search

LM-Development / aks-sample

Community project providing an undeprecated Microsoft Teams bot sample that runs on Azure Kubernetes Service
https://github.com/LM-Development/aks-sample/tree/main/Samples/PublicSamples/RecordingBot
MIT License
1 stars 0 forks source link

Azure App Service Deployment Issue. #62

Closed deshneni-akhil closed 2 weeks ago

deshneni-akhil commented 2 weeks ago

Describe the issue I am using this tutorial to build and deploy the RecordingBot service to Azure https://github.com/LM-Development/aks-sample/blob/main/Samples/PublicSamples/RecordingBot/docs/tutorials/deploy-tutorial.md

We have decided to use Azure App Service to deploy the ACR container, the container has been successfully integrated with APP service however when I look into endpoint I am receiving a 502 deep-diving into the code and executing entry point script I observe the following behavior.

Logs

$uts-callrecording-b@1BDE_UTS-CALLRE C:\bot>entrypoint.cmd
Setup: Starting VC_redist
Setup: Converting certificate
Could not open file or uri for loading private key from -inkey file from C:\certs\tls.key
3C090000:error:80000002:system library:file_open:No such file or directory:providers\implementations\storemgmt\file_store.c:267:calling stat(C:\certs\tls.key)
3C090000:error:1608010C:STORE routines:inner_loader_fetch:unsupported:crypto\store\store_meth.c:353:No store loader found. For standard store loaders you need at least one of the default or base providers available. Did you forget to load them? Info: Global default library context, Scheme (C : 0), Properties (<null>)
Setup: Installing certificate
CertUtil: -importPFX command FAILED: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND)
CertUtil: The system cannot find the file specified.
Could Not Find C:\bot\certificate.pfx
Setup: Deleting bindings
Setup: Adding bindings
The parameter is incorrect.

Additional context

I am not able to execute the 5th step in the document https://github.com/LM-Development/aks-sample/blob/main/Samples/PublicSamples/RecordingBot/docs/tutorials/deploy/5-helm.md where it involves using helm and kubectl to deploy the certificate to AKS. I am looking for an approach where I can upload the custom certificate(.ppk) file from local environment via docker essentially looking for a path to bypass the 5th step to resolve the above issue.

Using certbot I have obtained .ppk file for custom domain

Custom domain points to Azure Web App domain

Please let me know your thoughts on how I can resolve this issue any help is appreciated.

1fabi0 commented 2 weeks ago

The sample needs an additional TCP port for ingoing Traffic. This means the whole sample does not work in an Azure App Service, so if you somehow to manage to embed the certificate in you're container or load the certificate from an external source like an Azure Key Vault. You will fail at the startup of the container or when trying to do calls as the Media Platform will try to establish a TCP connection with you're bot which the Azure App Service won't allow and Won't let you configure. It's more likely that you can run the recording bot as an Azure Container Instance. I think Azure Container Apps also only allows HTTP/HTTPS traffic to the containers.

Closing this as the desired deployment is not possible and the tutorial is explicitly made for working with AKS.