在 Azure 上重建內部部署應用程式Rebuild an on-premises app on Azure

本文示範虛構公司 Contoso 如何在移轉至 Azure 的過程中,重建在 VMware VM 上執行的兩層式 Windows .NET 應用程式。This article demonstrates how the fictional company Contoso rebuilds a two-tier Windows .NET app running on VMware VMs as part of a migration to Azure. Contoso 會將應用程式的前端 VM 遷移至 Azure App Service Web 應用程式。Contoso migrates the app's front-end VM to an Azure App Service web app. 應用程式後端的建置,則是使用 Azure Kubernetes Service (AKS) 所管理容器中部署的微服務來進行。The app back end is built using microservices deployed to containers managed by Azure Kubernetes Service (AKS). 網站會與 Azure Functions 互動以提供寵物相片功能。The site interacts with Azure Functions to provide pet photo functionality.

此範例中使用的 SmartHotel360 應用程式以開放原始碼的形式提供。The SmartHotel360 app used in this example is provided as open source. 如果想將它用於自己的測試目的,您可以從 github 進行下載。If you'd like to use it for your own testing purposes, you can download it from GitHub.

商業動機Business drivers

IT 領導小組與商務合作夥伴密切合作,以了解此次移轉所要實現的目標:The IT leadership team has worked closely with business partners to understand what they want to achieve with this migration:

  • 因應業務成長。Address business growth. Contoso 正在成長,而想要為 Contoso 網站上的客戶提供差異化的體驗。Contoso is growing, and wants to provide differentiated experiences for customers on Contoso websites.
  • 變得敏捷。Be agile. Contoso 的因應速度必須能夠領先市場變化,才能在全球經濟中獲致成功。Contoso must be able to react faster than the changes in the marketplace, to enable the success in a global economy.
  • 調整。Scale. 隨著企業順利成長,Contoso IT 小組必須提供能夠以相同步調成長的系統。As the business grows successfully, the Contoso IT team must provide systems that can grow at the same pace.
  • 降低成本。Reduce costs. Contoso 想要將授權費用降至最低。Contoso wants to minimize licensing costs.

移轉目標Migration goals

Contoso 雲端小組已針對此次移轉擬定好各項應用程式需求。The Contoso cloud team has pinned down app requirements for this migration. 這些需求已用來判斷最合適的移轉方法:These requirements were used to determine the best migration method:

  • Azure 中的應用程式仍然與現在一樣重要。The app in Azure is still as critical as it is today. 其應該妥善執行並可輕鬆調整。It should perform well and scale easily.
  • 應用程式不應使用 IaaS 元件。The app shouldn't use IaaS components. 所有項目皆應建置為使用 PaaS 或無伺服器服務。Everything should be built to use PaaS or serverless services.
  • 應用程式組建應該在雲端服務中執行,且容器應該位於雲端中的全企業私人容器登錄中。The app builds should run in cloud services, and containers should reside in a private Enterprise-wide container registry in the cloud.
  • 其旅館必須接受應用程式所做的決策,所以用於寵物相片的 API 服務在真實世界中應該要準確可靠。The API service used for pet photos should be accurate and reliable in the real world, since decisions made by the app must be honored in their hotels. 任何獲准進入的寵物都可以留在旅館內。Any pet granted access is allowed to stay at the hotels.
  • 為了滿足 DevOps 管線的需求,Contoso 會使用 Azure DevOps 搭配 Git 存放庫來進行原始程式碼管理 (SCM)。To meet requirements for a DevOps pipeline, Contoso will use Azure DevOps for source code management (SCM), with Git Repos. 他們將使用自動化建置和發行來建置程式碼,並將其部署至 Azure App Service、Azure Functions 及 AKS。Automated builds and releases will be used to build code and deploy to Azure App Service, Azure Functions, and AKS.
  • 後端上的微服務與前端上的網站需要不同的 CI/CD 管線。Different CI/CD pipelines are needed for microservices on the back end, and for the web site on the front end.
  • 後端服務的發行週期與前端 Web 應用程式不同。The back-end services have a different release cycle from the front-end web app. 為了符合此需求,他們會部署兩個不同的管線。To meet this requirement, they will deploy two different pipelines.
  • Contoso 需要管理部門核准才能進行所有前端網站部署,因此 CI/CD 管線必須提供此功能。Contoso needs management approval for all front-end website deployment, and the CI/CD pipeline must provide this.

解決方案設計Solution design

擬定好目標和需求之後,Contoso 會設計和檢閱部署解決方案,並識別移轉程序,包括將用於移轉的 Azure 服務。After pinning down goals and requirements, Contoso designs and review a deployment solution, and identifies the migration process, including the Azure services that will be used for the migration.

目前的應用程式Current app

  • SmartHotel360 內部部署應用程式會分層至兩個 VM (WEBVM 和 SQLVM)。The SmartHotel360 on-premises app is tiered across two VMs (WEBVM and SQLVM).
  • 這些 VM 位於 VMware ESXi 主機 contosohost1.contoso.com (6.5 版)The VMs are located on VMware ESXi host contosohost1.contoso.com (version 6.5)
  • VMware 環境是由 VM 上執行的 vCenter Server 6.5 (vcenter.contoso.com) 進行管理。The VMware environment is managed by vCenter Server 6.5 (vcenter.contoso.com), running on a VM.
  • Contoso 有內部部署資料中心 (contoso-datacenter) 以及內部部署網域控制站 (contosodc1)。Contoso has an on-premises datacenter (contoso-datacenter), with an on-premises domain controller (contosodc1).
  • 移轉完成之後,將會解除委任 Contoso 資料中心的內部部署 VM。The on-premises VMs in the Contoso datacenter will be decommissioned after the migration is done.

建議的架構Proposed architecture

  • 應用程式的前端會部署為主要 Azure 區域中的 Azure App Service web 應用程式。The front end of the app is deployed as an Azure App Service web app in the primary Azure region.

  • Azure 函式提供寵物相片上傳功能,而網站則與此功能互動。An Azure function provides uploads of pet photos, and the site interacts with this functionality.

  • 寵物相片函式會使用 Azure 認知服務視覺 API 和 CosmosDB。The pet photo function uses the Azure Cognitive Services Vision API and Cosmos DB.

  • 網站的後端會使用微服務來建置。The back end of the site is built using microservices. 這些微服務會部署到 Azure Kubernetes Service (AKS) 上所管理的容器。These will be deployed to containers managed on the Azure Kubernetes service (AKS).

  • 建置容器時將使用 Azure DevOps 來建置,並推送至 Azure Container Registry (ACR)。Containers will be built using Azure DevOps, and pushed to the Azure Container Registry (ACR).

  • 目前,Contoso 會使用 Visual Studio 來手動部署 Web 應用程式和函式程式碼。For now, Contoso will manually deploy the web app and function code using Visual Studio.

  • 微服務會使用 PowerShell 指令碼,呼叫 Kubernetes 命令列工具來進行部署。Microservices will be deployed using a PowerShell script that calls Kubernetes command-line tools.

    案例架構

解決方案檢閱Solution review

Contoso 會透過比較一份優缺點清單,來評估建議設計。Contoso evaluates the proposed design by putting together a pros and cons list.

考量Consideration 詳細資料Details
優點Pros 使用 PaaS 和無伺服器解決方案來進行端對端部署可大幅減少 Contoso 必須提供的管理時間。Using PaaS and serverless solutions for the end-to-end deployment significantly reduces management time that Contoso must provide.

移至微服務架構可讓 Contoso 在一段時間內輕鬆擴充解決方案。Moving to a microservices architecture allows Contoso to easily extend the solution over time.

在將新功能上線時,不必中斷任何現有的解決方案程式碼基底。New functionality can be brought online without disrupting any of the existing solutions code bases.

Web 應用程式會設定為配有多個執行個體,所以不會有單一失敗點。The web app will be configured with multiple instances with no single point of failure.

會啟用自動調整功能,讓應用程式能夠處理不同的流量。Autoscaling will be enabled so that the app can handle differing traffic volumes.

移往 PaaS 服務後,Contoso 可以淘汰在 Windows Server 2008 R2 作業系統上執行的過時解決方案。With the move to PaaS services, Contoso can retire out-of-date solutions running on Windows Server 2008 R2 operating system.

CosmosDB 有內建容錯能力,Contoso 不必進行設定。Cosmos DB has built-in fault tolerance, which requires no configuration by Contoso. 這表示資料層不再是單一的容錯移轉點。This means that the data tier is no longer a single point of failover.
缺點Cons 容器比其他移轉選項複雜得多。Containers are more complex than other migration options. 其學習曲線可能會是 Contoso 的難題。The learning curve could be an issue for Contoso. 儘管有學習曲線的問題,但容器帶來了新的複雜度等級,而可提供許多價值。They introduce a new level of complexity that provides a lot of value in spite of the curve.

Contoso 的營運團隊必須提升能力,以針對應用程式來了解和支援 Azure、容器及微服務。The operations team at Contoso needs to ramp up to understand and support Azure, containers and microservices for the app.

Contoso 尚未針對整個解決方案完全實作 DevOps。Contoso hasn't fully implemented DevOps for the entire solution. Contoso 必須在將服務部署至 AKS、Azure Functions 及 Azure App Service 時,考慮到這一點。Contoso needs to consider that for the deployment of services to AKS, Azure Functions, and Azure App Service.

移轉程序Migration process

  1. Contoso 會佈建 ACR、AKS 和 Cosmos DB。Contoso provision the ACR, AKS, and Cosmos DB.

  2. 其會佈建基礎結構以供部署使用,包括 Azure App Service Web 應用程式、儲存體帳戶、函式和 API。They provision the infrastructure for the deployment, including Azure App Service web app, storage account, function, and API.

  3. 在備妥基礎結構之後,他們將使用 Azure DevOps 來建置其微服務容器映像,以將映像推送至 ACR。After the infrastructure is in place, they'll build their microservices container images using Azure DevOps, which pushes them to the ACR.

  4. Contoso 會使用 PowerShell 指令碼將這些微服務部署至 AKS。Contoso will deploy these microservices to AKS using a PowerShell script.

  5. 最後,他們會部署函式和 Web 應用程式。Finally, they'll deploy the function and web app.

    移轉程序

Azure 服務Azure services

服務Service 說明Description 成本Cost
AKSAKS 簡化 Kubernetes 管理、部署和作業。Simplifies Kubernetes management, deployment, and operations. 提供完全受控的 Kubernetes 容器協調流程服務。Provides a fully managed Kubernetes container orchestration service. AKS 是免費服務。AKS is a free service. 只需就取用的虛擬機器以及相關聯的儲存體和網路資源支付費用。Pay for only the virtual machines, and associated storage and networking resources consumed. 詳細資訊Learn more.
Azure FunctionsAzure Functions 以事件驅動的無伺服器計算體驗,加快開發速度。Accelerates development with an event-driven, serverless compute experience. 依需求進行調整。Scale on demand. 只需就取用的資源支付費用。Pay only for consumed resources. 根據每秒的資源取用量和執行次數計算方案的費用。Plan is billed based on per-second resource consumption and executions. 詳細資訊Learn more.
Azure Container RegistryAzure Container Registry 儲存所有容器部署類型的映像。Stores images for all types of container deployments. 根據功能、儲存體和使用期間計算費用。Cost based on features, storage, and usage duration. 詳細資訊Learn more.
Azure App ServiceAzure App Service 快速建置、部署和調整在任何平台上執行的企業級 Web、行動裝置和 API 應用程式。Quickly build, deploy, and scale enterprise-grade web, mobile, and API apps running on any platform. App Service 方案以每秒計費。App Service plans are billed on a per second basis. 詳細資訊Learn more.

PrerequisitesPrerequisites

以下是 Contoso 針對此案例所需的項目:Here's what Contoso needs for this scenario:

需求Requirements 詳細資料Details
Azure 訂用帳戶Azure subscription Contoso 在先前文章期間已建立訂用帳戶。Contoso created subscriptions during an earlier article. 如果您沒有 Azure 訂用帳戶,請建立免費帳戶If you don't have an Azure subscription, create a free account.

如果您建立免費帳戶,您就是訂用帳戶的管理員,並可執行所有動作。If you create a free account, you're the administrator of your subscription and can perform all actions.

如果您使用現有訂用帳戶,而且您不是系統管理員,則需要與系統管理員合作,讓其指派擁有者或參與者權限給您。If you use an existing subscription and you're not the administrator, you need to work with the admin to assign you Owner or Contributor permissions.
Azure 基礎結構Azure infrastructure 了解 Contoso 如何設定 Azure 基礎結構。Learn how Contoso set up an Azure infrastructure.
開發人員必要條件Developer prerequisites 在開發人員工作站上,Contoso 需要下列工具:Contoso needs the following tools on a developer workstation:

- Visual Studio 2017 Community 版本:15.5 版- Visual Studio 2017 Community Edition: Version 15.5

已啟用 .NET 工作負載。.NET workload enabled.

GitGit

Azure PowerShellAzure PowerShell

Azure CLIAzure CLI

已設定為使用 Windows 容器的 Docker CE (Windows 10) 或 Docker EE (Windows Server)Docker CE (Windows 10) or Docker EE (Windows Server) set to use Windows Containers.

案例步驟Scenario steps

以下是 Contoso 執行移轉的方式:Here's how Contoso will run the migration:

  • 步驟1:布建 AKS 和 ACR。Step 1: Provision AKS and ACR. Contoso 會使用 PowerShell 佈建受控 AKS 叢集和 Azure 容器登錄。Contoso provisions the managed AKS cluster and Azure container registry using PowerShell.
  • 步驟2:建立 Docker 容器。Step 2: Build Docker containers. 他們會使用 Azure DevOps 來設定 Docker 容器的 CI,然後將其推送至 ACR。They set up CI for Docker containers using Azure DevOps, and push them to the ACR.
  • 步驟3:部署後端微服務。Step 3: Deploy back-end microservices. 他們會部署基礎結構的其餘部分,以供後端微服務使用。They deploy the rest of the infrastructure that will be used by back-end microservices.
  • 步驟4:部署前端基礎結構。Step 4: Deploy front-end infrastructure. 他們會部署前端基礎結構,包括寵物電話的 Blob 儲存體、Cosmos DB 和視覺 API。They deploy the front-end infrastructure, including blob storage for the pet phones, the Cosmos DB, and Vision API.
  • 步驟5:遷移後端。Step 5: Migrate the back end. 他們會部署微服務並在 AKS 上執行,以移轉後端。They deploy microservices and run on AKS, to migrate the back end.
  • 步驟6:發佈前端。Step 6: Publish the front end. 他們會將 SmartHotel360 應用程式發佈至 App Service,以及寵物服務將呼叫的函式應用程式。They publish the SmartHotel360 app to the App Service, and the function app that will be called by the pet service.

步驟 1:佈建後端資源Step 1: Provision back-end resources

Contoso 管理員會執行部署指令碼,使用 AKS 和 Azure Container Registry (ACR) 來建立受控 Kubernetes 叢集。Contoso admins run a deployment script to create the managed Kubernetes cluster using AKS and the Azure Container Registry (ACR).

  • 本節的指示會使用 SmartHotel360-Azure-backend 存放庫。The instructions for this section use the SmartHotel360-Azure-backend repository.
  • SmartHotel360-Azure-backend GitHub 存放庫包含這部分部署的所有軟體。The SmartHotel360-Azure-backend GitHub repository contains all of the software for this part of the deployment.

確保必要條件Ensure prerequisites

  1. 在開始之前,Contoso 管理員會確定所有先決條件軟體都安裝在用來部署的開發電腦上。Before they start, Contoso admins ensure that all prerequisite software in installed on the dev machine they're using for the deployment.
  2. 他們會使用 Git 將本機存放庫複製到開發機器:git clone https://github.com/Microsoft/SmartHotel360-Azure-backend.gitThey clone the repository local to the dev machine using Git: git clone https://github.com/Microsoft/SmartHotel360-Azure-backend.git

佈建 AKS 和 ACRProvision AKS and ACR

Contoso 管理員會依下列方式進行佈建:The Contoso admins provision as follows:

  1. 他們會使用 Visual Studio Code 來開啟資料夾,然後移至 /deploy/k8s 目錄,其中包含指令碼 gen-aks-env.ps1They open the folder using Visual Studio Code, and moves to the /deploy/k8s directory, which contains the script gen-aks-env.ps1.

  2. 他們會執行指令碼,使用 AKS 和 ACR 來建立受控 Kubernetes 叢集。They run the script to create the managed Kubernetes cluster, using AKS and ACR.

    AKS

  3. 在檔案開啟時,他們會將 $location 參數更新為 eastus2,並儲存檔案。With the file open, they update the $location parameter to eastus2, and save the file.

    AKS

  4. 他們會選取 [檢視] > [整合式終端機],以在 Visual Studio Code 中開啟整合式終端機。They select View > Integrated Terminal to open the integrated terminal in Visual Studio Code.

    AKS

  5. 在 PowerShell 整合式終端機中,他們會使用 Connect-AzureRmAccount 命令登入 Azure。In the PowerShell Integrated terminal, they sign into Azure using the Connect-AzureRmAccount command. 深入了解如何開始使用 PowerShell。Learn more about getting started with PowerShell.

    AKS

  6. 他們會執行 az login 命令來驗證 Azure CLI,並遵循指示以使用其網頁瀏覽器進行驗證。They authenticate Azure CLI by running the az login command, and following the instructions to authenticate using their web browser. 深入了解如何使用 Azure CLI 來登入。Learn more about logging in with Azure CLI.

    AKS

  7. 他們會執行下列命令,以傳遞 ContosoRG 的資源群組名稱、AKS 叢集 smarthotel-aks-eus2 的名稱和新的登錄名稱。They run the following command, passing the resource group name of ContosoRG, the name of the AKS cluster smarthotel-aks-eus2, and the new registry name.

    .\gen-aks-env.ps1  -resourceGroupName ContosoRg -orchestratorName smarthotelakseus2 -registryName smarthotelacreus2
    

    AKS

  8. Azure 會建立另一個資源群組,其中包含 AKS 叢集的資源。Azure creates another resource group, containing the resources for the AKS cluster.

    AKS

  9. 部署完成之後,他們會安裝 kubectl 命令列工具。After the deployment is finished, they install the kubectl command-line tool. Azure CloudShell 上已安裝此工具。The tool is already installed on the Azure CloudShell.

    az aks install-cli
    
  10. 他們會執行 kubectl get nodes 命令來確認對叢集的連線。They verify the connection to the cluster by running the kubectl get nodes command. 節點的名稱和所自動建立資源群組中的 VM 名稱相同。The node is the same name as the VM in the automatically created resource group.

    AKS

  11. 他們會執行下列命令來啟動 Kubernetes 儀表板:They run the following command to start the Kubernetes Dashboard:

    az aks browse --resource-group ContosoRG --name smarthotelakseus2
    
  12. 隨即會有瀏覽器索引標籤開啟為儀表板。A browser tab opens to the Dashboard. 這是使用 Azure CLI 來建立通道的連線。This is a tunneled connection using the Azure CLI.

    AKS

步驟 2:設定後端管線Step 2: Configure the back-end pipeline

建立 Azure DevOps 專案和組建Create an Azure DevOps project and build

Contoso 會建立 Azure DevOps 專案,並設定 CI 組建來建立容器,再將它推送至 ACR。Contoso creates an Azure DevOps project, and configures a CI Build to create the container and then pushes it to the ACR. 本節中的指示會使用 SmartHotel360-Azure-Backend 存放庫。The instructions in this section use the SmartHotel360-Azure-Backend repository.

  1. 他們會從 visualstudio.com 建立新的組織 (contosodevops360.visualstudio.com),並將它設定為使用 Git。From visualstudio.com, they create a new organization (contosodevops360.visualstudio.com), and configure it to use Git.

  2. 他們會建立新的專案 (SmartHotelBackend),此專案使用 Git 來進行版本控制,並使用 Agile 來進行工作流程。They create a new project (SmartHotelBackend) using Git for version control, and Agile for the workflow.

    Azure DevOps

  3. 他們會匯入 GitHub 存放庫They import the GitHub repo.

    Azure DevOps

  4. 在 [管線] 中,他們會選取 [建置],然後使用 Azure Repos Git 作為來源,從存放庫建立一個新管線。In Pipelines, they select Build, and create a new pipeline using Azure Repos Git as a source, from the repository.

    Azure DevOps

  5. 他們會選取從空白作業開始著手。They select to start with an empty job.

    Azure DevOps

  6. 他們會選取 [裝載的 Linux 預覽] 作為建置管線。They select Hosted Linux Preview for the build pipeline.

    Azure DevOps

  7. 在 [第 1 階段] 中,他們會新增 [Docker Compose] 工作。In Phase 1, they add a Docker Compose task. 此工作會建置 Docker Compose。This task builds the Docker compose.

    Azure DevOps

  8. 他們會重複相同步驟,以新增另一個 [Docker Compose] 工作。They repeat and add another Docker Compose task. 此工作會將容器推送至 ACR。This one pushes the containers to ACR.

    Azure DevOps

  9. 他們會選取第一個工作 (用來建置),並為此組件設定 Azure 訂用帳戶、授權和 ACR。They select the first task (to build), and configure the build with the Azure subscription, authorization, and the ACR.

    Azure DevOps

  10. 他們會指定 docker-compose.yaml 檔案在存放庫 [src] 資料夾中的路徑。They specify the path of the docker-compose.yaml file, in the src folder of the repo. 他們會選取建置服務映像並包含最新標記。They select to build service images and include the latest tag. 當動作變更為 [建置服務映像] 時,Azure DevOps 工作的名稱會變更為 [自動建置服務]。When the action changes to Build service images, the name of the Azure DevOps task changes to Build services automatically.

    Azure DevOps

  11. 現在,他們會設定第二個 Docker 工作 (用來推送)。Now, they configure the second Docker task (to push). 他們會選取訂用帳戶和 [smarthotelacreus2] ACR。They select the subscription and the smarthotelacreus2 ACR.

    Azure DevOps

  12. 同樣地,他們會將檔案輸入至 yaml 檔案,然後選取 [推送服務映射],並包含最新的標記。Again, they enter the file to the docker-compose.yaml file, then select Push service images and include the latest tag. 當動作變更為 [推送服務映像] 時,Azure DevOps 工作的名稱會變更為 [自動推送服務]。When the action changes to Push service images, the name of the Azure DevOps task changes to Push services automatically.

    Azure DevOps

  13. 設定好 Azure DevOps 工作之後,Contoso 會儲存建置管線,並啟動建置程序。With the Azure DevOps tasks configured, Contoso saves the build pipeline, and starts the build process.

    Azure DevOps

  14. 他們會選取建置作業以檢查進度。They select the build job to check progress.

    Azure DevOps

  15. 建置完成之後,ACR 就會顯示新的存放庫,其中會填入微服務所使用的容器。After the build finishes, the ACR shows the new repos, which are populated with the containers used by the microservices.

    Azure DevOps

部署後端基礎結構Deploy the back-end infrastructure

建立 AKS 叢集並建置 Docker 映像之後,Contoso 管理員現在會部署將供後端微服務使用的基礎結構其餘部分。With the AKS cluster created and the Docker images built, Contoso admins now deploy the rest of the infrastructure that will be used by back-end microservices.

  • 本節中的指示會使用 SmartHotel360-Azure-Backend 存放庫。Instructions in the section use the SmartHotel360-Azure-Backend repo.
  • /deploy/k8s/arm 資料夾中有一個指令碼可建立所有項目。In the /deploy/k8s/arm folder, there's a single script to create all items.

他們會如下所示地進行部署:They deploy as follows:

  1. 他們會開啟開發人員命令提示字元,並針對 Azure 訂用帳戶使用命令 az loginThey open a developer command prompt, and use the command az login for the Azure subscription.

  2. 他們會使用 deploy.cmd 檔案,透過輸入下列命令,將 Azure 資源部署在 ContosoRG 資源群組和 EUS2 區域:They use the deploy.cmd file to deploy the Azure resources in the ContosoRG resource group and EUS2 region, by typing the following command:

    .\deploy.cmd azuredeploy ContosoRG -c eastus2
    

    部署後端

  3. 在 Azure 入口網站 中,他們會擷取每個資料庫的連接字串以供稍後使用。In the Azure portal, they capture the connection string for each database, to be used later.

    部署後端

建立後端發行管線Create the back-end release pipeline

現在,Contoso 管理員會執行下列操作:Now, Contoso admins do the following:

  • 部署 NGINX 輸入控制器,以允許對服務傳送的輸入流量。Deploy the NGINX ingress controller to allow inbound traffic to the services.
  • 將微服務部署至 AKS 叢集。Deploy the microservices to the AKS cluster.
  • 他們的第一步是使用 Azure DevOps 來更新微服務的連接字串。As a first step they update the connection strings to the microservices using Azure DevOps. 接著,他們會設定新的 Azure DevOps 發行管線來部署微服務。They then configure a new Azure DevOps Release pipeline to deploy the microservices.
  • 本節中的指示會使用 SmartHotel360-Azure-Backend 存放庫。The instructions in this section use the SmartHotel360-Azure-Backend repo.
  • 本文未涵蓋某些組態設定 (例如 Active Directory B2C)。Some of the configuration settings (for example Active Directory B2C) aren't covered in this article. 如需這些設定的詳細資訊,請參閱上述的存放庫。For more information about these settings, review the repo above.

他們會建立管線:They create the pipeline:

  1. 他們會使用 Visual Studio,以稍早記下的資料庫連線資訊更新 /deploy/k8s/config_local.yml 檔案。Using Visual Studio they update the /deploy/k8s/config_local.yml file with the database connection information they noted earlier.

    DB 連線

  2. 他們會開啟 Azure DevOps,然後在 SmartHotel360 專案的 [發行] 中,選取 [+新增管線]。They open Azure DevOps, and in the SmartHotel360 project, in Releases, they select +New Pipeline.

    新增管線

  3. 他們會選取 [空白作業] 來開始管線,而不使用範本。They select Empty Job to start the pipeline without a template.

  4. 他們會提供階段和管線名稱。They provide the stage and pipeline names.

    階段名稱

    管線名稱

  5. 他們會新增成品。They add an artifact.

    新增成品

  6. 他們會選取 [Git] 作為來源類型,然後為 SmartHotel360 應用程式指定專案、來源及 master 分支。They select Git as the source type, and specify the project, source, and master branch for the SmartHotel360 app.

    成品設定

  7. 他們會選取工作連結。They select the task link.

    工作連結

  8. 他們會新增 Azure PowerShell 工作,以便在 Azure 環境中執行 PowerShell 指令碼。They add a new Azure PowerShell task so that they can run a PowerShell script in an Azure environment.

    Azure 中的 PowerShell

  9. 他們會選取工作的 Azure 訂用帳戶,然後從 Git 存放庫中選取 [deploy.ps1] 指令碼。They select the Azure subscription for the task, and select the deploy.ps1 script from the Git repo.

    執行指令碼

  10. 他們會新增指令碼的引數。They add arguments to the script. 此指令碼會刪除所有叢集內容 (ingressingress controller 除外),然後部署微服務。The script will delete all cluster content (except ingress and ingress controller), and deploy the microservices.

    指令碼引數

  11. 他們會將慣用的 Azure PowerShell 版本設定為最新版本,然後儲存管線。They set the preferred Azure PowerShell version to the latest, and save the pipeline.

  12. 他們會回到 [發行] 頁面,然後手動建立新的發行。They move back to the Release page, and manually create a new release.

    新增發行

  13. 他們會在建立發行之後選取該發行,然後在 [動作] 中選取 [部署]。They select the release after creating it, and in Actions, they select Deploy.

    部署發行

  14. 當部署完成時,他們會使用 Azure Cloud Shell 來執行下列命令以檢查服務狀態:kubectl get servicesWhen the deployment is complete, they run the following command to check the status of services, using the Azure Cloud Shell: kubectl get services.

步驟 3:佈建前端服務Step 3: Provision front-end services

Contoso 管理員需要部署將供前端應用程式使用的基礎結構。Contoso admins need to deploy the infrastructure that will be used by the front-end apps. 他們會建立 Blob 儲存體容器來儲存寵物影像;建立 Cosmos 資料庫來儲存含有寵物資訊的文件;以及建立網站適用的「視覺 API」。They create a blob storage container for storing the pet images; the Cosmos database to store documents with the pet information; and the Vision API for the website.

本節的指示會使用 SmartHotel360-public-web 存放庫。Instructions for this section use the SmartHotel360-public-web repo.

建立 Blob 儲存體容器Create blob storage containers

  1. 在 [Azure 入口網站] 中,他們會開啟已建立的儲存體帳戶,然後選取 [ blob]。In the Azure portal, they open the storage account that was created, then select Blobs.

  2. 他們會建立新的容器 (Pets),並將公用存取層級設定為容器。They create a new container (Pets) with the public access level set to container. 使用者會將其寵物相片上傳至此容器。Users will upload their pet photos to this container.

    儲存體 Blob

  3. 他們會建立第二個名為 settings 的新容器。They create a second new container named settings. 具有所有前端應用程式設定的檔案將會放在此容器中。A file with all the front-end app settings will be placed in this container.

    儲存體 Blob

  4. 他們會擷取文字檔中的儲存體帳戶存取詳細資料,以供日後參考。They capture the access details for the storage account in a text file, for future reference.

    儲存體 Blob

佈建 Cosmos 資料庫Provision a Cosmos database

Contoso 管理員會佈建用於存放寵物資訊的 Cosmos 資料庫。Contoso admins provision a Cosmos database to be used for pet information.

  1. 他們會在 Azure Marketplace 中建立 Azure Cosmos DBThey create an Azure Cosmos DB in the Azure Marketplace.

    Cosmos DB

  2. 他們會指定名稱(contososmarthotel)、選取 SQL API,並將它放在美國東部2主要區域的生產資源群組 ContosoRG 中。They specify a name (contososmarthotel), select the SQL API, and place it in the production resource group ContosoRG, in the main East US 2 region.

    Cosmos DB

  3. 他們會在資料庫內新增集合,並為其設定預設容量與輸送量。They add a new collection to the database, with default capacity and throughput.

    Cosmos DB

  4. 他們會記下資料庫的連線資訊,以供日後參考。They note the connection information for the database, for future reference.

    Cosmos DB

佈建電腦視覺Provision Computer Vision

Contoso 管理員會佈建「電腦視覺 API」。Contoso admins provision the Computer Vision API. 函式會呼叫此 API 來評估使用者所上傳的圖片。The API will be called by the function, to evaluate pictures uploaded by users.

  1. 他們會在 Azure Marketplace 中建立電腦視覺執行個體。They create a Computer Vision instance in the Azure Marketplace.

    電腦視覺

  2. 他們會在美國東部 2 主要區域的生產資源群組 ContosoRG 中佈建 API (smarthotelpets)。They provision the API (smarthotelpets) in the production resource group ContosoRG, in the main East US 2 region.

    電腦視覺

  3. 他們會將 API 的連線設定儲存至文字檔,以供日後參考。They save the connection settings for the API to a text file for later reference.

    電腦視覺

佈建 Azure Web 應用程式Provision the Azure web app

Contoso 管理員會使用 Azure 入口網站來佈建 Web 應用程式。Contoso admins provision the web app using the Azure portal.

  1. 在入口網站中選取 [Web 應用程式]。They select Web App in the portal.

    Web 應用程式

  2. 他們會提供應用程式名稱 (smarthotelcontoso)、在 Windows 上執行它,並將它放在生產環境資源群組 [ContosoRG] 中。They provide an app name (smarthotelcontoso), run it on Windows, and place it in the production resources group ContosoRG. 他們會建立新的 Application Insights 執行個體來進行應用程式監視。They create a new Application Insights instance for app monitoring..

    Web 應用程式名稱

  3. 完成之後,他們會瀏覽至應用程式的位址,以檢查是否已成功建立該應用程式。After they're done, they browse to the address of the app to check it's been created successfully.

  4. 現在,他們會在 Azure 入口網站中為程式碼建立預備位置。Now, in the Azure portal they create a staging slot for the code. 管線將部署到這個位置。The pipeline will deploy to this slot. 這可確保會等到管理員執行發行之後,才會將程式碼放到生產環境中。This ensures that code isn't put into production until admins perform a release.

    Web 應用程式預備位置

佈建 Azure 函數應用程式Provision the Azure function app

Contoso 管理員會在 Azure 入口網站中佈建函數應用程式。In the Azure portal, Contoso admins provision the Function App.

  1. 他們會選取 [函數應用程式]。They select Function App.

    建立函數應用程式

  2. 他們會提供應用程式名稱 (smarthotelpetchecker)。They provide an app name (smarthotelpetchecker). 他們會將應用程式放在生產環境資源群組 [ContosoRG] 中,並將主控方案設定為 [使用情況方案],然後將應用程式放在 [美國東部 2] 區域中。They place the app in the production resource group ContosoRG.They set the hosting place to Consumption Plan, and place the app in the East US 2 region. 系統會建立一個新儲存體帳戶,以及用於進行監視的 Application Insights 執行個體。A new storage account is created, along with an Application Insights instance for monitoring.

    函數應用程式設定

  3. 部署應用程式之後,他們會瀏覽至應用程式位址,以檢查是否已成功建立該應用程式。After the app is deployed, they browse to the app address to check it's been created successfully.

步驟 4:設定前端管線Step 4: Set up the front-end pipeline

Contoso 管理員會為前端網站建立兩個不同的專案。Contoso admins create two different projects for the front-end site.

  1. 他們會在 Azure DevOps 中建立 SmartHotelFrontend 專案。In Azure DevOps, they create a project SmartHotelFrontend.

    前端專案

  2. 他們會將 SmartHotel360 front-end Git 存放庫匯入至新專案。They import the SmartHotel360 front end Git repository into the new project.

  3. 針對函式應用程式,他們會建立另一個 Azure DevOps 專案 (SmartHotelPetChecker),然後將 PetChecker Git 存放庫匯入至此專案。For the function app, they create another Azure DevOps project (SmartHotelPetChecker), and import the PetChecker Git repository into this project.

設定 Web 應用程式Configure the web app

Contoso 管理員現在會設定 Web 應用程式以使用 Contoso 資源。Now Contoso admins configure the web app to use Contoso resources.

  1. 他們會連線至 Azure DevOps 專案,然後從本機將存放庫複製到開發機器。They connect to the Azure DevOps project, and clone the repository locally to the development machine.

  2. 在 Visual Studio 中,他們會開啟資料夾以顯示存放庫中的所有檔案。In Visual Studio, they open the folder to show all the files in the repo.

    存放庫檔案

  3. 他們會視需要更新設定變更。They update the configuration changes as required.

    • 當 Web 應用程式啟動時,它會尋找 SettingsUrl 應用程式設定。When the web app starts up, it looks for the SettingsUrl app setting.
    • 此變數必須包含指向設定檔的 URL。This variable must contain a URL pointing to a configuration file.
    • 根據預設,所使用的設定會是公用端點。By default, the setting used is a public endpoint.
  4. 他們會更新 /config-sample.json/sample.json 檔案。They update the /config-sample.json/sample.json file.

    • 這是 Web 在使用公用端點時的設定檔。This is the configuration file for the web when using the public endpoint.
    • 他們會使用 AKS API 端點、儲存體帳戶及 Cosmos 資料庫的值來編輯 urlspets_config 區段。They edit the urls and pets_config sections with the values for the AKS API endpoints, storage accounts, and Cosmos database.
    • URL 應符合 Contoso 所會建立的新 Web 應用程式 DNS 名稱。The URLs should match the DNS name of the new web app that Contoso will create.
    • 對於 Contoso 來說,這是 smarthotelcontoso.eastus2.cloudapp.azure.comFor Contoso, this is smarthotelcontoso.eastus2.cloudapp.azure.com.

    JSON 設定

  5. 在更新檔案之後,他們會將其重新命名為 smarthotelsettingsurl,然後將其上傳至稍早建立的 Blob 儲存體中。After the file is updated, they rename it smarthotelsettingsurl, and upload it to the blob storage they created earlier.

    重新命名並上傳

  6. 他們會選取檔案以取得 URL。They select the file to get the URL. 應用程式會在提取設定檔時使用此 URL。The URL is used by the app when it pulls down the configuration files.

    應用程式 URL

  7. appsettings.Production.json 檔案中,他們會將 SettingsURL 更新為新檔案的 URL。In the appsettings.Production.json file, they update the SettingsURL to the URL of the new file.

    更新 URL

將網站部署至 Azure App ServiceDeploy the website to Azure App Service

Contoso 管理員現在已可發佈網站。Contoso admins can now publish the website.

  1. 他們會開啟 Azure DevOps,然後在 SmartHotelFrontend 專案的 [建置及發行] 中,選取 [+新增管線]。They open Azure DevOps, and in the SmartHotelFrontend project, in Builds and Releases, they select +New Pipeline.

  2. 他們會選取 [Azure DevOps Git] 作為來源。They select Azure DevOps Git as a source.

  3. 他們會選取 [ASP.NET Core] 範本。They select the ASP.NET Core template.

  4. 他們會檢閱管線,並確認是否已選取 [發佈 Web 專案] 和 [壓縮發佈的專案]。They review the pipeline, and check that Publish Web Projects and Zip Published Projects are selected.

    管線設定

  5. 在 [觸發程序] 中,其會啟用持續整合,並新增主要分支。In Triggers, they enable continuous integration, and add the master branch. 這可確保每次將解決方案的新程式碼提交給 master 分支時,建置管線都會啟動。This ensures that each time the solution has new code committed to the master branch, the build pipeline starts.

    持續整合

  6. 他們會選取 [儲存並排入佇列] 來啟動建置作業。They select Save & Queue to start a build.

  7. 建置完成之後,他們會使用 [Azure App Service 部署] 來設定發行管線。After the build completes, they configure a release pipeline using Azure App Service Deployment.

  8. 他們會提供一個階段名稱 StagingThey provide a Stage name Staging.

    環境名稱

  9. 他們會新增成品並選取剛剛設定的組建。They add an artifact and select the build they just configured.

    新增成品

  10. 他們會選取成品上的閃電圖示,然後啟用持續部署。They select the lightning bolt icon on the artifact, and enable continuous deployment.

    連續部署

  11. 在 [環境] 中,他們會選取 [Staging] 底下的 [1 個作業, 1 個工作]。In Environment, they select 1 job, 1 task under Staging.

  12. 選取訂用帳戶和應用程式名稱之後,他們會開啟 [Azure App Service 部署] 工作。After selecting the subscription, and app name, they open the Deploy Azure App Service task. 此部署已設定成使用 [預備環境] 部署位置。The deployment is configured to use the staging deployment slot. 這會自動在此位置建置要檢閱和核准的程式碼。This automatically builds code for review and approval in this slot.

    位置

  13. 在 [管線] 中,他們會新增新的階段。In the Pipeline, they add a new stage.

    新增環境

  14. 他們會選取 [使用位置的 Azure App Service 部署]然後將環境命名為 ProdThey select Azure App Service deployment with slot, and name the environment Prod.

  15. 他們會選取 [ 1 個作業]、[2 個工作],然後選取 [訂用帳戶]、[app service 名稱] 和預備位置。They select 1 job, 2 tasks, then select the subscription, app service name, and the staging slot.

    環境名稱

  16. 他們會從管線中移除 [將 Azure App Service 部署至位置]。They remove the Deploy Azure App Service to Slot from the pipeline. 這是先前的步驟所放置。It was placed there by the previous steps.

    從管線中移除

  17. 他們會儲存管線。They save the pipeline. 他們會在管線上選取 [部署後的條件]。On the pipeline, they select Post-deployment conditions.

    部署後

  18. 他們會啟用 [部署後核准],然後新增開發主管作為核准者。They enable Post-deployment approvals, and add a dev lead as the approver.

    部署後核准

  19. 在建置管線中,他們會手動啟動建置作業。In the Build pipeline, they manually kick off a build. 這會觸發新的發行管線,而將網站部署至預備位置。This triggers the new release pipeline, which deploys the site to the staging slot. 就 Contoso 而言,此位置的 URL 是https://smarthotelcontoso-staging.azurewebsites.net/For Contoso, the URL for the slot is https://smarthotelcontoso-staging.azurewebsites.net/.

  20. 在建置完成且發行部署至該位置之後,Azure DevOps 就會傳送電子郵件給開發主管來進行核准。After the build finishes, and the release deploys to the slot, Azure DevOps emails the dev lead for approval.

  21. 開發主管會選取 [檢視核准],然後便可以在 Azure DevOps 入口網站中核准或拒絕該要求。The dev lead selects View approval, and can approve or reject the request in the Azure DevOps portal.

    核准郵件

  22. 主管會加上註解並核准。The lead makes a comment and approves. 這會啟動 [預備環境] 與 [生產環境] 位置的交換,然後將組建移至生產環境。This starts the swap of the staging and prod slots, and moves the build into production.

    核准並交換

  23. 管線會完成交換。The pipeline completes the swap.

    完整的交換

  24. 小組會檢查 [生產環境] 位置,以確認該 Web 應用程式已於 https://smarthotelcontoso.azurewebsites.net/ 投入生產環境。The team checks the prod slot to verify that the web app is in production at https://smarthotelcontoso.azurewebsites.net/.

部署 PetChecker 函式應用程式Deploy the PetChecker Function app

Contoso 管理員會依下列方式部署應用程式。Contoso admins deploy the app as follows.

  1. 他們會連線至 Azure DevOps 專案,以從本機將存放庫複製到開發機器。They clone the repository locally to the development machine by connecting to the Azure DevOps project.

  2. 在 Visual Studio 中,他們會開啟資料夾以顯示存放庫中的所有檔案。In Visual Studio, they open the folder to show all the files in the repo.

  3. 他們會開啟 src/PetCheckerFunction/local.settings.json 檔案,然後新增用於儲存體、Cosmos 資料庫及「電腦視覺 API」的應用程式設定。They open the src/PetCheckerFunction/local.settings.json file, and add the app settings for storage, the Cosmos database, and the Computer Vision API.

    部署函式

  4. 他們會認可程式碼,然後透過同步處理將其送回 Azure DevOps,以發佈其變更。They commit the code, and sync it back to Azure DevOps, pushing their changes.

  5. 他們會新增新的組建管線,然後針對來源選取 [ Azure DevOps Git ]。They add a new Build pipeline, then select Azure DevOps Git for the source.

  6. 他們會選取 [ASP.NET Core (.NET Framework)] 範本。They select the ASP.NET Core (.NET Framework) template.

  7. 他們會接受範本的預設值。They accept the defaults for the template.

  8. 在 [觸發程式] 中,選取 [啟用持續整合],然後選取 [儲存 & 佇列] 來啟動組建。In Triggers, then select to Enable continuous integration, then select Save & Queue to start a build.

  9. 建置成功之後,他們會建置發行管線,其中會新增 [使用位置的 Azure App Service 部署]。After the build succeeds, they build a Release pipeline, adding Azure App Service deployment with slot.

  10. 他們將環境命名為「生產」,然後選取 [訂用帳戶]。They name the environment Prod, then select the subscription. 他們會將 [應用程式類型] 設定為 [函數應用程式],並將應用程式服務名稱設定為 smarthotelpetcheckerThey set the App type to Function App, and the app service name as smarthotelpetchecker.

    函式應用程式

  11. 他們會新增 [建置] 成品。They add an artifact Build.

    構件

  12. 他們會啟用持續部署觸發程式,然後選取 [儲存]。They enable Continuous deployment trigger, then select Save.

  13. 他們會選取 [將新組建排入佇列],以執行完整的 CI/CD 管線。They select Queue new build to run the full CI/CD pipeline.

  14. 函式部署完成後會出現在 Azure 入口網站中,且狀態為執行中After the function is deployed, it appears in the Azure portal, with the Running status.

    部署函式

  15. 他們會瀏覽至應用程式以測試 Pet Checker 應用程式是否如預期般運作,其位置在 http://smarthotel360public.azurewebsites.net/PetsThey browse to the app to test that the Pet Checker app is working as expected, at http://smarthotel360public.azurewebsites.net/Pets.

  16. 他們會選取虛擬人偶以上傳圖片。They select the avatar to upload a picture.

    部署函式

  17. 他們想要檢查的第一張相片是一頭小型犬。The first photo they want to check is of a small dog.

    部署函式

  18. 應用程式傳回已接受的訊息。The app returns a message of acceptance.

    部署函式

檢閱部署Review the deployment

在 Azure 中有了所移轉的資源之後,Contoso 現在必須讓新基礎結構完整運作且受到保護。With the migrated resources in Azure, Contoso now needs to fully operationalize and secure the new infrastructure.

安全性Security

  • Contoso 必須確保新資料庫安全無虞。Contoso needs to ensure that the new databases are secure. 詳細資訊Learn more.
  • 應用程式必須更新為搭配使用 SSL 與憑證。The app needs to be updated to use SSL with certificates. 容器執行個體應重新部署為會在 443 上接聽。The container instance should be redeployed to answer on 443.
  • Contoso 應考慮使用 Key Vault 來保護其 Service Fabric 應用程式的祕密。Contoso should consider using Key Vault to protect secrets for their Service Fabric apps. 詳細資訊Learn more.

備份和災害復原Backups and disaster recovery

  • Contoso 需要檢閱 Azure SQL Database 的備份需求。Contoso needs to review backup requirements for the Azure SQL Database. 詳細資訊Learn more.
  • Contoso 應考慮實作 SQL 容錯移轉群組,為資料庫提供區域性容錯移轉。Contoso should consider implementing SQL failover groups to provide regional failover for the database. 詳細資訊Learn more.
  • Contoso 可使用適用於 ACR 進階 SKU 的異地複寫功能。Contoso can use geo-replication for the ACR premium SKU. 詳細資訊Learn more.
  • Cosmos DB 會自動備份。Cosmos DB backs up automatically. Contoso 可以深入了解這個程序。Contoso can learn more about this process.

授權和成本最佳化Licensing and cost optimization

  • 部署好所有資源之後,Contoso 應根據基礎結構規劃來指派 Azure 標記。After all resources are deployed, Contoso should assign Azure tags based on their infrastructure planning.
  • 所有授權費用都會併入 Contoso 使用的 PaaS 服務中。All licensing is built into the cost of the PaaS services that Contoso is consuming. 這將會從 EA 中扣除。This will be deducted from the EA.
  • Contoso 會啟用 Microsoft 子公司 Cloudyn 授權的 Azure 成本管理。Contoso will enable Azure Cost Management licensed by Cloudyn, a Microsoft subsidiary. 它是一種多雲端成本管理解決方案,可協助您使用和管理 Azure 和其他雲端資源。It's a multicloud cost management solution that helps you use and manage Azure and other cloud resources. 深入了解 Azure 成本管理。Learn more about Azure Cost Management.

結論Conclusion

在此文章中,Contoso 在 Azure 中重建 SmartHotel360 應用程式。In this article, Contoso rebuilds the SmartHotel360 app in Azure. 他們將內部部署應用程式前端 VM 重建成 Azure App Service Web 應用程式。The on-premises app front-end VM is rebuilt to Azure App Service web apps. 應用程式後端的建置,則是使用 Azure Kubernetes Service (AKS) 所管理容器中部署的微服務來進行。The application back end is built using microservices deployed to containers managed by Azure Kubernetes Service (AKS). Contoso 使用寵物相片應用程式增強了應用程式功能。Contoso enhanced app functionality with a pet photo app.

建議的技能Suggested skills

Microsoft Learn 是新的學習方法。Microsoft Learn is a new approach to learning. 針對雲端採用所帶來的新技術和責任做好準備並不容易。Readiness for the new skills and responsibilities that come with cloud adoption doesn't come easily. Microsoft Learn 提供了更有價值的學習方法,可協助您更快達成目標。Microsoft Learn provides a more rewarding approach to hands-on learning that helps you achieve your goals faster. 獲得學分和等級,並達成更多目標!Earn points and levels, and achieve more!

以下幾個範例會在與 Azure 中的 Contoso SmartHotel360 應用程式一致的 Microsoft Learn 上量身打造學習路徑。Here are a couple of examples of tailored learning paths on Microsoft Learn that align with the Contoso SmartHotel360 app in Azure.

使用 Azure App Service: Azure 中的 Web apps 將網站部署至 azure,可讓您輕鬆地發佈及管理網站,而不需要使用基礎伺服器、儲存體或網路資產。Deploy a website to Azure with Azure App Service: Web apps in Azure allow you to publish and manage your website easily without having to work with the underlying servers, storage, or network assets. 相反地,您可以專注在網站的功能,並交由健全強大的 Azure 平台保障網站存取的安全性。Instead, you can focus on your website features and rely on the robust Azure platform to provide secure access to your site.

使用 Azure 認知願景服務來處理和分類影像: azure 認知服務提供預先建立的功能,可在您的應用程式中啟用電腦視覺功能。Process and classify images with the Azure Cognitive Vision Services: Azure Cognitive Services offers prebuilt functionality to enable computer vision functionality in your applications. 瞭解如何使用認知願景服務來偵測臉部、標記和分類影像,以及識別物件。Learn how to use the Cognitive Vision Services to detect faces, tag and classify images, and identify objects.