Deploy Azure Function application on AKS using an ARM Template

The following README will guide you on how to deploy a “Ready to Go” environment so you can start using Azure Arc-enabled app services deployed on Azure Kubernetes Service (AKS) cluster using Azure ARM Template.

By the end of this guide, you will have an AKS cluster deployed with an App Service plan, a sample Azure Function application that sends messages to an Azure storage account queue and a Microsoft Windows Server 2022 (Datacenter) Azure VM, installed & pre-configured with all the required tools needed to work with Azure Arc-enabled app services.

Note: Currently, Azure Arc-enabled app services is in preview.

Prerequisites

  • Clone the Azure Arc Jumpstart repository

    git clone https://github.com/microsoft/azure_arc.git
    
  • Install or update Azure CLI to version 2.15.0 and above. Use the below command to check your current installed version.

    az --version
    
  • Generate SSH Key (or use existing ssh key).

  • Create Azure service principal (SP)

    To be able to complete the scenario and its related automation, Azure service principal assigned with the “Contributor” role is required. To create it, login to your Azure account run the below command (this can also be done in Azure Cloud Shell.

    az login
    az ad sp create-for-rbac -n "<Unique SP Name>" --role contributor
    

    For example:

    az ad sp create-for-rbac -n "http://AzureArcAppSvc" --role contributor
    

    Output should look like this:

    {
    "appId": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX",
    "displayName": "AzureArcAppSvc",
    "name": "http://AzureArcAppSvc",
    "password": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX",
    "tenant": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX"
    }
    

    Note: It is optional, but highly recommended, to scope the SP to a specific Azure subscription.

Automation Flow

For you to get familiar with the automation and deployment flow, below is an explanation.

  • User is editing the ARM template parameters file (1-time edit). These parameters values are being used throughout the deployment.

  • Main azuredeploy ARM template will initiate the deployment of the linked ARM templates:

    • clientVm - Deploys the client Windows VM. This is where all user interactions with the environment are made from.
    • logAnalytics - Deploys Azure Log Analytics workspace to support Azure Arc-enabled app services logs uploads.
  • User remotes into client Windows VM, which automatically kicks off the AppServicesLogonScript PowerShell script that deploy the AKS cluster and will configure Azure Arc-enabled app services Kubernetes environment on the AKS cluster.

    Note: Notice the AKS cluster will be deployed via the PowerShell script automation.

Deployment

As mentioned, this deployment will leverage ARM templates. You will deploy a single template that will initiate the entire automation for this scenario.

  • The deployment is using the ARM template parameters file. Before initiating the deployment, edit the azuredeploy.parameters.json file located in your local cloned repository folder. An example parameters file is located here.

    • sshRSAPublicKey - Your SSH public key
    • spnClientId - Your Azure service principal id
    • spnClientSecret - Your Azure service principal secret
    • spnTenantId - Your Azure tenant id
    • windowsAdminUsername - Client Windows VM Administrator name
    • windowsAdminPassword - Client Windows VM Password. Password must have 3 of the following: 1 lower case character, 1 upper case character, 1 number, and 1 special character. The value must be between 12 and 123 characters long.
    • myIpAddress - Your local public IP address. This is used to allow remote RDP and SSH connections to the client Windows VM and AKS cluster.
    • logAnalyticsWorkspaceName - Unique name for the deployment log analytics workspace.
    • kubernetesVersion - AKS version
    • dnsPrefix - AKS unique DNS prefix
    • deployAppService - Boolean that sets whether or not to deploy App Service plan and a Web App. For this scenario, we leave it set to false.
    • deployFunction - Boolean that sets whether or not to deploy App Service plan and an Azure Function application. For this scenario, we leave it set to true.
    • deployAPIMgmt - Boolean that sets whether or not to deploy a self-hosted Azure API Management gateway. For this scenario, we leave it set to false.
    • deployLogicApp - Boolean that sets whether or not to deploy App Service plan and an Azure Logic App. For this scenario, we leave it set to false.
    • templateBaseUrl - GitHub URL to the deployment template - filled in by default to point to Microsoft/Azure Arc repository, but you can point this to your forked repo as well.
    • adminEmail - an email address that will be used on the Azure API Management deployment to receive all system notifications.
  • To deploy the ARM template, navigate to the local cloned deployment folder and run the below command:

    az group create --name <Name of the Azure resource group> --location <Azure Region>
    az deployment group create \
    --resource-group <Name of the Azure resource group> \
    --name <The name of this deployment> \
    --template-uri https://raw.githubusercontent.com/microsoft/azure_arc/main/azure_arc_app_services_jumpstart/aks/arm_template/azuredeploy.json \
    --parameters <The *azuredeploy.parameters.json* parameters file location>
    

    Note: Make sure that you are using the same Azure resource group name as the one you’ve just used in the azuredeploy.parameters.json file

    For example:

    az group create --name Arc-AppSvc-Demo --location "East US"
    az deployment group create \
    --resource-group Arc-AppSvc-Demo \
    --name arcappsvc \
    --template-uri https://raw.githubusercontent.com/microsoft/azure_arc/main/azure_arc_app_services_jumpstart/aks/arm_template/azuredeploy.json \
    --parameters azuredeploy.parameters.json
    

    Note: The deployment time for this scenario can take ~5-10min

    Note: Since Azure Arc-enabled app services is currently in preview, deployment regions availability is limited to East US and West Europe.

  • Once Azure resources has been provisioned, you will be able to see it in Azure portal. At this point, the resource group should have 7 various Azure resources deployed.

    ARM template deployment completed

    New Azure resource group with all resources

Windows Login & Post Deployment

  • Now that first phase of the automation is completed, it is time to RDP to the client VM using it’s public IP.

    Client VM public IP

  • At first login, as mentioned in the “Automation Flow” section above, the AppServicesLogonScript PowerShell logon script will start it’s run.

  • Let the script to run its course and do not close the PowerShell session, this will be done for you once completed. Once the script will finish it’s run, the logon script PowerShell session will be closed, the Windows wallpaper will change and the Azure Function application will be deployed on the cluster and be ready to use.

    Note: As you will notices from the screenshots below, during the Azure Arc-enabled app services environment, the log-processor service pods will be restarted and will go through multiple Kubernetes pod lifecycle stages. This is normal and can safely be ignored. To learn more about the various Azure Arc-enabled app services Kubernetes components, visit the official Azure Docs page.

    PowerShell logon script run

    PowerShell logon script run

    PowerShell logon script run

    PowerShell logon script run

    PowerShell logon script run

    PowerShell logon script run

    PowerShell logon script run

    PowerShell logon script run

    PowerShell logon script run

    PowerShell logon script run

    PowerShell logon script run

    PowerShell logon script run

    PowerShell logon script run

    PowerShell logon script run

    PowerShell logon script run

    PowerShell logon script run

    PowerShell logon script run

    PowerShell logon script run

    PowerShell logon script run

    PowerShell logon script run

    PowerShell logon script run

    Once the script finishes it’s run, the logon script PowerShell session will be closed, the Windows wallpaper will change, and both the app service plan and the Azure Function application deployed on the cluster will be ready.

    Wallpaper change

  • Since this scenario is deploying both the app service plan and a sample Azure Function application, you will also notice additional, newly deployed Azure resources in the resources group. The important ones to notice are:

    • Azure Arc-enabled Kubernetes cluster - Azure Arc-enabled app services are using this resource to deploy the app services cluster extension, as well as using Azure Arc Custom locations.

    • Custom location - Provides a way for tenant administrators to use their Azure Arc-enabled Kubernetes clusters as a target location for deploying Azure services.

    • App Service Kubernetes Environment - The App Service Kubernetes environment resource is required before apps may be created. It enables configuration common to apps in the custom location, such as the default DNS suffix.

    • App Service plan - In App Service (Web Apps, API Apps, or Mobile Apps), an app always runs in an App Service plan. In addition, Azure Functions also has the option of running in an App Service plan. An App Service plan defines a set of compute resources for an Azure Function to run.

    • Azure Function - Azure Functions is a serverless solution that allows you to write less code, maintain less infrastructure, and save on costs.

    • Application Insights - Application Insights, a feature of Azure Monitor, is an extensible Application Performance Management (APM) service for developers and DevOps professionals. Use it to monitor your live applications.

    • Azure Storage Account - The storage account deployed in this scenario is used for hosting the queue storage where the Azure Function will be sending messages to that can be leveraged later in an application event-driven architecture.

    Additional Azure resources in the resource group

  • In this scenario, a sample Jumpstart Azure Function application was deployed. To open the deployed Function application in your web browser, simply click the Azure Function resource and the created URL.

    Azure Function URL

    Azure Function open in a web browser

  • To demonstrate the messaging queuing element and to show how messages are stored in the queue storage, the Azure Function deployment script also generates 10 sample messages. To view it, click on the newly created storage account and go to the “Queues” section where you will see the new queue and the stored messages.

    Azure Storage Account

    Azure storage queue

    Azure Function messages in storage queue

  • Alternatively, you can view the same queue storage using the Azure Storage Explorer client application installed automatically in the Client VM or using the Azure Storage Explorer portal-based view.

    Azure Storage Explorer client application storage queue

    Azure Storage Explorer portal-based view

    Azure Storage Explorer portal-based view storage queue

  • To generate your own messages using the Function application, use the Function invoke URL. As part of the deployment script, a funcUrl.txt text file located in the Client VM under C:\Temp folder that includes invoke URL was created for you. Copy the URL and open it in your web browser while adding the message text to it using the ?name=<Something> syntax, for example, ?name=Bilbo.

    funcUrl.txt file

    Invoke URL

    Invoke URL in web browser

  • Go back to the storage queue and see the new added message.

    New message in storage queue

  • As part of the deployment, an Application Insights instance was also provisioned to provide you with relevant performance and application telemetry.

    Application Insights instance

Cluster extensions

In this scenario, the Azure Arc-enabled app services cluster extension was deployed and used throughout this scenario in order to deploy the app services infrastructure.

  • In order to view cluster extensions, click on the Azure Arc-enabled Kubernetes resource Extensions settings.

    Azure Arc-enabled Kubernetes resource

    Azure Arc-enabled Kubernetes cluster extensions settings

Cleanup

  • If you want to delete the entire environment, simply delete the deployed resource group from the Azure portal.

    Delete Azure resource group