maitsa-service v1.0.0
Service Template
Architecture
Business logic in src/service
Controllers (src/api/controller) are triggered by either service bus (src/api/service-bus) or express routers (src/api/routes)
Development & Deployment
Install Dependencies
npm i
Start Service
npm start
Testing Framework
We use Mocha and Chai with Chai-Http. This combination allows us to first start the server (load key vault values, start Express, ...) and then programmatically simulate requests.
Tests are coded in ./tests and allow for TypeScript.
npm test
Tests will automatically be processed with every Docker build (see Dockerfile)
Environmental Variables
NODE_ENV=development
PORT=3005
AZURE_KEYVAULT_URI=https://backend-key-vault.vault.azure.net/
AZURE_CLIENT_ID=<CLIENT ID>
AZURE_CLIENT_SECRET=<SECRET>
AZURE_TENANT_ID=bf2e212e-cf03-4606-beaf-7715d6f28009
Docker Deployment
sudo docker build . -t digicust/<service-name>
sudo docker run --env-file ./.env -d digicust/<service-name>
CI/CD on Azure
1. Dockerhub
Create docker repository via https://hub.docker.com/repository/create
Choose "Private Repository" and add a build rule for branch "Master" and choose "Dockerfile".
2. Azure App Service
Create new Azure App Service. Choose option Publish=Docker Container, OS=Linux, Region=Germany West Central. In the next config page choose Options=Single Container, Image Source=Private Registry (we faced issues with using directly Dockerhub). For Server URL choose "https://index.docker.io/", for user "1445442" and our password.Field "Image and Tag" is in the format: "1445442/digicust-:latest". Leave "startup command" empty. In the Tags-Tab choose use=backend, service=
In the app service, navigate to "Deployment Center"/"Settings" and copy the Webhook URL and add it to Dockerhub.
3. Create Active Directory Identity
Navigate to Azure/Active Directory/App Registrations/New Registration. Choose "Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)". Click "Register". Navigate to Token Configuration and add group claims.. Navigate to "Expose an API" and "add a scope". Create new scope with name "CustomersDelegated". Add this scope as API permission to all relevant applications (e.g. "neo-frontend" and "test-customer-application") and add admin consent.Navigate to Certificates and Secrets and create a new client secret.
4. Add Environmental Config
Navigate to App Service/Configuration and add the following env variables:
NODE_ENV=production
PORT=80
AZURE_KEYVAULT_URI=https://backend-key-vault.vault.azure.net/
AZURE_CLIENT_ID=<AD CLIENT ID>
AZURE_CLIENT_SECRET=<AD CLIENT SECRET>
AZURE_TENANT_ID=bf2e212e-cf03-4606-beaf-7715d6f28009
4. Add to Key Vault
Navigate to backend key vault and add role assignment "Key Vault Secrets User" to the service identity via Access Control.
5. Add to Application Gateway
Navigate to the Azure Application Gateway. Create backend-pool with the app service as target. Next, create health probe with host of format ".azurewebsites.net" and path "/". Next, create a HTTP setting with port 80, "Pick host name from backend target" and custom probe. Now, navigate to "Rules"/microservices/Backend Targets and add new target with the route "/*" and the previously defined target pool and http setting. Service should be online, check for backend health.
Should get online within minutes on https://api.digicust.com/
3 years ago