Challenge 0: Install local tools and Azure prerequisites

Home - Next Challenge >

Description

In this challenge, you’ll do the following:

Your coach will provide you with a Resources.zip package file that contains the starting projects for this hack. It contains a version of the services that use plain HTTP communication and store state in memory. With each challenge, you’ll add a Dapr building block to enhance the application architecture.

Install local prerequisites

Make sure the following minimum software versions are installed by executing the commands in the following table:

Software Version Command Line
Dapr runtime version v1.8.4 dapr --version
Dapr CLI version v1.2.0 dapr --version
DotNet version 6.0.0 dotnet --version
azure-cli 2.42.0 az --version

Deployment

You’ll create the Azure resources for the subsequent challenges using Azure Bicep and the Azure CLI.

  1. If you’re using Azure Cloud Shell, skip this step and proceed to step 2. Open the terminal window in VS Code and make sure you’re logged in to Azure

    az login
    
  2. Make sure you have selected the Azure subscription in which you want to work. Replace the ‘x’s with your subscription GUID or subscription name. The subscription GUID can be found in the Azure Resource Group blade from the Azure Portal.

    az account set --subscription "xxxx-xxxx-xxxx-xxxx"
    
  3. In the accompanying source code, modify the Resources/Infrastructure/bicep/env/main.parameters.json file so it contains the proper data for the deployment:

    {
      "appName": {
        "value": "dapr"
      },
      "region": {
        "value": "ussc"
      },
      "environment": {
        "value": "dev"
      }
    }
    
  4. You’ll now create the required Azure resources inside your resource group with the following Azure CLI command (replace the resource group name).

    az deployment group create --resource-group <resource-group-name> --template-file ./main.bicep --parameters ./env/main.parameters.json --query "properties.outputs" --output yamlc
    

    Creating the resources can take some time (>20 minutes). You’re encouraged to jump to review the TrafficControl app architecture while the command executes.

    Upon completion, the command will output information about the newly-created Azure resources:

    aksFQDN:
      type: String
      value: dapr-mce123-609718f5.hcp.southcentralus.azmk8s.io
    aksName:
      type: String
      value: aks-dapr-mce123
    aksazurePortalFQDN:
      type: String
      value: dapr-mce123-609718f5.portal.hcp.southcentralus.azmk8s.io
    containerRegistryLoginServerName:
      type: String
      value: crdaprmce123.azurecr.io
    containerRegistryName:
      type: String
      value: crdaprmce123
    eventHubEntryCamName:
      type: String
      value: ehn-dapr-mce123-trafficcontrol/entrycam
    eventHubExitCamName:
      type: String
      value: ehn-dapr-mce123-trafficcontrol/exitcam
    eventHubNamespaceHostName:
      type: String
      value: https://ehn-dapr-mce123-trafficcontrol.servicebus.windows.net:443/
    eventHubNamespaceName:
      type: String
      value: ehn-dapr-mce123-trafficcontrol
    iotHubName:
      type: String
      value: iothub-dapr-mce123
    keyVaultName:
      type: String
      value: kv-dapr-mce123
    logicAppAccessEndpoint:
      type: String
      value: https://prod-29.southcentralus.logic.azure.com:443/workflows/9bd179c8dd7049b8a152e5f2608f8efc
    logicAppName:
      type: String
      value: logic-smtp-dapr-mce123
    redisCacheName:
      type: String
      value: redis-dapr-mce123
    serviceBusEndpoint:
      type: String
      value: https://sb-dapr-mce123.servicebus.windows.net:443/
    serviceBusName:
      type: String
      value: sb-dapr-mce123
    storageAccountContainerName:
      type: String
      value: trafficcontrol
    storageAccountKey:
      type: String
      value: 7Ck76nP/5kFEhNx6C...V85L+0dFMFOA/xJLIvK25f2irUmVouPRbSGXKEzRQ==
    storageAccountName:
      type: String
      value: sadaprmce123
    

    Copy these values into a text editor. You’ll need them to configure your Dapr services.

  5. Run the following command to fetch the AKS credentials for your cluster.

    az aks get-credentials --name "<aks-name>" --resource-group "<resource-group-name>"
    

    The az aks get-credentials command retrieves credentials for an AKS cluster. It merges the credentials into your local kubeconfig file.

  6. Verify your “target” cluster is set correctly.

    kubectl config get-contexts
    

    Make sure that you see a listing for aks-dapr-<your value> and that it has a star next to it as shown below:

    CURRENT  NAME                   CLUSTER                AUTHINFO                                               NAMESPACE
    *        aks-dapr-<your value>  aks-dapr-<your value>  clusterUser_rg-dapr-<your value>_aks-dapr-<your value> default
    
  7. Install Dapr in your AKS cluster

    Run the following command to initialize Dapr in your Kubernetes cluster using your current context.

    dapr init -k
    

    Your results should resemble the following:

    Making the jump to hyperspace...
    Note: To install Dapr using Helm, see here: https://docs.dapr.io/getting-started/install-dapr-kubernetes/#install-with-helm-advanced
    
    Deploying the Dapr control plane to your cluster...
    Success! Dapr has been installed to namespace dapr-system. To verify, run `dapr status -k' in your terminal. To get started, go here: https://aka.ms/dapr-getting-started
    

    Verify the Dapr deployment to your AKS cluster with the following command:

    dapr status -k
    

    Your results should resemble the following:

    NAME                   NAMESPACE    HEALTHY  STATUS   REPLICAS  VERSION  AGE  CREATED
    dapr-sentry            dapr-system  True     Running  1         1.2.2    1m   2021-07-02 08:45.44
    dapr-sidecar-injector  dapr-system  True     Running  1         1.2.2    1m   2021-07-02 08:45.44
    dapr-operator          dapr-system  True     Running  1         1.2.2    1m   2021-07-02 08:45.44
    dapr-dashboard         dapr-system  True     Running  1         0.6.0    1m   2021-07-02 08:45.44
    dapr-placement-server  dapr-system  True     Running  1         1.2.2    1m   2021-07-02 08:45.45
    
  8. Create the dapr-trafficcontrol Kubernetes namespace

    You will need to create a namespace to own all of the TrafficControl Kubernetes objects.

    kubectl create namespace dapr-trafficcontrol
    
  9. Install the AKS Workload Identity extension in your AKS cluster so it can use the managed identity to access Azure services (like Key Vault).

     az aks update -g <resource-group-name> -n <cluster-name> --enable-oidc-issuer --enable-workload-identity
    
  10. Assign permissions to KeyVault

    Lastly, assign yourself access to the KeyVault so you can create secrets:

    az keyvault set-policy --resource-group "<resource-group-name>" --name "<key-vault-name>" --upn "dwight.k.schrute@dunder-mifflin.com" --secret-permissions get list set delete --certificate-permissions get list create delete update
    
  11. Run the following command to initialize your local Dapr environment:

    dapr init
    

Review TrafficControl application architecture

Spend some time with your teammates reviewing the TrafficControl application architecture & services.

The traffic-control application architecture consists of four microservices:

Services

These services compose together to simulate a traffic control scenario.

TrafficControl Application & Services Description

Success Criteria