question

CezaryKlus-3549 avatar image
0 Votes"
CezaryKlus-3549 asked CezaryKlus-3549 commented

Azure Managed Application - reliable way to deploy .NET code to Azure Function

Wonder if anyone can share production experiences regarding safe and reliable way of deploying code to Azure Function (Linux Consumption Plan) within the Azure Managed Application. I've found an official sample here that uses WEBSITE_RUN_FROM_PACKAGE setting pointing to the staging storage of the Managed Application based on

 deployment().properties.templateLink.uri

Is that storage:

  1. Secure? By this example absolutely not - it is based on public access as there is no SAS token added. How to achieve SAS token security - lifetime should be maxed out?

  2. Persistent? Other words - not ephemeral that will be ultimately deleted.

ZipDeploy from the application definition artifacts is not an option as it is not supported on Linux Consumption plans. Neither MSDeploy of course.

Thanks





azure-managed-applications
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

EvanHissey avatar image
0 Votes"
EvanHissey answered CezaryKlus-3549 commented

  1. There is no authentication that can be added here. This storage is meant for referencing additional material needed to complete a deployment or soon after post-deployment.

  2. I don't recall the exact timeline for the package, but the storage is not long-term. Should an app need components long term, they should be moved to a deployed blob container in the app that will persist and could be referenced later.

· 3
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

CezaryKlus-3549 avatar image CezaryKlus-3549 ·

HI @EvanHissey thanks for the feedback. Then from what you wrote the official sample is misleading: https://github.com/microsoft/commercial-marketplace-ama-metering-accelerator/tree/main/function/ama-custom-billing-msi-trigger-with-request-body
It suggests referencing the function app code from that ephemeral storage.

Can you elaborate a bit more on how to achieve "should be moved to a deployed blob container in the app" in the ARM template?
Say we have managed application definition:
1. mainTemplate.json
2. artficats folder
- funcapp.zip

What is the exact procedure to make the Azure Function App (Linux consumption plan) in the managed resource group be ran from funcapp.zip? I don't know about any ARM feature that allows moving data?



0 Votes 0 ·
EvanHissey avatar image EvanHissey CezaryKlus-3549 ·

The sample references the storage for a brief amount of time, just to deploy the function. This use case is valid and normal behaviour. It's the idea of using that storage long term, like months, that I would not recommend. The function that is deployed will be the long standing way of achieving their scenario.

If there was a script that you would want stored in a blob instead of a function, you could always utilize a deployment script: https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/deployment-script-template

The script could depend on the storage account resource deployed before it, then you move the stored zip contents to the storage account's blob. I'm not giving a specific recommendation here, but just the fact that it's possible.

0 Votes 0 ·
CezaryKlus-3549 avatar image CezaryKlus-3549 EvanHissey ·

Hi @EvanHissey thanks for the hint regarding deployment scripts. I thought it requires spawning a VM, but the help article proves it is quite self-contained. This is what we may excersise.

But regarding the sample can, since you stated that the example is valid. When we follow it and set

                     {
                         "name": "WEBSITE_RUN_FROM_PACKAGE",
                         "value": "[variables('artifacts')]"
                     },

                    "artifacts":   "[uri(deployment().properties.templateLink.uri, 'artifacts/functionpackage.zip')]"

would this work for Linux Consumption long-term? Or is this just windows plan that effectively unpacks this ZIP into the Function App storage? Or things are notworking this way and WEBSITE_RUN_FROM_PACKAGE pointing to a URL would need the resource under URL exists permanently?

0 Votes 0 ·