search

Azure / webapps-deploy

Enable GitHub developers to deploy to Azure WebApps using GitHub Actions
MIT License
275 stars 198 forks source link

Deploying Web Apps with Sidecar Containers #430

Open jscarle opened 4 months ago

jscarle commented 4 months ago

I've looked over all of the documentation available for sidecars: https://learn.microsoft.com/en-us/azure/app-service/tutorial-custom-container-sidecar

I cannot find any way to deploy a new image for Web Apps that are sidecar enabled. The closest I could find was this:

    - name: Deploy Azure WebApp to Staging
      uses: azure/webapps-deploy@v2
      with: 
        app-name: ${{ env.WEB_APP_NAME }} 
        images: ${{ env.ACR_LOGIN_SERVER }}/${{ env.CONTAINER_IMAGE_NAME }}:${{ github.sha }}
        slot-name: staging

But that's not valid for sidecar enabled Web Apps.

tulikac commented 4 months ago

Hi @jscarle - right now, we don't have a way to deploy sidecars with Github Actions. However, we are working on this and you should have the functionality in a few months.

In the meanwhile, you can deploy your app using an ARM template. Here is an example https://github.com/Azure-Samples/appservice-linux-sidecar/blob/main/nginx-sample/armtemplatemultictr.json

jscarle commented 4 months ago

For anyone else who comes across this issue and is looking for the same answer as I was, this is how you can update your existing Web App using a GitHub Action.

// update-deployment.yml

permissions:
  contents: read
  id-token: write

jobs:
  update-deployment:
    name: Update Deployment
    runs-on: ubuntu-latest
    steps:
      - name: Checkout source
        uses: actions/checkout@v4

      - name: Login to Azure
        uses: azure/login@v2
        with:
          creds: {credentials}

      - name: Deploy Azure Resource Manager template
        uses: azure/arm-deploy@v2
        with:
          deploymentName: {deployment}
          deploymentMode: Incremental
          scope: resourcegroup
          resourceGroupName: {resourcegroup}
          template: ./update-deployment.json
          parameters: webAppName={webAppName} mainImage={mainImage} sidecarA={sidecarA}

Replace the following placeholders with your values: {credentials} => The Azure Credentials JSON, see https://github.com/Azure/login {deployment} => Any name you can to give to your deployment, restricted to the same rules as a resource group name. update-app for example. {resourcegroup} => The name of the resource group that contains the Web App. {webAppName} => The name of the web app that you want to update. {mainImage} => The registry, image name, and tag you want to set the image to. contoso.azurecr.io/app/app-main:latest for example. {sidecarA} => The image you want for the first sidecar. The template is written with conditionals so all sidecars are optional. The maximum you can configure are 4 sidecars as per Azure limits.

This is the ARM template:

// update-deployment.json

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "webAppName": {
      "type": "string",
      "metadata": {
        "description": "The name of the Web App"
      }
    },
    "mainImage": {
      "type": "string",
      "metadata": {
        "description": "The main image to set"
      }
    },
    "sidecarAImage": {
      "type": "string",
      "metadata": {
        "description": "The first sidecar image to set"
      },
      "defaultValue": ""
    },
    "sidecarBImage": {
      "type": "string",
      "metadata": {
        "description": "The second sidecar image to set"
      },
      "defaultValue": ""
    },
    "sidecarCImage": {
      "type": "string",
      "metadata": {
        "description": "The third sidecar image to set"
      },
      "defaultValue": ""
    },
    "sidecarDImage": {
      "type": "string",
      "metadata": {
        "description": "The fourth sidecar image to set"
      },
      "defaultValue": ""
    }
  },
  "resources": [
    {
      "type": "Microsoft.Web/sites/sitecontainers",
      "apiVersion": "2023-12-01",
      "name": "[format('{0}/{1}', parameters('webAppName'), 'main')]",
      "properties": {
        "image": "[parameters('mainImage')]",
        "isMain": true
      }
    },
    {
      "condition": "[not(empty(parameters('sidecarAImage')))]",
      "type": "Microsoft.Web/sites/sitecontainers",
      "apiVersion": "2023-12-01",
      "name": "[format('{0}/{1}', parameters('webAppName'), 'sidecarA')]",
      "properties": {
        "image": "[parameters('sidecarAImage')]",
        "isMain": false
      }
    },
    {
      "condition": "[not(empty(parameters('sidecarBImage')))]",
      "type": "Microsoft.Web/sites/sitecontainers",
      "apiVersion": "2023-12-01",
      "name": "[format('{0}/{1}', parameters('webAppName'), 'sidecarB')]",
      "properties": {
        "image": "[parameters('sidecarBImage')]",
        "isMain": false
      }
    },
    {
      "condition": "[not(empty(parameters('sidecarCImage')))]",
      "type": "Microsoft.Web/sites/sitecontainers",
      "apiVersion": "2023-12-01",
      "name": "[format('{0}/{1}', parameters('webAppName'), 'sidecarC')]",
      "properties": {
        "image": "[parameters('sidecarCImage')]",
        "isMain": false
      }
    },
    {
      "condition": "[not(empty(parameters('sidecarDImage')))]",
      "type": "Microsoft.Web/sites/sitecontainers",
      "apiVersion": "2023-12-01",
      "name": "[format('{0}/{1}', parameters('webAppName'), 'sidecarD')]",
      "properties": {
        "image": "[parameters('sidecarDImage')]",
        "isMain": false
      }
    }
  ]
}
jamiemtdwyer commented 1 month ago

Thanks @jscarle, your comment was extremely helpful. I'm just left struggling with authentication to ACR now...

I've tried adding the following to the site container resource

"authType": "UserCredentials",
"userName": "[parameters('containerUser')'",
"passwordSecret": "[parameters('containerPassword')",

However, my container always fails to start with "ImagePullFailure". I'm passing the plaintext password as the containerPassword parameter, but perhaps this is not correct? I'm able to pull the image locally with no issues using these same credentials.

Anyone have any leads for this? Maintainers, I apologize for the off-topic nature of the comment but I'm not sure where else to seek support.

FWIW, I am referencing this documentation but it's not particularly descriptive.

jscarle commented 1 month ago

Thanks @jscarle, your comment was extremely helpful. I'm just left struggling with authentication to ACR now...

I've tried adding the following to the site container resource

"authType": "UserCredentials",
"userName": "[parameters('containerUser')'",
"passwordSecret": "[parameters('containerPassword')",

However, my container always fails to start with "ImagePullFailure". I'm passing the plaintext password as the containerPassword parameter, but perhaps this is not correct? I'm able to pull the image locally with no issues using these same credentials.

Anyone have any leads for this? Maintainers, I apologize for the off-topic nature of the comment but I'm not sure where else to seek support.

FWIW, I am referencing this documentation but it's not particularly descriptive.

I'm by no means a ARM template expert, so I wouldn't be able to help you with that. What I can say is that what I've done is setup the Web App with the initial images configured from ACR through the web portal so that the portal does all of the initial authorization and authentication setup for the web app. Once it's working in the portal, updating only the image names works correctly with the ARM template.

jamiemtdwyer commented 1 month ago

Thanks @jscarle, works like a charm!