Sven Malvik 
Azure App Configuration is great for externalizing application configurations. But what if an application is our infrastructure? How could we dynamically update our infrastructure based on a change in Azure App Configuration? To give you an idea of what I have in mind … At Vipps we have two AKS clusters. Only one cluster is active at any given time. We use the second cluster to test AKS upgrades. In front of AKS is Azure API Management that can route traffic to AKS-blue or AKS-green. The information of what cluster is active and what is inactive can be stored in Azure App Configuration, and then being send to API Management that uses the value in a policy. In this post, I will show how to automate a switch from one AKS cluster to another cluster with Azure Event Grid. This scenario was a study that i did to find out how to use Azure App Configuration for an Event-Driven Infrastructure.
Agenda
- Overview
- Deploy App Configuration
- Deploy API Management
- Deploy Azure Automation
- Create Event Subscription
- Testing
- Resources
Overview
Before we start, I will give a high-level overview of the event flow between the services I used. The data of what cluster is active is stored in Azure App Configuration. Whenever I change this value, meaning I set the other AKS cluster as active, a change event is published to Azure Event Grid. Azure Automation subscribes to Event Grid and triggers an update in Azure API Management that routes the traffic to either AKS-blue or AKS-green. More information about Policies in Azure API Management in a previous post.
Event flow diagram of how Azure App Configuration events trigger Azure API Management deployments
Deploy Azure App Configuration
We can deploy an instance of Azure App Configuration Service from Azure Cloud Shell with Azure CLI. To do so we select Bash as shown below.
Azure Cloud Shell for Bash
Before we start, we have to make sure that we are in the correct subscription.
# Make sure you are in the correct subscription
az account show
# Eventually switch the current subscription
az account set --subscription "YOUR-SUBSCRIPTION"
We can now deploy a new instance of Azure App Configuration Service.
Complete list of all Azure CLI commands for Azure App Configuration
# We'll put our resources into a new resource group.
az group create --name "appc2apim-rg" --location "westeurope"
# You can have one Free instance per subscription
az appconfig create --name "appc2apim-appc" --location "westeurope" --resource-group "appc2apim-rg" --sku free
Deploy Azure API Management
To deploy an instance of Azure API Management we use PowerShell from within Cloud Shell. You can easily switch from Bash to PowerShell:
Azure Cloud Shell Bash and PowerShell
Now run the following command to create an instance of Azure API Management. This will take about 2 minutes.
New-AzApiManagement -ResourceGroupName "appc2apim-rg" -Name "appc2apim-apim-service" -Location "westeurope" -Organization "<ORGANIZATION>" -AdminEmail "<YOUR_EMAIL" --Sku "Consumption"
Deploy Azure Automation
Now that we have Azure App Configuration and Azure API Management in place, we need to tie them together. First, we create an Azure Automation Account.
Create Azure Automation Account
We give it a name, subscription, a resource group. We also create a service principle.
Configure Azure Automation Account
We can see that a service principle was created.
Azure Automation Account Service Principle
Create Runbook
When we first created our Automation Account, we will notice that we got three runbooks that we could use to get started. You can chose to delete those like I did.
Default Runbooks
Then I created a runbook with type PowerShell. This will be empty and we will write the code for it later.
Create Runbook
Importing Az modules into Azure Automation Account
We need the Az.ApiManagement PowerShell Module to update named values in API Management. The named value that we are going to update is a key/value pair telling about what AKS cluster currently is active. We’ll get this from Azure App Configuration.
Az.ApiManagement PowerShell Module
Click import to make this module available.
Importing Az.ApiManagement PowerShell Module
We also need the Az.AppConfiguration PowerShell Module to read the key/value pair that is telling about the active cluster.
Az.AppConfiguration PowerShell Module
At this time the Az.AppConfiguration PowerShell Module does not provide a Get--function to read configurations from Azure App Configuration. This is of course a problem and requires to use the REST interface of App Configuration instead.
Az.AppConfiguration Functions Available
Create Webhook
To be able to trigger this runbook, we need a webhook that Azure Event Grid can request.
Create Webhook in Runbook
What we then get is a URL that we need to copy immediately and save somewhere. We will need it in the next section where we create an event subscription.
URL in Webhook in Runbook
Deploy named value to Azure API Management
Now we will deploy a random value as named value to Azure API Management from our runbook. Copy the code into your runbook and test it. update-apim-nv-from-runbook.ps1
Read from Azure App Configuration
As mentioned previously, Az.AppConfiguration PowerShell Module does not provide a Get--function to read configurations from Azure App Configuration yet. This requires from us to use the REST interface of App Configuration instead. In a previous post, I write about how to use Postman to read from Azure App Configuration. As we are using PowerShell in our runbook, we would need to convert the code from Javascript to PowerShell. Take a look at the code for reading a key/value from Azure App Configuration that came in as a parameter in powershell and update the same named value in Azure API Management.
Create Event Subscription
The only service we are missing is an Event Subscription in Azure Event Grid. One way of creating it is from our Azure App Configuration service.
Create Event Subscription in Azure App Configuration
We need now the Webhook URL from the previous section that you need to set as the endpoint. In addition you will set a name for the topic.
Configuring Event Subscription
Testing
We create a named value in Azure API Management that we want to be updated.
Named Value in Azure API Management
We create a key/value pair that will triggers an event.
Key in Azure App Configuration
We see now a new job in the Runbook queue.
Runbook Job in Queue
Short time later, we see that the named value in Azure API Management was updated with the current time.
Updated Named Value in Azure API Management
Looking at the details of the event, we see our key from Azure App Configuration that triggered the chain.
Input Event to Runbook
Next Step
We saw that we can keep infrastructure configurations in Azure App Configuration. A change will trigger an event which will then execute a Runbook. As a runbook just runs code, and we can implement whatever we want, we can re-configure whatever we want, also infrastructure-as in our case. Azure App Configuration is a quit new service, and it doesn’t provide a complete list of functions at the time of this writing. This means me need to call the REST interface of Azure App Configuration instead.
