetes' service account.

To do so from a Powershell terminal run the ./Create-Secret.ps1 inside powershell folder with following parameters:

  • -resourceGroup <group> Resource group where AKS is
  • -acrName <name> Name of the ACR

This will create the secret in AKS using ACR credentials. If ACR login is not enabled you can create a secret by using a service principal. In case that ACR is not created with administrator rights you will have to provide the service principal clientId and secret:

  • -clientId <id> Client id of the service principal to use
  • -password <pwd> Service principal secret

Build & deploy images to ACR

You can manually use docker-compose to build and push the images to the ACR. If using compose you can set following environment variables:

  • TAG: Will contain the generated docker images tag
  • REGISTRY: Registry to use. This variable should be set to the login server of the ACR

Once set, you can use docker-compose build and docker-compose push to build and push the images.

Additionaly there is a Powershell script in the Deploy folder, named Build-Push.ps1. You can use this script for building and pushing ALL images to ACR. Parameters of this script are:

  • resourceGroup: Resource group where ACR is. Required.
  • acrName: ACR name (not login server). Required.
  • dockerTag: Tag to use for generated images (defaults to latest)
  • dockerBuild: If $true (default value) docker images will be built using docker-compose build.
  • dockerPush: If $true (default value) docker images will be push to ACR using docker-compose push.
  • isWindows: If $true (default to $false) will use the docker compose file for windows.

This script uses az CLI to get ACR information, and then uses docker-compose to build and push the images to ACR.

To build and push images tagged with v1 to a ACR named my-acr in resource group named my-rg, execute the following command inside /Deploy/powershell

.\Build-Push.ps1 -resourceGroup my-rg -dockerTag v1 -acrName my-acr

To just push the images (without building them before):

.\Build-Push.ps1 -resourceGroup my-rg -dockerTag v1 -acrName my-acr -dockerBuild $false

If you want to deploy the rewards registration image just call this command with the isWindows parameter set to true.

Notes:

  • Remember to switch to Windows containers.
  • The project needs to be published previously with the already created FolderProfile.

Limit the used resources for the services

You can set the CPU and RAM limit and request consumption values for each one of the services, editing the values in its corresponding values.yaml, under the field resources:

resources:
  limits:
    cpu: "500m"
  requests:
    cpu: "100m"

Enabling SSL/TLS on the cluster (optional BUT highly recommended)

Tailwind Traders can be deployed with TLS (https) support. For this to work a TLS/SSL certificate must be installed on the Kubernetes cluster. Three options are provided:

  • Use staging certificate from Let's Encrypt. Not valid for production scenarios as staging certificates are not trusted.
  • Use production certificate from Let's Encrypt. Valid for production scenarios as production certificates are trusted. Should be used only if you have a custom domain (trying to generate a Let's Encrypt certificate from the url generated by http application routing won't probably work).
  • Use a custom certificate provided by you.

If Let's Encrypt is choose, then cert-manager is used. Cert-manager allows auto-provisioning of TLS certificates using Let's Encrypt and ACME protocol. The certificate is requested, created and installed on the server without any manual intervention.

Using Let's Encrypt and Cert manager

To enable SSL/TLS support you must do it before deploying your images. The first step is to add cert-manager to the cluster by running ./Add-Cert-Manager.ps1. It has no parameters and use helm to configure cert-manager in the cluster. This needs to be done only once.

Then you should run ./Enable-Ssl.ps1 with following parameters:

  • -sslSupport: Use staging or prod to use the staging or production environments of Let's Encrypt
  • -aksName: The name of the AKS to use
  • -resourceGroup: Name of the resource group where AKS is
  • -domain: Domain to use for the SSL/TLS certificates. Is optional and if not used it defaults to the public domain of the AKS. Note that this public domain exists only if Http Application routing is installed on the AKS. Only need to use this parameter if using custom domains.

Output of the script will be something like following:

NAME:   tailwindtraders-ssl
LAST DEPLOYED: Fri Dec 21 11:32:00 2018
NAMESPACE: default
STATUS: DEPLOYED

RESOURCES:
==> v1alpha1/Certificate
NAME             AGE
tt-cert-staging  0s

==> v1alpha1/Issuer
NAME                 AGE
letsencrypt-staging  0s

You can verify that the issuer object is created using kubectl get issuers:

PS> kubectl get issuers
NAME                  AGE
letsencrypt-staging   4m

You can verify that the certificate object is created using kubectl get certificates:

PS> kubectl get certificates
NAME              AGE
tt-cert-staging   4m

The certificate object is not the real SSL/TLS certificate but a definition on how get one from Let's Encrypt. The certificate itself is stored in a secret, called letsencrypt-staging (or letsencrypt-prod). You should see a secret named tt-letsencrypt-xxxx (where xxxx is either staging or prod).

PS> kubectl get secrets
NAME                  TYPE                                  DATA      AGE
acr-auth              kubernetes.io/dockerconfigjson        1         2d
default-token-6tm9t   kubernetes.io/service-account-token   3         3d
letsencrypt-prod      Opaque                                1         3h
letsencrypt-staging   Opaque                                1         4h
tt-letsencrypt-prod   kubernetes.io/tls                     2         5m
ttsa-token-rkjlg      kubernetes.io/service-account-token   3         2d

The SSL/TLS secret names are:

  • letsencrypt-staging: Secret for the staging issuer. This is NOT the SSL/TLS certificate
  • tt-letsencrypt-staging: Secret for the staging SSL/TLS certificate.
  • letsencrypt-prod: Secret for the prod issuer. This is NOT the SSL/TLS certificate
  • tt-letsencrypt-prod: Secret for the prod SSL/TLS certificate.

At this point the support for SSL/TLS is installed, and you can install Tailwind Traders Backend on the cluster.

Note: You don't need to do this again, unless you want to change the domain of the SSL/TLS certificate. In this case you need to remove the issuer and certificate objects (using helm delete tailwindtraders-ssl --purge and then reinstall again)

Remember Staging certificates are not trusted, so browsers will complain about it, exactly in the same way that they complain about a self-signed certificate. The only purpose is to test all the deployment works, but in any production environment you must use the prod environment. In development/test environments is recommended to install the staging certificates and then trust those certificates in the developers' machines. You can download the Let's Encrypt staging certificates from their web.

Another way to validate your certificate deployment is doing a kubectl describe cert tt-cert-staging (or tt-cert-prod). In the Events section you should see that the certificate has been obtained:

Events:
  Type    Reason          Age   From          Message
  ----    ------          ----  ----          -------
  Normal  CreateOrder     10m   cert-manager  Created new ACME order, attempting validation...
  Normal  DomainVerified  9m    cert-manager  Domain "e43cd6ae16f344a093dc.eastus.aksapp.io" verified with "http-01" validation
  Normal  IssueCert       9m    cert-manager  Issuing certificate...
  Normal  CertObtained    9m    cert-manager  Obtained certificate from ACME server
  Normal  CertIssued      9m    cert-manager  Certificate issued successfully

Use custom Certificate

If you already have a TLS certificate from your certificate authority you can deploy it on the server. Using Powershell, run the Enable-Ssl.ps1 script with following parameters:

  • -sslSupport: Use custom
  • -aksName: The name of the AKS to use
  • -resourceGroup: Name of the resource group where AKS is
  • -domain: Domain bounded to your AKS. It has to be compatible with the domains allowed by your TLS certificate
  • -tlsCertFile: Certificate file
  • -tlsKeyFile: Certificate key file
  • -tlsSecretName: Name of the Kubernetes secret that will store the certificate. Defaults to tt-tls-custom
  • The certificate file file with the certificate public key. Usually is a .cert or .crt file.
  • The certificate key file is the file with the certificate private key, usually a .key file.

If you have a .pfx file you need to convert it to the separate .crt and .key files:

# Extract encrypted key from pfx file
openssl pkcs12 -in certfile.pfx -nocerts -out keyfile-encrypted.key
# Unencrypt key file
openssl rsa -in keyfile-encrypted.key -out keyfile.key
# Extract certificate file from pfx file
openssl pkcs12 -in certfile.pfx -clcerts -nokeys -out certfile.crt

Deploying services

Note: If you want to add SSL/TLS support on the cluster (needed to use https on the web) please read Enabling SSL/TLS on the cluster section before installing the backend.

You can deploy Tailwind Traders using a custom domain or in the domain created by Http Application Routing (if enabled). If you are using a custom domain be sure to:

  • Have the ingress public IP linked to custom domain
  • Use the parameter tlsHost with the value of your custom domain (regardless its name you need to use this parameter even if no TLS is enabled).

If tlsHost is not passed, the script will assume that Http Application Routing is installed in the AKS. If the script has problems detecting the host name verify that the AKS has http_application_routing enabled.

More information

You need to use Powershell and run ./Deploy-Images-Aks.ps1 with following parameters:

  • -name <name> Name of the deployment. Defaults to tailwindtraders
  • -aksName <name> Name of the AKS
  • -resourceGroup <group> Name of the resource group
  • -acrName <name> Name of the ACR
  • -tag <tag> Docker images tag to use. Defaults to latest
  • -charts <charts> List of comma-separated values with charts to install. Defaults to * (all linux containers)
  • -valuesFile <values-file>: Values file to use (defaults to gvalues.yaml)
  • -tlsEnv prod|staging|custom If SSL/TLS support has been installed, you have to use this parameter to enable https endpoints. Value must be staging, prod or custom and must be the same value used when you installed SSL/TLS support. If SSL/TLS is not installed, you can omit this parameter.
  • -tlsSecretName: Name of the Kubernetes secret that stores the TLS certificate. Only used if tlsEnv is custom (ignored otherwise) and defaults to tt-tls-custom.
  • -tlsHost: Name of the domain bounded to HTTPS endpoints. That is the same value passed to `
  • -autoscale <boolean>: Flag to activate HPA autoscaling. Defaults to $false.

This script will install all services using Helm and your custom configuration from the configuration file set by -valuesFile parameter.

The parameter charts allow for a selective installation of charts. Is a list of comma-separated values that mandates the services to deploy in the AKS. Values are:

  • pr Products API
  • cp Coupons API
  • pf Profiles API
  • pp Popular products API
  • st Stock API
  • ic Image classifier API
  • ct Shopping cart API
  • lg Login API
  • rr Rewards Registration (not deployed with *)
  • mgw Mobile Api Gateway
  • wgw Web Api Gateway

So, using charts pp,st will only install the popular products and the stock api.

If you want to deploy the whole win-linux environment (with rewards registration pod) use -charts "*,rr.

Deploying the images on the storage

To deploy the needed images on the Azure Storage account just run the /Deploy/Deploy-Pictures-Azure.ps1 script, with following parameters:

  • -resourceGroup <name>: Resource group where storage is created
  • -storageName <name>: Name of the storage account

Script will create blob containers and copy the images (located in /Deploy/tailwindtraders-images folder) to the storage account.


Using AKS with Windows and Linux containers

This version allows us to deploy Windows and Linux containers. We need to create and Azure Kubernetes Service (AKS) with 1.14 version. This AKS version is in preview, so you must execute the following command:

az extension add --name aks-preview

We have added an ARM template so you can automate the creation of the resources required for the backend services.

Click the following button to deploy:

Deploy to Azure

For mixed (Windows and Linux containers) scenario we need to deploy Tailwind Traders Rewards. The data base deployed in Tailwind Traders Rewards is used by a WCF service of this project.

Follow the Step 2: Deploy AKS to deploy the services to AKS.

| Note: In code is important to set RegisterUsers variable true to test all the features.


Run Backend Services Locally

The easiest way to run your backend services locally is using Compose. To run the services type docker-compose up from terminal located in ./Source folder. This will build (if needed) the Docker images and bring up all the containers.

Note: Only Linux containers are supported currently.

Configurate containers

There are some services that connect to a CosmosDb database, hence you require to provide cosmosdb host and key using environment variables, or even better, through an .env file.

To do so, just create a file named .env in the same ./Source folder with following content pointing to your previously created in the Azure portal:

COSMOSDB_HOST=<Url of your CosmosDb>
COSMOSDB_AUTHKEY=<AuthKey of your CosmosDb>

Connect to CosmosDb emulator from docker container

If you are using Windows, you can run the CosmosDb emulator. If using it, follow this steps.

Generate and install a cert that allows host.docker.internal to be trusted

  1. Run PowerShell as Administrator
  2. Go to CosmosDb emulator folder cd "c:\Program Files\Azure Cosmos DB Emulator"
  3. Generate certificate for docker dns .\Microsoft.Azure.Cosmos.Emulator.exe /GenCert=host.docker.internal
  4. To export the certificate you can follow this guide (https://docs.microsoft.com/en-us/azure/cosmos-db/local-emulator-export-ssl-certificates#export-emulator-certificate)
  5. Rename the .cer exported certificate to cosmosdbcert.crt and place it in the /Source folder of the repo
  6. Modify Product.Api and Profile.Api Dockerfiles in line 7 to install the certificate
WORKDIR /usr/local/share/ca-certificates
COPY ./cosmosdbcert.crt .
RUN update-ca-certificates
  1. Enable network access on emulator: To enable network access for the first time, shut down the emulator and delete the emulator's data directory %LOCALAPPDATA%\CosmosDBEmulator. Then, run .\Microsoft.Azure.Cosmos.Emulator.exe /FailOnSslCertificateNameMismatch /allownetworkaccess /Key=C2y6yDjf5/R+ob0N8A7Cgv30VRDJIWEHLM+4QDU5DE2nQ9nDuVTqobD4b8mGGyPMbIZnqyMsEcaGQy67XIw/Jw==

  2. add following .env file:

COSMOSDB_HOST=https://host.docker.internal:8081/
COSMOSDB_AUTHKEY=C2y6yDjf5/R+ob0N8A7Cgv30VRDJIWEHLM+4QDU5DE2nQ9nDuVTqobD4b8mGGyPMbIZnqyMsEcaGQy67XIw/Jw==
  1. Hit F5 and the collections should be created in the emulator. (https://localhost:8081/_explorer/index.html)

Running using Visual Studio

To run the Backend using Visual Studio, just open the Tailwind.Traders.Backend.sln, and set "Docker-compose" as startup project and run the solution. Visual Studio will use the compose file to build and run all the containers.

Running using Bridge to Kubernetes

Tailwind Traders supports Bridge to Kubernetes. Follow the steps in this document to use Bridge to kubernetes with Tailwind Traders.

Requirements

  • A Kubernetes Cluster with an app you want to debug (Tailwind Traders)
  • Visual Studio Code running on macOS, Windows 10, or Linux
  • The Bridge to Kubernetes extension installed in Visual Studio Code

Note Tailwind Traders has been tested with Bridge to Kubernetes version:

Bridge to Kubernetes
v1.0.120210126

Configuring Bridge to Kubernetes

Bridge to Kubernetes will work with the following Tailwind Traders APIs in this repo and serve as examples of how easy it is to get started debugging Kubernetes Microservices:

In each of the above folders, you will find a .vscode folder with the following files:

  • launch.json
  • tasks.json

These files already contain the configuration code for Visual Studio Code to connect the existing debuggers (.NET or Node) to Bridge to Kubernetes. Note: These examples assume you have Tailwind Traders deployed to a Kubernetes namespace with the name: twt. If you have them deployed to a namespace with a different name, you will have to update the "targetNamespace" in the tasks.json folder for your API of choice.

Here are some samples of the launch.json:

nodeJS debug with Kubernetes sample:
{
    "type": "node",
    "request": "launch",
    "name": "Launch Program with Kubernetes",
    "skipFiles": [
        "<node_internals>/**"
    ],
    "program": "${workspaceFolder}/bin/www",
    "preLaunchTask": "bridge-to-kubernetes.service",
    "env": {
        "GRPC_DNS_RESOLVER": "native"
    }
},
.NET 5.0 debug with Kubernetes sample:
{
    "name": ".NET Launch with Kubernetes",
    "type": "coreclr",
    "request": "launch",
    "preLaunchTask": "bridge-to-kubernetes.compound",
    "program": "${workspaceFolder}/bin/Debug/net5.0/Tailwind.Traders.Login.Api.dll",
    "args": [],
    "cwd": "${workspaceFolder}",
    "console": "internalConsole",
    "stopAtEntry": false,
    "env": {
        "GRPC_DNS_RESOLVER": "native",
        "ASPNETCORE_URLS": "http://+:5000"
    }
},

The tasks.json will contain the tasks to launch the bridge-to-kubernetes.service with isolated addresses. Here are some samples:

nodeJS bridge-to-kubernetes.service sample:
{
  "label": "bridge-to-kubernetes.service",
  "type": "bridge-to-kubernetes.service",
  "service": "cart",
  "ports": [
    3000
  ],
  "targetCluster": "tailwindtradersakscnnn2hudd2oae",
  "targetNamespace": "twt",
  "isolateAs": "twtsample-f325"
}

.NET 5.0 bridge-to-kubernetes.service sample:
{
    "label": "bridge-to-kubernetes.service",
    "type": "bridge-to-kubernetes.service",
    "service": "login",
    "ports": [
        5000
    ],
    "targetCluster": "tailwindtradersakscnnn2hudd2oae",
    "targetNamespace": "twt",
    "isolateAs": "twtsample-8bbd"
},
{
    "label": "bridge-to-kubernetes.compound",
    "dependsOn": [
        "bridge-to-kubernetes.service",
        "build"
    ],
    "dependsOrder": "sequence"
}

Creating your own configurations

First, you will need to make sure your local system has access to your Kubernetes Cluster, and that you are in the namespace with your application deployed.

Second, you will need to ensure you have a Run and Debug configuration (launch.json) existing for your application.

Once you have your launch.json for your application code working locally, you are ready to add your own Bridge to Kubernetes configuration.

  1. Open your command palette. (cmd + shift + p on macOS or ctrl + shift + p on Windows)
  2. Search for Bridge to Kubernetes: Configure, hit enter
  3. Bridge to Kubernetes will beging to search your Kubernetes cluster to find which services exist; you will then need to select which service you want to route traffic for.
  4. You will then be prompted to enter a port for which your application serves local traffic.

Example:

The nodeJS samples provided for Tailwind Traders, by default, serve traffic on port 3000. If you were to debug locally you would use port 3000; thus, you would enter port 3000 in the Bridge to Kubernetes box.

Alternatively, the .NET 5.0 sample provided for Tailwind Traders, by default, serve traffic on port 5000. Thus, would use enter port 5000 in the Bridge to Kubernetes box.

  1. Lastly, you will be asked if you want to isolate traffic for the service you selected. The samples provided above assume you will want to route traffic, which will create an isolated environment, with a DNS prefix, where you can test your selected service. If you do not wisht to isolate traffic, you would select no; if you do wish to isolate traffic, you would select yes. A default "isolateAs" will be added to your .vscode/tasks.json. If you wish, you may change this value to anything you want.

Using Bridge to Kubernetes

First, you will need to make sure you have access to the cluster you have Tailwind Traders deployed, and you are in the current namespace where the Tailwind Traders services are running.

Second, you will need to make sure you are using Visual Studio Code with the API folder you wish to debug. If you are using macOS, it is recommended you launch Visual Studio Code from a terminal so you have access to all tools in your path.

Example:

From within a Terminal Session, you would navigate to the folder you wish to open and debug within Visual Studio Code:

cd TailwindTraders-Backend/Source/Services/Tailwind.Traders.Cart.Api && code .

Once Visual Studio Code opens and you see your Tailwind Traders API code in the Explorer, you will then navigate to the debugger and select "Launch Program with Kubernetes."

Visual Studio Code will begin to handle the routing and creation of your debugging services.

Example:

Visual Studio Code Routing Manager Starting

If you are using isolation, you will be prompted to update your machine's hosts file to match your Kubernetes cluster environment - you will need to allow Visual Studio Code to make temporary changes to your hosts file.

Once your debugger has started, navigate to the bottom of your screen within Visual Studio Code and find the small icon with a person standing in the middle of some circles, next to that you should see, "Kubernetes: twt", where twt is equal to whatever yourname space is where you have Tailwind Traders deployed.

Visual Studio Code Bridge to Kubernetes Extension

If you click that icon, you will see a popup offering you FQDN addresses where you can easily navigate to your now isolated service in Kubernetes.

Visual Studio Code Bridge to Kubernetes FQDN Example

Find the service you are working in (I.E. Cart, Coupon, or Login), and select it. Your browser should launch and you should see your own sandbox where you can begin to debug.

To test this, set a break point at one (or more) of the following places:

If you are debugging the Tailwind Traders Cart Api:

  • Set a breakpoint on line 53 of /Tailwind.Traders.Cart.Api/models/shoppingCartDao.js

If you are debugging the Tailwind Traders Coupon Api:

  • Set a breakpoint on line 5 of /Tailwind.Traders.Coupon.Api/api/controllers/coupon.js

If you are debugging the Tailwind Traders Login Api:

  • Set a breakpoint on line 28 and line 52 of /Tailwind.Traders.Login.Api/Services/TokenHandlerServicec.cs

Once you breakpoint is set, you can refresh your browser and hit your breakpoints by doing the following:

Cart Api

  1. Login to Tailwind Traders using: [email protected] as the username and password as the password.

  2. Find any item in the store, select it, and then click Add to cart. You should then hit your breakpoint you set in the shoppingCartDao.js. You will notice you hit your breakpoint, you can now see your callstack from within Visual Studio Code, and you can use IntelliSense.

Cart Debugging Example

Coupon Api

  1. Login to Tailwind Traders using: [email protected] as the username and password as the password.
  2. From the home screen, after you have logged in, click, "See my coupons". You will notice you have hit your breakpoint, you can now see your callstack from within Visual Studio Code, and you can use IntelliSense.

Coupon Debugging Example

Login Api

  1. Login to Tailwind Traders using: [email protected] as the username and password as the password.
  2. You will notice you have hit your breakpoint, you can now see your callstack from within Visual Studio Code, and you can use IntelliSense.

Login Debugging Example

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.

When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.

tailwindtraders-backend's People

Contributors

angelavl avatar borjasanes avatar cdemiguel avatar cmcheca avatar dependabot[bot] avatar dillorscroft avatar dsrodenas avatar eiximenis avatar ericuss avatar isaacrlevin avatar ivilches avatar jennjin avatar jldeen avatar luyunmt avatar microsoftopensource avatar msftgits avatar olgamarti avatar oriolbonjoch avatar ramon-tomas-c avatar rgbrota avatar scott1138 avatar zzhxiaofeng avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

tailwindtraders-backend's Issues

Error: unknown shorthand flag: 'e' in -encodedCommand

When attempting to deploy the Backend to AKS, I get this error when running Deploy-Images-Aks.ps1

helm upgrade --install tailwindtraders-product products-api -f ..\helm__values\gvalues.yaml --set ingress.hosts='{17a70b5634ff444a996f.westus2.aksapp.io}' --set image.repository=ttacrdwcdmtkxdlw3u.azurecr.io/product.api --set image.tag=latest --set hpa.activated=False

Error: unknown shorthand flag: 'e' in -encodedCommand

I am running Helm 2.1.16 and Docker v19.03.5. Is there a gap in supported versions?

Enabling SSL/TLS on the cluster related issues

kubectl version
Client Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.5", GitCommit:"20c265fef0741dd71a66480e35bd69f18351daea", GitTreeState:"clean", BuildDate:"2019-10-15T19:16:51Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.0", GitCommit:"70132b0f130acc0bed193d9ba59dd186f0e634cf", GitTreeState:"clean", BuildDate:"2020-01-27T21:11:27Z", GoVersion:"go1.13.4", Compiler:"gc", Platform:"linux/amd64"}

helm version
version.BuildInfo{Version:"v3.0.3", GitCommit:"ac925eb7279f4a6955df663a0128044a8a6b7593", GitTreeState:"clean", GoVersion:"go1.13.7"}

Add-Cert-Manager.ps1
I recommend replacing using Deploy/powershell/Add-Cert-Manager.ps with instructions to simply follow the documentation at https://cert-manager.io/docs/ otherwise there are a number of challenges to overcome, with version differences, for example.

As is, running Add-Cert-Manager.ps1 results in an error: Error: unknown flag: --name because it's assuming Helm v2 (where the current prerequisites calls for Helm v3). Simply updating the command to use the v3 version will lead you to a bunch more issues, hence my recommendation...

Enable-Ssl.ps1
Similarly, helm install command requires an update for Helm v3:
Lines 78-79:

    Write-Host "helm install $name-ssl tls-support -f $(Join-Path tls-support values-staging.yaml) --set domain=$domain" -ForegroundColor Yellow
    helm install $name-ssl-staging tls-support -f $(Join-Path tls-support values-staging.yaml) --set domain=$domain

Lines 83-84:

    Write-Host "helm install $name-ssl tls-support -f $(Join-Path tls-support values-prod.yaml) --set domain=$domain" -ForegroundColor Yellow
    helm install name-ssl-prod tls-support -f $(Join-Path tls-support values-prod.yaml) --set domain=$domain

Then, the helm charts requires updating, according to the cert-manager spec...

certificate.yaml:

apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
  name: {{ .Values.certName }}
  namespace: default
spec:
  secretName: {{ .Values.certSecretName }}
  issuerRef:
    name: {{ .Values.issuerName }}
  commonName: {{ .Values.domain }}
  dnsNames:
  - {{ .Values.domain }}

issuer.yaml:

apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
  name: {{ .Values.issuerName }}
  namespace: default
spec:
  acme:
    server: {{ .Values.server }}
    email: [email protected]
    privateKeySecretRef:
      name: {{ .Values.issuerSecretName }}
    solvers:
    - http01:
        ingress:
          class: {{ .Values.ingressClass }}

I validated the above using staging

Not clear where the images are?

I think this documentation can improved specifically to manually tag and push images -> where are the dockerfiles, or the image names?

Taken from the AKS documentation for how to deploy this demo with helm:
Run docker-compose build and then manually tag and push the images to your ACR.

Note: Under WSL docker daemon do not run, so you won't be able to use docker-compose build unless you configure docker client to use the Docker CE for Windows daemon. You can always build docker images using Docker CE for Windows, from a Windows command prompt, and run all scripts from WSL.

Generate-Config.ps1: Command 'az cosmosdb list-keys' has been deprecated

Deploy/powershell/Generate-Config.ps1 uses az cosmosdb list-keys which has been deprecated. Replace with az cosmosdb keys list.

Running the script as is outputs the following warning (twice, as it's currently called twice):

This command has been deprecated and will be removed in a future release. Use 'cosmosdb keys list' instead.

Task "Azure Resource Group Deployment" fails "The value of parameter orchestratorProfile.OrchestratorVersion is invalid."

Starting: Azure Deployment:Create Or Update Resource Group action on TailwindTradersBackend

Task : Azure Resource Group Deployment
Description : Deploy an Azure resource manager (ARM) template to a resource group. You can also start, stop, delete, deallocate all Virtual Machines (VM) in a resource group
Version : 2.147.4
Author : Microsoft Corporation
Help : More Information

Checking if the following resource group exists: TailwindTradersBackend.
Resource group exists: false.
Creating resource Group: TailwindTradersBackend
Resource Group created successfully.
Creating deployment parameters.
The detected encoding for file '/home/vsts/work/1/s/Deploy/deployment.json' is 'utf-8'
Starting Deployment.
Deployment name is deployment-20190510-170852-fcf6
There were errors in your deployment. Error code: InvalidTemplateDeployment.
##[error]The template deployment 'deployment-20190510-170852-fcf6' is not valid according to the validation procedure. The tracking id is '81cb7516-5649-4b05-a49f-0ea2c3399aff'. See inner errors for details. Please see https://aka.ms/arm-deploy for usage details.
##[error]Details:
##[error]InvalidParameter: Provisioning of resource(s) for container service tailwindtradersaksdpdfqfju5ljee in resource group TailwindTradersBackend failed. Message: {
"code": "InvalidParameter",
"message": "The value of parameter orchestratorProfile.OrchestratorVersion is invalid.",
"target": "orchestratorProfile.OrchestratorVersion"
}. Details: undefined
##[error]Task failed while creating or updating the template deployment.
Finishing: Azure Deployment:Create Or Update Resource Group action on TailwindTradersBackend

Template Validation Fails - Deployment Fails

Attempting to deploy to Azure results in an invalid template error which blows up the deployment:

The template deployment 'Microsoft.Template' is not valid according to the validation procedure. The tracking id is 'a9adae50-b041-46a4-a8ae-26c4fa342c8b'.

I'm a Microsoft employee and happy to work with you on the issue to resolve it.

Tailwind.Traders.Coupon.Api won't compile

when I can't to deploy the ASK services, the Tailwind.Traders.Coupon.Api won't compile:

C:\Program Files\dotnet\sdk\2.2.100\Microsoft\Microsoft.NET.Build.Extensions\Microsoft.NET.Build.Extensions.ConflictResolution.targets(33,5): error NETSDK1052: Framework list file path 'v4.0.30319\RedistList\FrameworkList.xml' is not rooted. Only full paths are supported. [D:\!Training\TailwindTraders\TailwindTraders-Backend\Source\Services\Tailwind.Traders.Coupon.Api\Tailwind.Traders.Coupon.Api.njsproj]

Running locally with docker-compose up fails

After running docker-compose up, not all containers are up and running:
image

It seems that there is an error connecting to sql:

dbug: Microsoft.EntityFrameworkCore.Migrations[20400]
      Migrating using database 'Microsoft.TailWindTraders.Product' on server 'sql.data'.
dbug: Microsoft.EntityFrameworkCore.Database.Connection[20000]
      Opening connection to database 'Microsoft.TailWindTraders.Product' on server 'sql.data'.
dbug: Microsoft.EntityFrameworkCore.Database.Connection[20004]
      An error occurred using the connection to database 'Microsoft.TailWindTraders.Product' on server 'sql.data'.
System.Data.SqlClient.SqlException (0x80131904): A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: TCP Provider, error: 40 - Could not open a connection to SQL Server)

&
source profile

2019-05-19T16:50:21.786341800Z 
Unhandled Exception: System.Data.SqlClient.SqlException: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: TCP Provider, error: 40 - Could not open a connection to SQL Server)

stock java

2019-05-19 16:51:19.299 ERROR 1 --- [           main] o.s.boot.SpringApplication               : Application run failed
2019-05-19T16:51:19.331692900Z 
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'entityManagerFactory' defined in class path resource [org/springframework/boot/autoconfigure/orm/jpa/HibernateJpaConfiguration.class]: Invocation of init method failed; nested exception is org.hibernate.service.spi.ServiceException: Unable to create requested service [org.hibernate.engine.jdbc.env.spi.JdbcEnvironment]

Create-Secret.ps1 - set explicit az output to json

If you have a different output format than json, this command will fail.
$(az acr show -n $acrName -g $resourceGroup | ConvertFrom-Json).loginServer

add -o json.

It is the same problem on the next line also.

Rewards DB values not populated by token-replace.ps1

When generating the values file using the Generate-Config.ps1 and token-replace.ps1 scripts, the rewards DB values are not populated. This seems to invalidate the values file.

example:

    profile:
      host: ttsqlservervk7einhhudcse.database.windows.net
      port: "1433"
      catalog: profile
      user: sqladmin
      pwd: **********
    rewards:
      host: {{dbhostrewards}}
      port: "1433"
      catalog: rewards
      user: {{dbuserrewards}}
      pwd: {{dbpwdrewards}}

I would be happy to PR the fix but am not sure on the needed DB values.

Nightly build and deploy failing

Looking at the Github Actions for this, it appears that the nightly build and deploy is failing. This appears to be related to updates to kubernetes and the networking api.

CashLoopBackoff after Application Insights additions

I am trying to start the backend with updated images containing the application insights additions. Several are failing to start.

Steps taken:

  • I've created a values file and validated that the application insights instrumentation key has been populated.
  • I've started the cart, coupon, and products APIs using the included charts. The cart starts fine, the other two fail with the below logs.
  • I've looked at the config map for each and do see the application insights instrumentation key. I've copied the config map values below for the two failed services.

coupon-api

logs:

> [email protected] start /src
> node ./bin/www

Local environment detected
WARNING: Disabled checking of self-signed certs. Do not have this code in production.
Go to http://localhost:3001 to try the sample.
/src/node_modules/applicationinsights/out/AutoCollection/Exceptions.js:34
                        throw THIS_IS_APPLICATION_INSIGHTS_RETHROWING_YOUR_EXCEPTION; // Error originated somewhere else in your app
                        ^

SyntaxError: Unexpected token u in JSON at position 0
    at JSON.parse (<anonymous>)
    at Object.<anonymous> (/src/app.js:36:10)
    at Module._compile (internal/modules/cjs/loader.js:654:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:665:10)
    at Module.load (internal/modules/cjs/loader.js:566:32)
    at tryModuleLoad (internal/modules/cjs/loader.js:506:12)
    at Function.Module._load (internal/modules/cjs/loader.js:498:3)
    at Module.require (internal/modules/cjs/loader.js:598:17)
    at require (internal/modules/cjs/helpers.js:11:18)
    at Object.<anonymous> (/src/bin/www:7:11)
npm ERR! code ELIFECYCLE
npm ERR! errno 7
npm ERR! [email protected] start: `node ./bin/www`
npm ERR! Exit status 7
npm ERR! 
npm ERR! Failed at the [email protected] start script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:
npm ERR!     /root/.npm/_logs/2019-08-27T04_42_58_980Z-debug.log

config map secrets removed.

data:
  APPLICATIONINSIGHTSIK: ***
  CONNECTIONSTRING: ***
  COUPON_COLLECTION: CouponCollection
  ISSUER: TTFakeLogin
  SECURITYKEY: ***
  URL_BASE: https://ttstoragevk7einhhudcse.blob.core.windows.net/coupon-list

products

logs

> [email protected] start /src
> node ./bin/www

Local environment detected
WARNING: Disabled checking of self-signed certs. Do not have this code in production.
Go to http://localhost:3001 to try the sample.
undefined:1
undefined
^

SyntaxError: Unexpected token u in JSON at position 0
    at JSON.parse (<anonymous>)
    at Object.<anonymous> (/src/app.js:36:10)
    at Module._compile (internal/modules/cjs/loader.js:654:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:665:10)
    at Module.load (internal/modules/cjs/loader.js:566:32)
    at tryModuleLoad (internal/modules/cjs/loader.js:506:12)
    at Function.Module._load (internal/modules/cjs/loader.js:498:3)
    at Module.require (internal/modules/cjs/loader.js:598:17)
    at require (internal/modules/cjs/helpers.js:11:18)
    at Object.<anonymous> (/src/bin/www:7:11)
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! [email protected] start: `node ./bin/www`
npm ERR! Exit status 1
npm ERR! 
npm ERR! Failed at the [email protected] start script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:
npm ERR!     /root/.npm/_logs/2019-08-27T04_43_28_030Z-debug.log

config map secrets removed

  ApplicationInsights__InstrumentationKey: ***
  ConnectionString: ***
  ISSUER: TTFakeLogin
  ProductDetailImagesUrl: https://ttstoragevk7einhhudcse.blob.core.windows.net/product-detail
  ProductImagesUrl: https://ttstoragevk7einhhudcse.blob.core.windows.net/product-list
  ProductVisitsUrl: ""
  SECURITYKEY: ***

Any thoughts on what might be missing that would prevent these services from starting?

Unified setup does not deploy services to k8s

Running the unified setup
.\Deploy-Unified.ps1 -resourceGroup TailwindUni2 -location $LOC -clientId $CLIENTID -password $PASSWORD -subscription $SUBSCRIPTION | out-file c:\temp\unifieldTailwindLogs1

results in images being deployed to the ACR, but nothing to the AKS cluster.

Running in Powershell on windows
AZ CLI 2.0.81
Helm 3.2.3

The AKS cluster that is created is 1.18.2

Login Succeeded
The push refers to repository [ttacr5qnvhxf2jjqys.azurecr.io/cart.api]
latest: digest: sha256:c5636adb840fdd80664bc2f37463e2331c54b2baddeb20ea60146dc161a52a8f size: 1788
The push refers to repository [ttacr5qnvhxf2jjqys.azurecr.io/product.api]
latest: digest: sha256:1fb182264cf882f22bf35af57cfdb5bd0837c52ad536b0e13e483cd68553d64e size: 1794
The push refers to repository [ttacr5qnvhxf2jjqys.azurecr.io/profile.api]
latest: digest: sha256:6c4a2cb15adcc603649722e9cd7afaa872d4ce8dc36881fbbee66f464863e6ad size: 1793
The push refers to repository [ttacr5qnvhxf2jjqys.azurecr.io/login.api]
latest: digest: sha256:c8bcf60d9870fbf21fec49849153c1a921ca8a9ae36ef7d5372ffde885490210 size: 1793
The push refers to repository [ttacr5qnvhxf2jjqys.azurecr.io/coupon.api]
latest: digest: sha256:8753c9dedf8c82464ecf700ec161c2d638dc495e9233009355890fc3de7bce5f size: 1787
The push refers to repository [ttacr5qnvhxf2jjqys.azurecr.io/popular-product.api]
latest: digest: sha256:d84e3b09ee311799b7c63db1b3f62ee498594d50819c07ff6fbeb3f1e173af04 size: 3044
The push refers to repository [ttacr5qnvhxf2jjqys.azurecr.io/stock.api]
latest: digest: sha256:10bae04621c11bb5b73ba95085087d28b0e4d4b23267dfe69655a173839067f8 size: 2207
The push refers to repository [ttacr5qnvhxf2jjqys.azurecr.io/image-classifier.api]
latest: digest: sha256:6df38216c4528061dcb765c5854d0ddc167f415037b7af01a1ee8c3a6aedc4b2 size: 2217
The push refers to repository [ttacr5qnvhxf2jjqys.azurecr.io/mobileapigw]
latest: digest: sha256:5381b516b3051f5c2a61d23e17c8f9981e287e576eefbfb6eb5834cf6794b260 size: 1793
The push refers to repository [ttacr5qnvhxf2jjqys.azurecr.io/webapigw]
latest: digest: sha256:3f7c633c4ac826b3bf87fb95e748ea3240c0ecac2b6ae3f47c506b3add62e3db size: 1793
Release "tailwindtraders-product" does not exist. Installing it now.
Release "tailwindtraders-coupon" does not exist. Installing it now.
Release "tailwindtraders-profile" does not exist. Installing it now.
Release "tailwindtraders-popular-product" does not exist. Installing it now.
Release "tailwindtraders-stock" does not exist. Installing it now.
Release "tailwindtraders-image-classifier" does not exist. Installing it now.
Release "tailwindtraders-cart" does not exist. Installing it now.
Release "tailwindtraders-login" does not exist. Installing it now.
Release "tailwindtraders-mobilebff" does not exist. Installing it now.
Release "tailwindtraders-webbff" does not exist. Installing it now.
{
  "created": true
}
{
  "created": true
}
{
  "created": true
}
{
  "created": true
}

PS C:\ReposGitHub\TailwindTraders-Backend\Deploy> kubectl get po -A
NAMESPACE     NAME                                                              READY   STATUS    RESTARTS   AGE
kube-system   addon-http-application-routing-default-http-backend-6c5f786tvhq   1/1     Running   0          29m      
kube-system   addon-http-application-routing-external-dns-56c48cff57-gcx86      1/1     Running   0          29m      
kube-system   addon-http-application-routing-nginx-ingress-controller-5c98h7t   1/1     Running   0          29m      
kube-system   aks-link-6dcddc8fdb-pv9fm                                         2/2     Running   1          29m      
kube-system   coredns-698df7b9b5-bt42t                                          1/1     Running   0          29m      
kube-system   coredns-698df7b9b5-l4xw4                                          1/1     Running   0          28m      
kube-system   coredns-autoscaler-77fdb85884-mt66v                               1/1     Running   0          29m      
kube-system   kube-proxy-kpjtp                                                  1/1     Running   0          28m      
kube-system   kube-proxy-wt97z                                                  1/1     Running   0          28m      
kube-system   metrics-server-5b585fcd8c-2xpwq                                   1/1     Running   0          29m      
kube-system   omsagent-2zrkl                                                    1/1     Running   1          28m      
kube-system   omsagent-rs-7d79fdf565-zb6sg                                      1/1     Running   0          29m      
kube-system   omsagent-wj75p                                                    1/1     Running   0          28m    

Carts are open to anyone with an email

If I understand this code correctly, any user with an email address can see what's in a given cart simply by adding an email address to a querystring:

https://github.com/Microsoft/TailwindTraders-Backend/blob/8ed810773d937989a027f3ec1ba64f2d0ac092ec/Source/Services/Tailwind.Traders.Cart.Api/routes/cartController.js#L14

This has a number of security ramifications. I would suggest using some type of non-discoverable key (like a GUID) or perhaps using anonymous auth with a JWT.

Error while deploying APIs to dev space

While trying to deploy all the APIs of backend and web to dev space, the process starts but hangs at " Waiting for container image build". The process terminates after about an hour and shows the below message -

Waiting for container image build...Streaming build container logs for service 'tt-coupons' failed with: Server timeout (30000.00ms) elapsed without receiving a message from the server. 4m 57s
Oops... An unexpected error has occurred. A report of the error will be sent to Microsoft.
For diagnostic information, see Azure Dev Spaces logs at 'C:\Users\abc\AppData\Local\Temp\Azure Dev Spaces'.
Please include the following Request ID when contacting support: 3d5b48b9-0e19-4f22-b000-07c43df8f7e8
tt-azds1

Thanks,
Hoysala

Looks the project can't be compiled from Visual Studio

Hi,

When I try to compile from VS 2019 preview, I get an error:

Error Value cannot be null.
Parameter name: stream docker-compose C:\Program Files (x86)\Microsoft Visual Studio\2019\Preview\MSBuild\Sdks\Microsoft.Docker.Sdk\build\Microsoft.VisualStudio.Docker.Compose.targets 291

Looks like it happened exactly like the following error from SmartHotel360 still opened:
(https://github.com/Microsoft/SmartHotel360/issues/1

if I try to build using CLI dotnet build Tailwind.Traders.Backend.sln
I get the following error:

C:\Program Files\dotnet\sdk\2.2.100\Microsoft\Microsoft.NET.Build.Extensions\Microsoft.NET.Build.Extensions.ConflictResolution.targets(33,5): error NETSDK1052: Framework list file path 'v4.0.30319\RedistList\FrameworkList.xml' is not rooted. Only full paths are supported. [D:!Training\TailwindTraders\TailwindTraders-Backend\Source\Services\Tailwind.Traders.Coupon.Api\Tailwind.Traders.Coupon.Api.njsproj]

docker-compose build issues:

the docker file contains the following statement:
RUN apt-get update
&& apt-get install -y --allow-unauthenticated
libc6-dev
libgdiplus
libx11-dev
&& rm -rf /var/lib/apt/lists/*

which breaks on windows; looking in forums and found I should modify the command :

RUN apt-get update
-and apt-get install -y --allow-unauthenticated
libc6-dev
libgdiplus
libx11-dev
-and rm -rf /var/lib/apt/lists/*

Now, I get the following error:

apt-get : The term 'apt-get' is not recognized as the name of a cmdlet,
function, script file, or operable program. Check the spelling of the name, or
if a path was included, verify that the path is correct and try again.
At line:1 char:76

  • ... e = 'Stop'; $ProgressPreference = 'SilentlyContinue'; apt-get update ...
  •                                                       ~~~~~~~
    
    • CategoryInfo : ObjectNotFound: (apt-get:String) [], ParentConta
      insErrorRecordException
    • FullyQualifiedErrorId : CommandNotFoundException

If I command this statement, the next step report the following error:

Successfully built 91e1c97860e9
Successfully tagged tailwindtraders/mobileapigw:latest
Building stock.api
Step 1/16 : FROM openjdk:8-jre AS base
---> dd20fb277e3c
Step 2/16 : WORKDIR /app
---> Using cache
---> ba30ea0e0279

Step 3/16 : FROM openjdk:8-jdk AS maven
---> c14ba9d23b3a
Step 4/16 : WORKDIR /src
---> Using cache
---> 566d132012f2
Step 5/16 : COPY . .
---> Using cache
---> 960a75e16576
Step 6/16 : RUN chmod +x ./mvnw
---> Using cache
---> 076febd195d1
Step 7/16 : RUN ./mvnw install
---> Running in ad4456225d23
/bin/sh: 1: ./mvnw: not found
ERROR: Service 'stock.api' failed to build: The command '/bin/sh -c ./mvnw install' returned a non-zero code: 127

txs

Step(s) to populate data missing

The deployment guide does not contain steps to populate data. The most visible result is broken images, as the storage account that should contain them is empty.

Can this be included?

Deployment Documentation

As someone with very little experience of Azure, the deployment documentation is impossible to follow.

As this is meant to be a reference app, could you provide additional detail?

Thanks

Add Pre-Req step to create or reuse existing Service Principal

To help expedite the deployment of the the Azure ARM Template, put a Pre-Req step in the Doco to create or reuse an existing Service Principal. Otherwise, you get to the portal, and then have to go back and find or create one.

Stuff like this may seem trivial, but really interrupts the flow of Workshops, etc., especially the 1st time through.

Debug in Visual Studio 2019 with Docker-Compose Fails

I have the Cosmos DB Emulator installed and working properly (verified by testing with other code), but when I try to run the backend with VS debugger, I get this error during startup on the Profile api project in the Main method. I've tried with and without a .env file configured as noted in the readme text. I'm running the latest VS 2019, latest Docker for Windows with WSL 2 and Ubuntu distro. Do I need to abandon WSL2 and use Hyper-V with additional RAM allocated as indicated in a previous issue similar to this?

System.AggregateException
HResult=0x80131500
Message=One or more errors occurred. (Connection refused)
Source=System.Private.CoreLib
StackTrace:
at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)
at System.Threading.Tasks.Task.Wait()
at Tailwind.Traders.Profile.Api.Program.<>c.

b__0_0(ProfileContext context, IServiceProvider services) in D:\Code\Github\TailwindTraders-Backend\Source\Services\Tailwind.Traders.Profile.Api\Program.cs:line 21
at Tailwind.Traders.Profile.Api.Extensions.WebHostExtensions.MigrateDbContext[TContext](IWebHost webHost, Action`2 seeder) in D:\Code\Github\TailwindTraders-Backend\Source\Services\Tailwind.Traders.Profile.Api\Extensions\WebHostExtensions.cs:line 20
at Tailwind.Traders.Profile.Api.Program.Main(String[] args) in D:\Code\Github\TailwindTraders-Backend\Source\Services\Tailwind.Traders.Profile.Api\Program.cs:line 14

This exception was originally thrown at this call stack:
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(System.Threading.Tasks.Task)
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(System.Threading.Tasks.Task)
System.Runtime.CompilerServices.ConfiguredTaskAwaitable.ConfiguredTaskAwaiter.GetResult()
System.Net.Http.ConnectHelper.ConnectAsync(string, int, System.Threading.CancellationToken)

Inner Exception 1:
HttpRequestException: Connection refused

Inner Exception 2:
SocketException: Connection refused

503 error on successful deployment of webbff service

I have followed the steps to
Deploy Tailwind Traders on AKS and Azure Resources (SQL Azure, CosmosDb, Storage accounts) .

From here, I have deployed the TailwindTraders-Website and updated the ApiUrl and ApiUrlShoppingCart to point to the respective services within AKS.

Attempting to perform an example request against the api like:
http://223cfde1568d47d79d78.eastus.aksapp.io/webbff/products/?&type=diytools

Results in a "503 Service Temporarily Unavailable" error:
image

This is a bit odd as my deployment appears correct:

kubectl describe ingresses my-tt-webbff

Name:             my-tt-webbff
Namespace:        default
Address:          52.168.17.18
Default backend:  default-http-backend:80 (<none>)
Rules:
  Host                                   Path  Backends
  ----                                   ----  --------
  223cfde1568d47d79d78.eastus.aksapp.io
                                         /webbff   webbff:http ()
Annotations:
  ingress.kubernetes.io/rewrite-target:        /
  ingress.kubernetes.io/ssl-redirect:          false
  kubernetes.io/ingress.class:                 addon-http-application-routing
  nginx.ingress.kubernetes.io/rewrite-target:  /
  nginx.ingress.kubernetes.io/ssl-redirect:    false
Events:                                        <none>

The pod in question is reporting a status or Running (my-tt-stock seems to have it's own issues at the moment) :

kubectl get pods
NAME                                                        READY   STATUS             RESTARTS   AGE
my-tt-cart-b5c76d757-d4j9c                                  1/1     Running            14         93m
my-tt-coupon-tt-coupons-75c48d455c-x6lrv                    1/1     Running            15         55m
my-tt-image-classifier-695b47cc4c-qlln7                     1/1     Running            0          93m
my-tt-login-645d5798c7-qhnrx                                1/1     Running            0          93m
my-tt-mobilebff-585b45f858-gfpf6                            0/1     Running            0          93m
my-tt-popular-product-tt-popularproducts-86c9b99cf9-klj8g   1/1     Running            0          94m
my-tt-product-tt-products-6cbcb4ff5c-phnvr                  1/1     Running            13         94m
my-tt-profile-5cb5fc55f4-z44rv                              1/1     Running            12         94m
my-tt-stock-7576576945-c9s2l                                0/1     CrashLoopBackOff   20         94m
my-tt-webbff-575cc88f7f-fkp8l                               0/1     Running            0          93m

The cart-api seems to be working without issue:
image

Any suggestions as to what is going on?

Deploy to Azure button fails

Microsoft.ContainerService/managedClusters - Conflict

{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-debug for usage details.","details":[{"code":"Conflict","message":"{\r\n \"status\": \"Failed\",\r\n \"error\": {\r\n \"code\": \"ResourceDeploymentFailure\",\r\n \"message\": \"The resource operation completed with terminal provisioning state 'Failed'.\",\r\n \"details\": [\r\n {\r\n \"code\": \"CreateRoleAssignmentError\",\r\n \"message\": \"We are unable to serve this request due to an internal error, Correlation ID: 00000000-0000-0000-0000-000000000000, Operation ID: ba9c7d39-6393-47ea-b8ab-d88ead36b79b, Timestamp: 2019-10-04T15:12:21Z.\"\r\n }\r\n ]\r\n }\r\n}"}]}

Generate-Config.ps1: Output of "App Insights Instrumentation Key" in the tokens section

Deploy/powershell/Generate-Config.ps1 provides the output for the App Insights Instrumentation Key at the start of the section gvalues file will be generated with values, where it again lists the key anyway (and twice, as per issue #80), listed as "appinsightsik"

...
===========================================================
gvalues file will be generated with values:
App Insights Instrumentation Key: 640e35fd-9472-4fd8-98fe-338879105c4b
App Insights Instrumentation Key: 640e35fd-9472-4fd8-98fe-338879105c4b
{
  ...
  "appinsightsik": "xxx" 
  ...
}

should be

...
App Insights Instrumentation Key: 640e35fd-9472-4fd8-98fe-338879105c4b
===========================================================
gvalues file will be generated with values:
{
  ...
  "appinsightsik": "xxx" 
  ...
}

Many images do not build with docker build

Each image seems to build fine when using docker-compose, however many fail when using docker build.

Example: Image Classifier

$ docker build -t imageclassifier .
Sending build context to Docker daemon  5.875MB
Step 1/24 : ARG sdkTag=2.2
Step 2/24 : ARG runtimeTag=2.2
Step 3/24 : ARG image=mcr.microsoft.com/dotnet/core/aspnet
Step 4/24 : ARG sdkImage=mcr.microsoft.com/dotnet/core/sdk
Step 5/24 : FROM ${image}:${runtimeTag} AS base
 ---> 34973cab5999
Step 6/24 : WORKDIR /app
 ---> Using cache
 ---> 52c754c1ce15
Step 7/24 : EXPOSE 80
 ---> Using cache
 ---> 95d3bb996f26
Step 8/24 : RUN apt-get update     && apt-get install -y --allow-unauthenticated         libc6-dev         libgdiplus         libx11-dev      && rm -rf /var/lib/apt/lists/*
 ---> Using cache
 ---> 7bcf59ae9eb3
Step 9/24 : FROM ${sdkImage}:${sdkTag} AS build
 ---> 08657316a4cd
Step 10/24 : WORKDIR /src
 ---> Using cache
 ---> dd6eca0d07bf
Step 11/24 : COPY ./Directory.Build.props .
COPY failed: stat /var/lib/docker/tmp/docker-builder393851329/Directory.Build.props: no such file or directory

This also appears to be an issue with the profile.api, products.api, webff and login.api.

I am trying to accomplish this so that I can use Azure Container Registry Tasks to build these images in a pipeline. I'm unfortunately not able to pinpoint the issue with the Dockerfile and docker build command.

Any assistance would be appreciated.

Missing product images

A number of product images seem to be missing, for example Source/Services/Tailwind.Traders.Product.Api/Setup/product-images/product-details/8704649.jpg

This results in results pages like this (using Shop by Photo):
image

[PopularProducts.Api] Docker build failure on Docker file

When running docker build on the provided Dockerfile I am receiving the following:

Sending build context to Docker daemon  50.69kB
Step 1/12 : FROM golang:alpine
 ---> e0d646523991
Step 2/12 : WORKDIR /go/src/app
 ---> Using cache
 ---> be7712b95df8
Step 3/12 : RUN apk update && apk add git
 ---> Using cache
 ---> e280bb45aa64
Step 4/12 : ENV GO111MODULE=on
 ---> Using cache
 ---> 77455eac06d9
Step 5/12 : COPY Services/Tailwind.Traders.PopularProduct.Api/go.mod .
COPY failed: stat /var/lib/docker/tmp/docker-builder801703890/Services/Tailwind.Traders.PopularProduct.Api/go.mod: no such file or directory

Instead of Service Principles passwords/certificates, Managed Identities

Will Tailwind be used to showcase transition to Managed Identities rather than less secure SPs?

Managed Identities are now the preferred approach to manage the “security identity” because they are created automatically. System-assigned managed identities are enabled on the Azure service, giving the actual service an identity within Azure AD. Such service identities are only active until the instance has been deleted or disabled. Once this happens, Azure will automatically clean up the service identity within Azure AD.

Deploy-Images-Aks.ps1: Error: unable to build kubernetes objects from release manifest: unable to recognize "": no matches for kind "Deployment" in version "apps/v1beta2"

Deploy-Images-Aks.ps1: Error: unable to build kubernetes objects from release manifest: unable to recognize "": no matches for kind "Deployment" in version "apps/v1beta2"

As per https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/

kubectl version
Client Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.5", GitCommit:"20c265fef0741dd71a66480e35bd69f18351daea", GitTreeState:"clean", BuildDate:"2019-10-15T19:16:51Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.0", GitCommit:"70132b0f130acc0bed193d9ba59dd186f0e634cf", GitTreeState:"clean", BuildDate:"2020-01-27T21:11:27Z", GoVersion:"go1.13.4", Compiler:"gc", Platform:"linux/amd64"}

helm version
version.BuildInfo{Version:"v3.0.3", GitCommit:"ac925eb7279f4a6955df663a0128044a8a6b7593", GitTreeState:"clean", GoVersion:"go1.13.7"}

Fix: Update each of the template deployment.yaml files to apiVersion: apps/v1

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.