azure app configuration,

Event-Driven Infrastructure with App Configuration

Sven Malvik Sven Malvik Connect Sep 12, 2020 · 8 mins read
Event-Driven Infrastructure with App Configuration

Azure App Configuration is great for externalizing application configurations. But what if an application is our infrastructure? How could we dynamically update our infrastructure based on a change in Azure App Configuration? To give you an idea of what I have in mind … At Vipps we have two AKS clusters. Only one cluster is active at any given time. We use the second cluster to test AKS upgrades. In front of AKS is Azure API Management that can route traffic to AKS-blue or AKS-green. The information of what cluster is active and what is inactive can be stored in Azure App Configuration, and then being send to API Management that uses the value in a policy. In this post, I will show how to automate a switch from one AKS cluster to another cluster with Azure Event Grid. This scenario was a study that i did to find out how to use Azure App Configuration for an Event-Driven Infrastructure.

Event flow diagram of how Azure App Configuration events trigger Azure API Management deployments

Agenda

Overview

Before we start, I will give a high-level overview of the event flow between the services I used. The data of what cluster is active is stored in Azure App Configuration. Whenever I change this value, meaning I set the other AKS cluster as active, a change event is published to Azure Event Grid. Azure Automation subscribes to Event Grid and triggers an update in Azure API Management that routes the traffic to either AKS-blue or AKS-green. More information about Policies in Azure API Management in a previous post.

Event flow diagram of how Azure App Configuration events trigger Azure API Management deploymentsEvent flow diagram of how Azure App Configuration events trigger Azure API Management deployments

Deploy Azure App Configuration

We can deploy an instance of Azure App Configuration Service from Azure Cloud Shell with Azure CLI. To do so we select Bash as shown below.

Azure Cloud Shell for BashAzure Cloud Shell for Bash

Before we start, we have to make sure that we are in the correct subscription.

# Make sure you are in the correct subscription
az account show

# Eventually switch the current subscription
az account set --subscription "YOUR-SUBSCRIPTION"

We can now deploy a new instance of Azure App Configuration Service.

Complete list of all Azure CLI commands for Azure App Configuration

# We'll put our resources into a new resource group.
az group create --name "appc2apim-rg" --location "westeurope"

# You can have one Free instance per subscription
az appconfig create --name "appc2apim-appc" --location "westeurope" --resource-group "appc2apim-rg" --sku free

Deploy Azure API Management

To deploy an instance of Azure API Management we use PowerShell from within Cloud Shell. You can easily switch from Bash to PowerShell:

Azure Cloud Shell Bash and PowerShellAzure Cloud Shell Bash and PowerShell

Now run the following command to create an instance of Azure API Management. This will take about 2 minutes.

New-AzApiManagement -ResourceGroupName "appc2apim-rg" -Name "appc2apim-apim-service" -Location "westeurope" -Organization "<ORGANIZATION>" -AdminEmail "<YOUR_EMAIL" --Sku "Consumption"

Deploy Azure Automation

Now that we have Azure App Configuration and Azure API Management in place, we need to tie them together. First, we create an Azure Automation Account.

Create Azure Automation AccountCreate Azure Automation Account

We give it a name, subscription, a resource group. We also create a service principle.

Configure Azure Automation AccountConfigure Azure Automation Account

We can see that a service principle was created.

Azure Automation Account Service PrincipleAzure Automation Account Service Principle

Create Runbook

When we first created our Automation Account, we will notice that we got three runbooks that we could use to get started. You can chose to delete those like I did.

Default RunbooksDefault Runbooks

Then I created a runbook with type PowerShell. This will be empty and we will write the code for it later.

Create RunbookCreate Runbook

Importing Az modules into Azure Automation Account

We need the Az.ApiManagement PowerShell Module to update named values in API Management. The named value that we are going to update is a key/value pair telling about what AKS cluster currently is active. We’ll get this from Azure App Configuration.

Az.ApiManagement PowerShell ModuleAz.ApiManagement PowerShell Module

Click import to make this module available.

Importing Az.ApiManagement PowerShell ModuleImporting Az.ApiManagement PowerShell Module

We also need the Az.AppConfiguration PowerShell Module to read the key/value pair that is telling about the active cluster.

Az.AppConfiguration PowerShell ModuleAz.AppConfiguration PowerShell Module

At this time the Az.AppConfiguration PowerShell Module does not provide a Get--function to read configurations from Azure App Configuration. This is of course a problem and requires to use the REST interface of App Configuration instead.

Az.AppConfiguration Functions AvailableAz.AppConfiguration Functions Available

Create Webhook

To be able to trigger this runbook, we need a webhook that Azure Event Grid can request.

Create Webhook in RunbookCreate Webhook in Runbook

What we then get is a URL that we need to copy immediately and save somewhere. We will need it in the next section where we create an event subscription.

URL in Webhook in RunbookURL in Webhook in Runbook

Deploy named value to Azure API Management

Now we will deploy a random value as named value to Azure API Management from our runbook. Copy the code into your runbook and test it. update-apim-nv-from-runbook.ps1

Read from Azure App Configuration

As mentioned previously, Az.AppConfiguration PowerShell Module does not provide a Get--function to read configurations from Azure App Configuration yet. This requires from us to use the REST interface of App Configuration instead. In a previous post, I write about how to use Postman to read from Azure App Configuration. As we are using PowerShell in our runbook, we would need to convert the code from Javascript to PowerShell. Take a look at the code for reading a key/value from Azure App Configuration that came in as a parameter in powershell and update the same named value in Azure API Management.

Create Event Subscription

The only service we are missing is an Event Subscription in Azure Event Grid. One way of creating it is from our Azure App Configuration service.

Create Event Subscription in Azure App ConfigurationCreate Event Subscription in Azure App Configuration

We need now the Webhook URL from the previous section that you need to set as the endpoint. In addition you will set a name for the topic.

Configuring Event SubscriptionConfiguring Event Subscription

Testing

We create a named value in Azure API Management that we want to be updated.

Named Value in Azure API ManagementNamed Value in Azure API Management

We create a key/value pair that will triggers an event.

Key in Azure App ConfigurationKey in Azure App Configuration

We see now a new job in the Runbook queue.

Runbook Job in QueueRunbook Job in Queue

Short time later, we see that the named value in Azure API Management was updated with the current time.

Updated Named Value in Azure API ManagementUpdated Named Value in Azure API Management

Looking at the details of the event, we see our key from Azure App Configuration that triggered the chain.

Input Event to RunbookInput Event to Runbook

Next Step

We saw that we can keep infrastructure configurations in Azure App Configuration. A change will trigger an event which will then execute a Runbook. As a runbook just runs code, and we can implement whatever we want, we can re-configure whatever we want, also infrastructure-as in our case. Azure App Configuration is a quit new service, and it doesn’t provide a complete list of functions at the time of this writing. This means me need to call the REST interface of Azure App Configuration instead.

Resources

Join Newsletter
Get the latest updates right in your inbox. I never spam!
Sven Malvik
Written by Sven Malvik

Latest Stories

Azure App Configuration Introduction

We build this great application that we configure exactly the way it fits into our environments, and then we realize that changing a conf...

May 09, 2020

Logging in Azure API Management

This post is a complete step-by-step guide on how to send logs from Azure API Management to Azure Event Hub with PowerShell. We start by ...

Apr 11, 2020

Understanding Policies in Azure API Management

Policies are the heart of Azure API Management. They let us change the behavior of our APIs in a very flexible manner. Before I dive in t...

Apr 18, 2020

Using App Configuration in Azure DevOps

Application deployments dependent often on environment specific data like the name of a resource group, location or flags for certain use...

Aug 01, 2020

How To Debug Policies in Azure API Management. A Step-by-Step Guide.

In this post I want to briefly go through the Azure API Management extension for VSCode and how we can debug policies. It’s one of the qu...

Jan 16, 2021

Introduction to Azure API Management

Azure API Management (APIM) is a way to create consistent and modern API gateways for existing backend services. It provides an interface...

Jan 25, 2021

How To Manage Azure Virtual Machines

I will go through the first steps for managing Virtual Machines. We will create a Windows VM, start the Internet Information Service IIS,...

Dec 26, 2020

AZ-303 Self-Study Guide for Becoming an Azure Solution Architect

Microsoft updated it’s role based exam for AZ-300. It’s now called AZ-303 and launched last year. This certification is a great proof for...

Feb 01, 2021

Azure API Management with Terraform

Terraform is a popular tool for managing infrastructure resources. I counted about 120 supported providers. Azure is one of them. In this...

Apr 04, 2020

How to Secure Azure Functions App with Azure API Management

How to use an Azure Managed Identity to authenticate against an Azure Functions app that is exposed through Azure API Management. Our Fun...

Feb 02, 2021

Backup and Restore in Azure API Management

As infrastructure gets more complex, more parts will eventually break. This is even more true as we make frequently changes. Sometimes we...

May 02, 2020

Latest Stories

Azure App Configuration Introduction

Azure App Configuration Introduction

We build this great application that we configure exactly the way it fits into our environments, and then we realize that changing a conf...

May 09, 2020

Logging in Azure API Management

Logging in Azure API Management

This post is a complete step-by-step guide on how to send logs from Azure API Management to Azure Event Hub with PowerShell. We start by ...

Apr 11, 2020

Understanding Policies in Azure API Management

Understanding Policies in Azure API Management

Policies are the heart of Azure API Management. They let us change the behavior of our APIs in a very flexible manner. Before I dive in t...

Apr 18, 2020

Using App Configuration in Azure DevOps

Using App Configuration in Azure DevOps

Application deployments dependent often on environment specific data like the name of a resource group, location or flags for certain use...

Aug 01, 2020

How To Debug Policies in Azure API Management. A Step-by-Step Guide.

How To Debug Policies in Azure API Management. A Step-by-Step Guide.

In this post I want to briefly go through the Azure API Management extension for VSCode and how we can debug policies. It’s one of the qu...

Jan 16, 2021

Introduction to Azure API Management

Introduction to Azure API Management

Azure API Management (APIM) is a way to create consistent and modern API gateways for existing backend services. It provides an interface...

Jan 25, 2021

How To Manage Azure Virtual Machines

How To Manage Azure Virtual Machines

I will go through the first steps for managing Virtual Machines. We will create a Windows VM, start the Internet Information Service IIS,...

Dec 26, 2020

AZ-303 Self-Study Guide for Becoming an Azure Solution Architect

AZ-303 Self-Study Guide for Becoming an Azure Solution Architect

Microsoft updated it’s role based exam for AZ-300. It’s now called AZ-303 and launched last year. This certification is a great proof for...

Feb 01, 2021

Azure API Management with Terraform

Azure API Management with Terraform

Terraform is a popular tool for managing infrastructure resources. I counted about 120 supported providers. Azure is one of them. In this...

Apr 04, 2020

How to Secure Azure Functions App with Azure API Management

How to Secure Azure Functions App with Azure API Management

How to use an Azure Managed Identity to authenticate against an Azure Functions app that is exposed through Azure API Management. Our Fun...

Feb 02, 2021

Backup and Restore in Azure API Management

Backup and Restore in Azure API Management

As infrastructure gets more complex, more parts will eventually break. This is even more true as we make frequently changes. Sometimes we...

May 02, 2020