In this challenge, you’ll do the following:
Your coach will provide you with a Resources.zip
package file that contains the starting projects for this hack. It contains a version of the services that use plain HTTP communication and store state in memory. With each challenge, you’ll add a Dapr building block to enhance the application architecture.
Make sure the following minimum software versions are installed by executing the commands in the following table:
Software | Version | Command Line |
---|---|---|
Dapr runtime version | v1.8.4 | dapr --version |
Dapr CLI version | v1.2.0 | dapr --version |
DotNet version | 6.0.0 | dotnet --version |
azure-cli | 2.42.0 | az --version |
You’ll create the Azure resources for the subsequent challenges using Azure Bicep and the Azure CLI.
If you’re using Azure Cloud Shell, skip this step and proceed to step 2. Open the terminal window in VS Code and make sure you’re logged in to Azure
az login
Make sure you have selected the Azure subscription in which you want to work. Replace the ‘x’s with your subscription GUID or subscription name. The subscription GUID can be found in the Azure Resource Group blade from the Azure Portal.
az account set --subscription "xxxx-xxxx-xxxx-xxxx"
In the accompanying source code, modify the Resources/Infrastructure/bicep/env/main.parameters.json
file so it contains the proper data for the deployment:
{
"appName": {
"value": "dapr"
},
"region": {
"value": "ussc"
},
"environment": {
"value": "dev"
}
}
You’ll now create the required Azure resources inside your resource group with the following Azure CLI command (replace the resource group name).
az deployment group create --resource-group <resource-group-name> --template-file ./main.bicep --parameters ./env/main.parameters.json --query "properties.outputs" --output yamlc
Creating the resources can take some time (>20 minutes). You’re encouraged to jump to review the TrafficControl app architecture while the command executes.
Upon completion, the command will output information about the newly-created Azure resources:
aksFQDN:
type: String
value: dapr-mce123-609718f5.hcp.southcentralus.azmk8s.io
aksName:
type: String
value: aks-dapr-mce123
aksazurePortalFQDN:
type: String
value: dapr-mce123-609718f5.portal.hcp.southcentralus.azmk8s.io
containerRegistryLoginServerName:
type: String
value: crdaprmce123.azurecr.io
containerRegistryName:
type: String
value: crdaprmce123
eventHubEntryCamName:
type: String
value: ehn-dapr-mce123-trafficcontrol/entrycam
eventHubExitCamName:
type: String
value: ehn-dapr-mce123-trafficcontrol/exitcam
eventHubNamespaceHostName:
type: String
value: https://ehn-dapr-mce123-trafficcontrol.servicebus.windows.net:443/
eventHubNamespaceName:
type: String
value: ehn-dapr-mce123-trafficcontrol
iotHubName:
type: String
value: iothub-dapr-mce123
keyVaultName:
type: String
value: kv-dapr-mce123
logicAppAccessEndpoint:
type: String
value: https://prod-29.southcentralus.logic.azure.com:443/workflows/9bd179c8dd7049b8a152e5f2608f8efc
logicAppName:
type: String
value: logic-smtp-dapr-mce123
redisCacheName:
type: String
value: redis-dapr-mce123
serviceBusEndpoint:
type: String
value: https://sb-dapr-mce123.servicebus.windows.net:443/
serviceBusName:
type: String
value: sb-dapr-mce123
storageAccountContainerName:
type: String
value: trafficcontrol
storageAccountKey:
type: String
value: 7Ck76nP/5kFEhNx6C...V85L+0dFMFOA/xJLIvK25f2irUmVouPRbSGXKEzRQ==
storageAccountName:
type: String
value: sadaprmce123
Copy these values into a text editor. You’ll need them to configure your Dapr services.
Run the following command to fetch the AKS credentials for your cluster.
az aks get-credentials --name "<aks-name>" --resource-group "<resource-group-name>"
The az aks get-credentials
command retrieves credentials for an AKS cluster. It merges the credentials into your local kubeconfig file.
Verify your “target” cluster is set correctly.
kubectl config get-contexts
Make sure that you see a listing for aks-dapr-<your value>
and that it has a star next to it as shown below:
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
* aks-dapr-<your value> aks-dapr-<your value> clusterUser_rg-dapr-<your value>_aks-dapr-<your value> default
Install Dapr in your AKS cluster
Run the following command to initialize Dapr in your Kubernetes cluster using your current context.
dapr init -k
Your results should resemble the following:
Making the jump to hyperspace...
Note: To install Dapr using Helm, see here: https://docs.dapr.io/getting-started/install-dapr-kubernetes/#install-with-helm-advanced
Deploying the Dapr control plane to your cluster...
Success! Dapr has been installed to namespace dapr-system. To verify, run `dapr status -k' in your terminal. To get started, go here: https://aka.ms/dapr-getting-started
Verify the Dapr deployment to your AKS cluster with the following command:
dapr status -k
Your results should resemble the following:
NAME NAMESPACE HEALTHY STATUS REPLICAS VERSION AGE CREATED
dapr-sentry dapr-system True Running 1 1.2.2 1m 2021-07-02 08:45.44
dapr-sidecar-injector dapr-system True Running 1 1.2.2 1m 2021-07-02 08:45.44
dapr-operator dapr-system True Running 1 1.2.2 1m 2021-07-02 08:45.44
dapr-dashboard dapr-system True Running 1 0.6.0 1m 2021-07-02 08:45.44
dapr-placement-server dapr-system True Running 1 1.2.2 1m 2021-07-02 08:45.45
Create the dapr-trafficcontrol
Kubernetes namespace
You will need to create a namespace to own all of the TrafficControl Kubernetes objects.
kubectl create namespace dapr-trafficcontrol
Install the AKS Workload Identity extension in your AKS cluster so it can use the managed identity to access Azure services (like Key Vault).
az aks update -g <resource-group-name> -n <cluster-name> --enable-oidc-issuer --enable-workload-identity
Assign permissions to KeyVault
Lastly, assign yourself access to the KeyVault so you can create secrets:
az keyvault set-policy --resource-group "<resource-group-name>" --name "<key-vault-name>" --upn "dwight.k.schrute@dunder-mifflin.com" --secret-permissions get list set delete --certificate-permissions get list create delete update
Run the following command to initialize your local Dapr environment:
dapr init
Spend some time with your teammates reviewing the TrafficControl application architecture & services.
The traffic-control application architecture consists of four microservices:
/entrycam
and /exitcam
./collectfine
for collecting fines./getvehicleinfo/{license-number}
for retrieving vehicle and owner information of a vehicle.These services compose together to simulate a traffic control scenario.
TrafficControl Application & Services Description