This section describes the deployment steps for the reference implementation of a reliable web application pattern with .NET on Microsoft Azure. These steps guide you through using the jump box that is deployed when performing a network isolated deployment because access to resources will be restricted from public network access and must be performed from a machine connected to the vnet.
We recommend that you use a Dev Container to deploy this application. The requirements are as follows:
- Azure Subscription.
- Visual Studio Code.
- Docker Desktop.
- Permissions to register an application in Microsoft Entra ID.
- Visual Studio Code Dev Containers extension.
If you do not wish to use a Dev Container, please refer to the prerequisites for detailed information on how to set up your development system to build, run, and deploy the application.
Note
These steps are used to connect to a Linux jump box where you can deploy the code. The jump box is not designed to be a build server. You should use a devOps pipeline to manage build agents and deploy code into the environment. Also note that for this content the jump box is a Linux VM. This can be swapped with a Windows VM based on your organization's requirements.
The following detailed deployment steps assume you are using a Dev Container inside Visual Studio Code.
-
Start a powershell session in the dev container terminal:
pwsh
-
Import the Azure cmdlets:
Import-Module Az.Resources
-
Log in to Azure:
Connect-AzAccount -UseDeviceAuthentication
-
Set the subscription to the one you want to use (you can use Get-AzSubscription to list available subscriptions):
$AZURE_SUBSCRIPTION_ID="<your-subscription-id>"
Set-AzContext -SubscriptionId $AZURE_SUBSCRIPTION_ID
-
Azure Developer CLI (azd) has its own authentication context. Run the following command to authenticate to Azure:
azd auth login --use-device-code
-
Create a new AZD environment to store your deployment configuration values:
azd env new <pick_a_name>
-
Set the default subscription for the azd context:
azd env set AZURE_SUBSCRIPTION_ID $AZURE_SUBSCRIPTION_ID
-
To create the prod deployment:
azd env set ENVIRONMENT prod
-
Production is a multi-region deployment. Choose an Azure region for the primary deployment (Run
(Get-AzLocation).Location
to see a list of locations):azd env set AZURE_LOCATION <pick_a_region>
You want to make sure the region has availability zones. Azure App Service is configured with Availability zone support.
-
Choose an Azure region for the secondary deployment:
azd env set AZURE_SECONDARY_LOCATION <pick_a_region>
We encourage readers to choose paired regions for multi-regional web apps. Paired regions typically offer low network latency, data residency in the same geography, and sequential updating. Read Azure paired regions to learn more about these regions.
-
Run the following command to create the Azure resources (about 45-minutes to provision):
azd provision
-
Start a new PowerShell session in the terminal (In VS Code use
Ctrl+Shift+~
). Run the following command from the dev container terminal to start a new PowerShell session:pwsh
-
We use the Azure CLI to create a bastion tunnel that allows us to connect to the jump box:
az login --use-device-code
$AZURE_SUBSCRIPTION_ID = ((azd env get-values --output json | ConvertFrom-Json).AZURE_SUBSCRIPTION_ID)
az account set --subscription $AZURE_SUBSCRIPTION_ID
-
Run the following to set the environment variables for the bastion tunnel:
$bastionName = ((azd env get-values --output json | ConvertFrom-Json).BASTION_NAME) $resourceGroupName = ((azd env get-values --output json | ConvertFrom-Json).BASTION_RESOURCE_GROUP) $targetResourceId = ((azd env get-values --output json | ConvertFrom-Json).JUMPBOX_RESOURCE_ID)
-
Run the following command to create a bastion tunnel to the jump box:
az network bastion tunnel --name $bastionName --resource-group $resourceGroupName --target-resource-id $targetResourceId --resource-port 22 --port 50022
NOTE
Now that the tunnel is open, change back to use the original PowerShell session to deploy the code.
-
Run the following command to restore packages and compile code.
azd package
-
Install the SSH extension for Azure CLI
az extension add --name ssh
-
Obtain an SSH key from entra:
az ssh config --ip 127.0.0.1 -f ./ssh-config
-
From PowerShell use the following
rsync
command to upload the code to the jump box using the ssh config exported above:rsync -av -e "ssh -F ./ssh-config -p 50022" . 127.0.0.1:~/web-app-pattern
If you were unable to connect due to Remote host identification has changed
-
Run the following command to start a shell session on the jump box using the ssh config exported above:
ssh -F ./ssh-config 127.0.0.1 -p 50022
-
Change to the directory where you uploaded the code:
cd web-app-pattern
-
Change the exeuatable permissions on the scripts:
chmod +x ./infra/scripts/**/*.sh
-
Start a PowerShell session:
pwsh
-
Sign in to Azure PowerShell interactively:
Connect-AzAccount -UseDeviceAuthentication
Set-AzContext -SubscriptionId ((azd env get-values --output json | ConvertFrom-Json).AZURE_SUBSCRIPTION_ID)
-
azd auth login --use-device-code
-
Deploy the application to the primary region using:
azd deploy
It takes approximately 5 minutes to deploy the code.
WARNING
In some scenarios, the DNS entries for resources secured with Private Endpoint may have been cached incorrectly. It can take up to 10-minutes for the DNS cache to expire.
-
Deploy the application to the secondary region using:
azd env set AZURE_RESOURCE_GROUP ((azd env get-values --output json | ConvertFrom-Json).SECONDARY_RESOURCE_GROUP)
azd deploy
-
Use the URL displayed in the console output to launch the Relecloud application that you have deployed:
-
Close the PowerShell session on the jump box:
exit
-
Close your SSH session:
exit
-
Close your background shell that opened the bastion tunnel with the interrupt command Ctrl+C.
-
To tear down the deployment, run the following command from your dev container to remove all resources from Azure:
azd down --purge --force