Production Enviroment Requierements

# Production Enviroment Requierements ## Infrastructure ### Design ![](https://i.imgur.com/WpAz3V4.png) according to this design we need the following azure resources ### Resources Organization: - Azure Resource Group (`GLOBAL-BREWDAT-LH-RG-GB-PROD`) Compute power: - Azure App Service (`brewdat-lh-appservice-backend-prod` for Backend) - Azure App Service (`brewdat-lh-appservice-prod` for Frontend) - Azure Kubernetes service (`brewdat-lh-kubernetes-prod` for APIs) Management: - Azure API Management service (`brewdat-lh-apim1-prod` to expouse our Kubernetes APIs) - Azure Key vault (`brewdatlhakvgbprod` to store Backend, Frontend and APIs environment variables) Database and strorage: - Azure SQL server (`brewdat-lh-mssqlserver-prod` as a main DB) - Azure Cosmos DB (`brewdat-lh-cosmosdb1-prod` as Experiment Repository) ## Configuration - User creation with read/write permissions to the main database `brewdat-lh-mssqlserver-prod` - Main Database `brewdat-lh-mssqlserver-prod` firewall configuration to allow access to the backend and APIs of the Azure Kubernetes service - Azure Cosmos DB `brewdat-lh-cosmosdb1-prod` firewall configuration to allow access to the backend and APIs of the Azure Kubernetes service - Set application environment variables as secrets in the Azure Key Vault (AKV) - Access to the Azure Container Registry (ACR) from the Azure Kubernetes Serivice (AKS) ```bash az aks update \ -n brewdat-lh-kubernetes-prod \ -g GLOBAL-BREWDAT-LH-RG-GB-PROD \ --attach-acr /subscriptions/2db7c27b-2f9f-4088-981b-2bd88c5c1905/resourceGroups/GLOBAL-BREWDAT-LH-RG-GB-PROD/providers/Microsoft.ContainerRegistry/registries/globaltestlearnplatform ``` - Azure Kubernetes Service (AKS) accesses to Azure Key Vault (AKV) secrets as env vars - CI/CD pipeline access to deploy and re-deploy ```bash az ad sp create-for-rbac \ --name "github-actions-test-ops-cd" \ --sdk-auth \ --role contributor \ --scopes \ /subscriptions/73f88e6b-3a35-4612-b550-555157e7059f/resourcegroups/GLOBAL-BREWDAT-LH-RG-GB-DEV/providers/Microsoft.ContainerService/managedClusters/brewdat-lh-kubernetes-dev \ /subscriptions/73f88e6b-3a35-4612-b550-555157e7059f/resourcegroups/GLOBAL-BREWDAT-LH-RG-GB-QA/providers/Microsoft.ContainerService/managedClusters/brewdat-lh-kubernetes-qa \ <aks-prod> ``` add to service principal a AKV policy to list and get secrets and to the userAssignedIdentityID - Application versioning - add add on ```bash= az aks enable-addons --addons azure-keyvault-secrets-provider --name myAKSCluster --resource-group myResourceGroup ``` az aks update -n brewdat-lh-kubernetes-prod -g GLOBAL-BREWDAT-LH-RG-GB-PROD --attach-acr /subscriptions/2db7c27b-2f9f-4088-981b-2bd88c5c1905/resourceGroups/GLOBAL-BREWDAT-LH-RG-GB-PROD/providers/Microsoft.ContainerRegistry/registries/globaltestlearnplatform az aks enable-addons --addons azure-keyvault-secrets-provider -n brewdat-lh-kubernetes-prod -g GLOBAL-BREWDAT-LH-RG-GB-PROD RITM9957052 az ad sp create-for-rbac --name "github-actions-testops-prod-cd" --sdk-auth --role contributor --scopes /subscriptions/2db7c27b-2f9f-4088-981b-2bd88c5c1905/resourceGroups/GLOBAL-BREWDAT-LH-RG-GB-PROD/providers/Microsoft.ContainerService/managedClusters/brewdat-lh-kubernetes-prod RITM9957106