From 80ca5159ed9c10f0800b87c1e59b566a5dd2ef17 Mon Sep 17 00:00:00 2001 From: Tiago Alves Macambira Date: Fri, 12 Jan 2024 15:23:40 -0800 Subject: [PATCH] Replace CosmosDB with PostgreSQL in ACA Longhaul (#216) * Removed CosmoDB as dependency. Its transactional support isn't great and we were having issues with it: ``` 2024-01-10T23:08:04.892494542Z time="2024-01-10T23:08:04.892429945Z" level=error msg="Transaction failed due to operation 0 which failed with status code 400" app_id=hashtag-actor component="statestore (state.azure.cosmosdb/v1)" instance=hashtag-actor--vo723vq-56bf46647c-c7v55 scope=dapr.contrib type=log ver=1.11.6 2024-01-10T23:08:04.892663298Z time="2024-01-10T23:08:04.892450433Z" level=debug msg="{ERR_ACTOR_STATE_TRANSACTION_SAVE error saving actor transaction state: transaction failed due to operation 0 which failed with status code 400}" app_id=hashtag-actor instance=hashtag-actor--vo723vq-56bf46647c-c7v55 scope=dapr.runtime.http type=log ver=1.11.6 ``` * Simplified dependency lists * Removed external network from applications -- there's no need to have them exposed to the public internet. * Make resource-names more subscription-dependent, so we can run multiple instances of the same application in different resource groups in the same subscription. Signed-off-by: Tiago Alves Macambira --- deploy/aks/services/postgresql.bicep | 3 +- deploy/containerapps/README.md | 2 +- deploy/containerapps/apps/hashtag-actor.bicep | 2 +- .../containerapps/apps/hashtag-counter.bicep | 2 +- .../containerapps/apps/message-analyzer.bicep | 2 +- .../containerapps/apps/pubsub-workflow.bicep | 2 +- deploy/containerapps/apps/snapshot.bicep | 2 +- .../apps/validation-worker.bicep | 2 +- deploy/containerapps/azure/cosmos.bicep | 2 +- deploy/containerapps/azure/environment.bicep | 2 +- deploy/containerapps/azure/servicebus.bicep | 2 +- .../azure/storage-services.bicep | 2 +- .../statestore-postgresql.bicep | 40 ++++++++++++++++ .../daprComponents/statestore.bicep | 2 +- deploy/containerapps/main.bicep | 47 ++++++++++--------- 15 files changed, 78 insertions(+), 36 deletions(-) create mode 100644 deploy/containerapps/daprComponents/statestore-postgresql.bicep diff --git a/deploy/aks/services/postgresql.bicep b/deploy/aks/services/postgresql.bicep index cbf01835..e5d51474 100644 --- a/deploy/aks/services/postgresql.bicep +++ b/deploy/aks/services/postgresql.bicep @@ -16,7 +16,6 @@ param administratorLoginPassword string = 'pgpass-${uniqueString(resourceGroup() @description('Azure database for PostgreSQL pricing tier') @allowed([ 'Burstable' - 'Basic' 'GeneralPurpose' 'MemoryOptimized' ]) @@ -124,7 +123,7 @@ resource server 'Microsoft.DBforPostgreSQL/flexibleServers@2022-12-01' = { // AAD support requires Dapr 1.12.0 or later resource addAddUser 'Microsoft.DBforPostgreSQL/flexibleServers/administrators@2022-12-01' = { parent: server - name: '${aadAdminObjectid}' + name: aadAdminObjectid dependsOn: [ server ] diff --git a/deploy/containerapps/README.md b/deploy/containerapps/README.md index ae4ebe77..5ec32879 100644 --- a/deploy/containerapps/README.md +++ b/deploy/containerapps/README.md @@ -11,5 +11,5 @@ az group create -n $RESOURCE_GROUP -l $LOCATION ### Deploy via Deployment Groups and Bicep ```bash -az deployment group create -g $RESOURCE_GROUP -f ./deploy/main.bicep +az deployment group create -g $RESOURCE_GROUP -f ./deploy/containerapps/main.bicep ``` \ No newline at end of file diff --git a/deploy/containerapps/apps/hashtag-actor.bicep b/deploy/containerapps/apps/hashtag-actor.bicep index 6ffcbcfe..1e87cfd8 100644 --- a/deploy/containerapps/apps/hashtag-actor.bicep +++ b/deploy/containerapps/apps/hashtag-actor.bicep @@ -26,7 +26,7 @@ resource hashtagActor 'Microsoft.App/containerApps@2022-03-01' = { } configuration: { ingress: { - external: true + external: false targetPort: containerPort } dapr: { diff --git a/deploy/containerapps/apps/hashtag-counter.bicep b/deploy/containerapps/apps/hashtag-counter.bicep index 54154e5f..eb6d49d9 100644 --- a/deploy/containerapps/apps/hashtag-counter.bicep +++ b/deploy/containerapps/apps/hashtag-counter.bicep @@ -26,7 +26,7 @@ resource hashtagCounter 'Microsoft.App/containerApps@2022-03-01' = { } configuration: { ingress: { - external: true + external: false targetPort: containerPort } dapr: { diff --git a/deploy/containerapps/apps/message-analyzer.bicep b/deploy/containerapps/apps/message-analyzer.bicep index f4db092f..746638ef 100644 --- a/deploy/containerapps/apps/message-analyzer.bicep +++ b/deploy/containerapps/apps/message-analyzer.bicep @@ -26,7 +26,7 @@ resource messageAnalyzer 'Microsoft.App/containerApps@2022-03-01' = { } configuration: { ingress: { - external: true + external: false targetPort: containerPort } dapr: { diff --git a/deploy/containerapps/apps/pubsub-workflow.bicep b/deploy/containerapps/apps/pubsub-workflow.bicep index b34eb142..5148c55c 100644 --- a/deploy/containerapps/apps/pubsub-workflow.bicep +++ b/deploy/containerapps/apps/pubsub-workflow.bicep @@ -26,7 +26,7 @@ resource pubsubWorkflow 'Microsoft.App/containerApps@2022-03-01' = { } configuration: { ingress: { - external: true + external: false targetPort: containerPort } dapr: { diff --git a/deploy/containerapps/apps/snapshot.bicep b/deploy/containerapps/apps/snapshot.bicep index b9356c3d..79f5ec5d 100644 --- a/deploy/containerapps/apps/snapshot.bicep +++ b/deploy/containerapps/apps/snapshot.bicep @@ -32,7 +32,7 @@ resource snapshot 'Microsoft.App/containerApps@2022-03-01' = { } configuration: { ingress: { - external: true + external: false targetPort: containerPort } dapr: { diff --git a/deploy/containerapps/apps/validation-worker.bicep b/deploy/containerapps/apps/validation-worker.bicep index e2464bc9..bbd9754b 100644 --- a/deploy/containerapps/apps/validation-worker.bicep +++ b/deploy/containerapps/apps/validation-worker.bicep @@ -32,7 +32,7 @@ resource validationWorkflow 'Microsoft.App/containerApps@2022-03-01' = { } configuration: { ingress: { - external: true + external: false targetPort: containerPort } dapr: { diff --git a/deploy/containerapps/azure/cosmos.bicep b/deploy/containerapps/azure/cosmos.bicep index 48e9ed79..6ff3eab8 100644 --- a/deploy/containerapps/azure/cosmos.bicep +++ b/deploy/containerapps/azure/cosmos.bicep @@ -1,4 +1,4 @@ -param cosmosAccountName string = 'dapr-longhaul-cosmosdb' +param cosmosAccountName string = toLower('cosmosdb${uniqueString(resourceGroup().id)}') param cosmosDatabaseName string = 'longhauldb' param cosmosContainerName string = 'longhaulcontainer' param location string diff --git a/deploy/containerapps/azure/environment.bicep b/deploy/containerapps/azure/environment.bicep index f4c0f804..51a923d7 100644 --- a/deploy/containerapps/azure/environment.bicep +++ b/deploy/containerapps/azure/environment.bicep @@ -1,4 +1,4 @@ -param environmentName string = 'dapr-longhaul-env' +param environmentName string = toLower('dapr-env-${uniqueString(resourceGroup().id)}') param appInsightsName string = '${environmentName}-ai' param logAnalyticsWorkspaceName string = '${environmentName}-la' param location string diff --git a/deploy/containerapps/azure/servicebus.bicep b/deploy/containerapps/azure/servicebus.bicep index fe812e61..e3a70f7a 100644 --- a/deploy/containerapps/azure/servicebus.bicep +++ b/deploy/containerapps/azure/servicebus.bicep @@ -1,4 +1,4 @@ -param serviceBusNamespace string = 'dapr-longhaul-capps-servicebus' +param serviceBusNamespace string = toLower('servicebus${uniqueString(resourceGroup().id)}') param location string resource servicebus 'Microsoft.ServiceBus/namespaces@2021-11-01' = { diff --git a/deploy/containerapps/azure/storage-services.bicep b/deploy/containerapps/azure/storage-services.bicep index a5ebde8b..2560bfe4 100644 --- a/deploy/containerapps/azure/storage-services.bicep +++ b/deploy/containerapps/azure/storage-services.bicep @@ -1,5 +1,5 @@ param location string -param accountName string = 'testlonghaulstorage' +param accountName string = toLower('storage${uniqueString(resourceGroup().id)}') // Storage account and associated services. diff --git a/deploy/containerapps/daprComponents/statestore-postgresql.bicep b/deploy/containerapps/daprComponents/statestore-postgresql.bicep new file mode 100644 index 00000000..99a62a0a --- /dev/null +++ b/deploy/containerapps/daprComponents/statestore-postgresql.bicep @@ -0,0 +1,40 @@ + +param environmentName string + +@secure() +param connectionString string + +param componentName string = 'statestore' + +resource environment 'Microsoft.App/managedEnvironments@2022-03-01' existing = { + name: environmentName +} + +resource stateDaprComponent 'Microsoft.App/managedEnvironments/daprComponents@2022-03-01' = { + name: componentName + parent: environment + properties: { + componentType: 'state.postgresql' + version: 'v1' + secrets: [ + { + name: 'secretconnectionstring' + value: connectionString + } + ] + metadata: [ + { + name: 'connectionString' + secretRef: 'secretconnectionstring' + } + { + name: 'actorStateStore' + value: 'true' + } + ] + scopes: [ + 'hashtag-actor' + 'snapshot' + ] + } +} diff --git a/deploy/containerapps/daprComponents/statestore.bicep b/deploy/containerapps/daprComponents/statestore.bicep index 1821e52d..a9f6c8ee 100644 --- a/deploy/containerapps/daprComponents/statestore.bicep +++ b/deploy/containerapps/daprComponents/statestore.bicep @@ -1,4 +1,4 @@ -param componentName string = 'statestore' +param componentName string = 'statestore-cosmos' param environmentName string param databaseName string param collectionName string diff --git a/deploy/containerapps/main.bicep b/deploy/containerapps/main.bicep index 766b8dd2..655845f3 100644 --- a/deploy/containerapps/main.bicep +++ b/deploy/containerapps/main.bicep @@ -1,7 +1,21 @@ // Global parameters param location string = resourceGroup().location +@description('The unique discriminator of the solution. This is used to ensure that resource names are unique.') +@minLength(3) +@maxLength(16) +param solutionName string = uniqueString(resourceGroup().id) + +param identityName string = '${solutionName}-identity' + // === Azure Setup === + +// Identity - Not a module so we can reference the resource below. +resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = { + name: identityName + location: location +} + // Container Apps Environment module environment 'azure/environment.bicep' = { name: '${deployment().name}--environment' @@ -18,11 +32,15 @@ module storageServices 'azure/storage-services.bicep' = { } } -// CosmosDB -module cosmos 'azure/cosmos.bicep' = { - name: '${deployment().name}--cosmos' +// PostgreSQL +module postgresql '../aks/services/postgresql.bicep' = { + name: '${deployment().name}--postgresql' params: { + solutionName: solutionName location: location + allowAzureIPsFirewall: true + aadAdminName: managedIdentity.name + aadAdminObjectid: managedIdentity.properties.principalId } } @@ -36,17 +54,15 @@ module servicebus 'azure/servicebus.bicep' = { // === Component Setup === // Statestore (actors) component -module statestore 'daprComponents/statestore.bicep' = { +module statestore 'daprComponents/statestore-postgresql.bicep' = { name: '${deployment().name}--statestore-component' dependsOn: [ - cosmos + postgresql environment ] params: { environmentName: environment.outputs.environmentName - cosmosAccountName: cosmos.outputs.cosmosAccountName - databaseName: cosmos.outputs.cosmosDatabaseName - collectionName: cosmos.outputs.cosmosContainerName + connectionString: postgresql.outputs.connectionString } } @@ -80,8 +96,6 @@ module binding 'daprComponents/storagebinding.bicep' = { module pubsubWorkflow 'apps/pubsub-workflow.bicep' = { name: '${deployment().name}--pubsub-workflow' dependsOn: [ - environment - servicebus pubsub ] params: { @@ -93,8 +107,6 @@ module pubsubWorkflow 'apps/pubsub-workflow.bicep' = { module feedGenerator 'apps/feed-generator.bicep' = { name: '${deployment().name}--feed-generator' dependsOn: [ - environment - servicebus pubsub ] params: { @@ -106,8 +118,6 @@ module feedGenerator 'apps/feed-generator.bicep' = { module hashtagActor 'apps/hashtag-actor.bicep' = { name: '${deployment().name}--hashtag-actor' dependsOn: [ - environment - cosmos statestore ] params: { @@ -119,9 +129,8 @@ module hashtagActor 'apps/hashtag-actor.bicep' = { module hashtagCounter 'apps/hashtag-counter.bicep' = { name: '${deployment().name}--hashtag-counter' dependsOn: [ - environment - storageServices binding + hashtagActor ] params: { environmentName: environment.outputs.environmentName @@ -132,9 +141,6 @@ module hashtagCounter 'apps/hashtag-counter.bicep' = { module messageAnalyzer 'apps/message-analyzer.bicep' = { name: '${deployment().name}--message-analyzer' dependsOn: [ - environment - servicebus - storageServices binding pubsub ] @@ -147,8 +153,6 @@ module messageAnalyzer 'apps/message-analyzer.bicep' = { module snapshot 'apps/snapshot.bicep' = { name: '${deployment().name}--snapshot' dependsOn: [ - environment - cosmos statestore ] params: { @@ -160,7 +164,6 @@ module snapshot 'apps/snapshot.bicep' = { module validationWorker 'apps/validation-worker.bicep' = { name: '${deployment().name}--validation-worker' dependsOn: [ - environment snapshot ] params: {