Skip to content

README.md

Latest commit

 

History

History
66 lines (51 loc) · 4.25 KB

README.md

File metadata and controls

66 lines (51 loc) · 4.25 KB

Azure CLI Deployment

This directory contains Bash scripts for deploying and validating the sample using the azlocal CLI. For details about the sample application, see Azure Web App with Azure Database for PostgreSQL flexible server.

Prerequisites

pip install azlocal

Architecture Overview

deploy.sh provisions the same resources as the Bicep and Terraform variants but with raw az commands:

  1. Azure Resource Group.
  2. Azure Log Analytics Workspace.
  3. Network Security Groups for both subnets.
  4. Azure NAT Gateway.
  5. Azure Virtual Network with:
    • app-subnet: delegated to Microsoft.Web/serverFarms (with NAT gateway).
    • pe-subnet: hosts the Private Endpoint (no delegation; disable-private-endpoint-network-policies=true).
  6. Azure Database for PostgreSQL flexible server: public-access mode, Burstable / Standard_B1ms, version 16, 32 GiB, HA disabled. With a permissive AllowAllIPs firewall rule.
  7. The PlannerDB database.
  8. Azure Private DNS Zone privatelink.postgres.database.azure.com, linked to the VNet.
  9. Azure Private Endpoint targeting the PG server with group postgresqlServer, plus the DNS-zone group that auto-registers the A record.
  10. A separate application role (testuser) created via psql, with the minimum schema privileges on PlannerDB.
  11. The activities table and three seeded rows (Go to Paris, Go to London, Go to Mexico).
  12. Azure App Service Plan.
  13. Azure Web App with regional VNet integration into app-subnet, configured with PG_HOST, PG_PORT, PG_USER=testuser, PG_PASSWORD, PG_DATABASE, LOGIN_NAME, WEBSITES_PORT.

The Web App uses testuser — the server-admin login is never written into the Web App's app settings. Use validate.sh after deploy.sh to inspect each Azure resource.

Usage

# default secrets
bash deploy.sh

# override secrets via env vars
PG_ADMIN_PASSWORD='<admin-password>' \
PG_APP_PASSWORD='<app-password>' \
bash deploy.sh

# inspect what was deployed
bash validate.sh

deploy.sh accepts the following environment overrides:

Env var Default Description
PG_ADMIN_USER pgadmin Server administrator login
PG_ADMIN_PASSWORD P@ssw0rd1234! Server administrator password (sensitive)
PG_DATABASE_NAME PlannerDB Application database
PG_APP_USER testuser Application role used by the Web App
PG_APP_PASSWORD TestP@ssw0rd123 Password for the application role
DEPLOY_APP 1 Set to 0 to skip the zip deployment step

The script uses call-web-app.sh (unchanged from the source sample) to demonstrate four ways of hitting the Web App from outside the emulator.