Migrate monitoring to container apps

.github/workflows/instance-deploy-prod.yml

@@ -3,31 +3,8 @@ on:
   push:
     branches: [main]
   workflow_dispatch:
-    inputs:
-      monitoring_enabled:
-        description: Deploy monitoring infrastructure (£20/month)
-        type: boolean
-        required: true
-        default: false
 
 jobs:
-  variables:
-    runs-on: ubuntu-latest
-    outputs:
-      monitoring_enabled: ${{ steps.setvars.outputs.monitoring_enabled }}
-    steps:
-      - name: Set variables needed for workflow
-        id: setvars
-        run: |
-          if [[ "${{ inputs.monitoring_enabled}}" == "" ]]
-          then
-            echo "monitoring_enabled=false"
-            echo "monitoring_enabled=false" >> $GITHUB_OUTPUT
-          else
-            echo "monitoring_enabled=${{ inputs.monitoring_enabled}}"
-            echo "monitoring_enabled=${{ inputs.monitoring_enabled}}" >> $GITHUB_OUTPUT
-          fi
-
   build-api:
     uses: benchiverton/OnlineStore/.github/workflows/workflow-build-test-publish-dotnet.yml@main
     with:
@@ -49,7 +26,7 @@ jobs:
     secrets: inherit
 
   deploy-terraform-prod:
-    needs: [variables, build-api, build-website]
+    needs: [build-api, build-website]
     environment: prod
     env:
       ARM_CLIENT_ID: ${{ secrets.TF_VAR_AGENT_CLIENT_ID }}
@@ -84,7 +61,6 @@ jobs:
           TF_VAR_environment: prod
           TF_VAR_acr_username: ${{ secrets.ACR_USERNAME }}
           TF_VAR_acr_password: ${{ secrets.ACR_TOKEN }}
-          TF_VAR_monitoring_enabled: ${{ needs.variables.outputs.monitoring_enabled }}
       - name: Terraform Apply
         id: apply
         run: terraform -chdir=instance apply -auto-approve
@@ -93,16 +69,14 @@ jobs:
           TF_VAR_environment: prod
           TF_VAR_acr_username: ${{ secrets.ACR_USERNAME }}
           TF_VAR_acr_password: ${{ secrets.ACR_TOKEN }}
-          TF_VAR_monitoring_enabled: ${{ needs.variables.outputs.monitoring_enabled }}
       - name: Save terraform outputs
         shell: bash
         run: |
           mkdir terraform-outputs
           terraform -chdir=instance output -raw resource_group_name > terraform-outputs/resource_group_name.txt
           terraform -chdir=instance output -raw container_app_api_fqdn > terraform-outputs/container_app_api_fqdn.txt
           terraform -chdir=instance output -raw container_app_website_fqdn > terraform-outputs/container_app_website_fqdn.txt
-          # -raw cannot handle null values - https://github.com/hashicorp/terraform/issues/32384
-          terraform -chdir=instance show -json | jq -r '.values.outputs.container_instance_monitoring_fqdn.value // ""' > container_instance_monitoring_fqdn.txt
+          terraform -chdir=instance show -json | jq -r '.values.outputs.container_app_monitoring_fqdn.value // ""' > container_app_monitoring_fqdn.txt
       - name: Upload terraform outputs for deploy job
         uses: actions/upload-artifact@v3
         with:
@@ -127,7 +101,7 @@ jobs:
           echo "resource_group_name=$(cat resource_group_name.txt)" >> $GITHUB_ENV
           echo "container_app_api_fqdn=$(cat container_app_api_fqdn.txt)" >> $GITHUB_ENV
           echo "container_app_website_fqdn=$(cat container_app_website_fqdn.txt)" >> $GITHUB_ENV
-          echo "container_instance_monitoring_fqdn=$(cat container_instance_monitoring_fqdn.txt)" >> $GITHUB_ENV
+          echo "container_app_monitoring_fqdn=$(cat container_app_monitoring_fqdn.txt)" >> $GITHUB_ENV
       - name: Login via Azure CLI
         uses: azure/login@v1
         with:
@@ -143,7 +117,6 @@ jobs:
           location: 'East US'
           resourceGroup: ${{ env.resource_group_name }}
           targetPort: 8080
-          environmentVariables: "OTEL_EXPORTER_OTLP_ENDPOINT=http://${{ env.container_instance_monitoring_fqdn }}:18889"
       - name: Deploy website
         uses: azure/container-apps-deploy-action@v1
         with:

.github/workflows/instance-deploy-test.yml

@@ -60,7 +60,6 @@ jobs:
           TF_VAR_environment: ${{ github.head_ref }}
           TF_VAR_acr_username: ${{ secrets.ACR_USERNAME }}
           TF_VAR_acr_password: ${{ secrets.ACR_TOKEN }}
-          TF_VAR_monitoring_enabled: true # enabled for testing
       - name: Terraform Apply
         id: apply
         run: terraform -chdir=instance apply -auto-approve
@@ -69,17 +68,14 @@ jobs:
           TF_VAR_environment: ${{ github.head_ref }}
           TF_VAR_acr_username: ${{ secrets.ACR_USERNAME }}
           TF_VAR_acr_password: ${{ secrets.ACR_TOKEN }}
-          TF_VAR_monitoring_enabled: true # enabled for testing
       - name: Save terraform outputs
         shell: bash
         run: |
           mkdir terraform-outputs
           terraform -chdir=instance output -raw resource_group_name > terraform-outputs/resource_group_name.txt
           terraform -chdir=instance output -raw container_app_api_fqdn > terraform-outputs/container_app_api_fqdn.txt
           terraform -chdir=instance output -raw container_app_website_fqdn > terraform-outputs/container_app_website_fqdn.txt
-          terraform -chdir=instance output -raw container_instance_monitoring_fqdn > terraform-outputs/container_instance_monitoring_fqdn.txt
-          # -raw cannot handle null values - https://github.com/hashicorp/terraform/issues/32384
-          terraform -chdir=instance show -json | jq -r '.values.outputs.container_instance_monitoring_fqdn.value // ""' > container_instance_monitoring_fqdn.txt
+          terraform -chdir=instance output -raw container_app_monitoring_fqdn > terraform-outputs/container_app_monitoring_fqdn.txt
       - name: Upload terraform outputs for deploy job
         uses: actions/upload-artifact@v3
         with:
@@ -104,7 +100,7 @@ jobs:
           echo "resource_group_name=$(cat resource_group_name.txt)" >> $GITHUB_ENV
           echo "container_app_api_fqdn=$(cat container_app_api_fqdn.txt)" >> $GITHUB_ENV
           echo "container_app_website_fqdn=$(cat container_app_website_fqdn.txt)" >> $GITHUB_ENV
-          echo "container_instance_monitoring_fqdn=$(cat container_instance_monitoring_fqdn.txt)" >> $GITHUB_ENV
+          echo "container_app_monitoring_fqdn=$(cat container_app_monitoring_fqdn.txt)" >> $GITHUB_ENV
       - name: Login via Azure CLI
         uses: azure/login@v1
         with:
@@ -120,7 +116,6 @@ jobs:
           location: 'East US'
           resourceGroup: ${{ env.resource_group_name }}
           targetPort: 8080
-          environmentVariables: "OTEL_EXPORTER_OTLP_ENDPOINT=http://${{ env.container_instance_monitoring_fqdn }}:18889"
       - name: Deploy website
         uses: azure/container-apps-deploy-action@v1
         with:
@@ -133,24 +128,23 @@ jobs:
           resourceGroup: ${{ env.resource_group_name }}
           targetPort: 80
           environmentVariables: "API__BASEPATH=https://${{ env.container_app_api_fqdn }}"
-      - name: Post test environment information on PR
-        uses: actions/[email protected]
-        if: github.event_name == 'pull_request'
-        env:
-          PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
+      - name: Find Comment
+        uses: peter-evans/find-comment@v1
+        id: fc
         with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          script: |
-            const output = `### Test environment information
-            #### 🔗[Visit website](https://${{ env.container_app_website_fqdn }}/)
-            #### 🔗[Visit API](https://${{ env.container_app_api_fqdn }}/swagger/)
-            #### 🔗[Visit monitoring UI](http://${{ env.container_instance_monitoring_fqdn }}:18888)
-
-            *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ env.tf_actions_working_dir }}\`, Workflow: \`${{ github.workflow }}\`*`;
+          issue-number: ${{ github.event.pull_request.number }}
+          comment-author: 'github-actions[bot]'
+          body-includes: "### Test environment information"
+      - name: Create or update comment 
+        uses: peter-evans/create-or-update-comment@v1
+        with:
+          issue-number: ${{ github.event.pull_request.number }}
+          comment-id: ${{ steps.fc.outputs.comment-id }}
+          edit-mode: replace
+          body: |
+            ### Test environment information
+            #### 🔗 [Company Website](https://${{ env.container_app_website_fqdn }}/)
+            #### 🔗 [Company API](https://${{ env.container_app_api_fqdn }}/swagger/)
+            #### 🔗 [Monitoring Dashboard](https://${{ env.container_app_monitoring_fqdn }})
 
-            github.issues.createComment({
-              issue_number: context.issue.number,
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              body: output
-            })
+            *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ env.tf_actions_working_dir }}\`, Workflow: \`${{ github.workflow }}\`*

.github/workflows/instance-plan-prod.yml

@@ -39,14 +39,21 @@ jobs:
           TF_VAR_environment: prod
           TF_VAR_acr_username: ${{ secrets.ACR_USERNAME }}
           TF_VAR_acr_password: ${{ secrets.ACR_TOKEN }}
-      - uses: actions/[email protected]
-        if: github.event_name == 'pull_request'
-        env:
-          PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
+      - name: Find Comment
+        uses: peter-evans/find-comment@v1
+        id: fc
+        with:
+          issue-number: ${{ github.event.pull_request.number }}
+          comment-author: 'github-actions[bot]'
+          body-includes: "### Terraform plan for prod"
+      - name: Create or update comment 
+        uses: peter-evans/create-or-update-comment@v1
         with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          script: |
-            const output = `### Terraform plan for prod
+          issue-number: ${{ github.event.pull_request.number }}
+          comment-id: ${{ steps.fc.outputs.comment-id }}
+          edit-mode: replace
+          body: |
+            ### Terraform plan for prod
             #### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
             #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
             #### Terraform Validation 🤖${{ steps.validate.outputs.stdout }}
@@ -58,11 +65,4 @@ jobs:
 
             </details>
 
-            *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ env.tf_actions_working_dir }}\`, Workflow: \`${{ github.workflow }}\`*`;
-
-            github.issues.createComment({
-              issue_number: context.issue.number,
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              body: output
-            })
+            *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ env.tf_actions_working_dir }}\`, Workflow: \`${{ github.workflow }}\`*

docs/Telemetry/DistributedMonitoring.md

@@ -131,7 +131,7 @@ builder.Services.Configure<OpenTelemetryLoggerOptions>(options => options.AddOtl
 
 ### CICD
 
-I copy the .NET Aspire Dashboard image to my Azure Container Registry [here](../../.github/workflows/permanent-image-import.yml), and deploy it using terraform [here](../../terraform/instance/container_instances.tf).
+I copy the .NET Aspire Dashboard image to my Azure Container Registry [here](../../.github/workflows/permanent-image-import.yml), and deploy it using terraform [here](../../terraform/instance/container_apps.tf#L77).
 
 ## Data visualisation (.NET Aspire)
 

src/Api/Company.Api/Properties/launchSettings.json

@@ -6,7 +6,8 @@
       "launchBrowser": true,
       "launchUrl": "swagger",
       "environmentVariables": {
-        "ASPNETCORE_ENVIRONMENT": "Development"
+        "ASPNETCORE_ENVIRONMENT": "Development",
+        "DOTNET_ROLL_FORWARD": "LatestMinor"
       },
       "applicationUrl": "https://localhost:5001"
     }

src/Api/Company.Api/appsettings.Development.json

@@ -5,6 +5,6 @@
       "Microsoft.AspNetCore": "Warning"
     }
   },
-  "OTEL_EXPORTER_OTLP_ENDPOINT": "http://onlinestore-update-monitoring-monitoring.eastus.azurecontainer.io:18889",
+  "OTEL_EXPORTER_OTLP_ENDPOINT": "set-me",
   "OTEL_SERVICE_NAME": "Company.Api"
 }

src/Website/Company.Website/Properties/launchSettings.json

@@ -6,7 +6,8 @@
       "inspectUri": "{wsProtocol}://{url.hostname}:{url.port}/_framework/debug/ws-proxy?browser={browserInspectUri}",
       "applicationUrl": "https://localhost:6001;http://localhost:6000",
       "environmentVariables": {
-        "ASPNETCORE_ENVIRONMENT": "Development"
+        "ASPNETCORE_ENVIRONMENT": "Development",
+        "DOTNET_ROLL_FORWARD": "LatestMinor"
       }
     }
   }

terraform/instance/container_apps.tf

@@ -16,6 +16,10 @@ resource "azurerm_container_app" "api" {
       image  = "mcr.microsoft.com/azuredocs/containerapps-helloworld:latest"
       cpu    = 0.25
       memory = "0.5Gi"
+      env {
+        name  = "OTEL_EXPORTER_OTLP_ENDPOINT"
+        value = "http://onlinestore-monitoring:18889"
+      }
     }
     max_replicas = 1
   }
@@ -73,3 +77,77 @@ resource "azurerm_container_app" "website" {
     ]
   }
 }
+
+resource "azurerm_container_app" "monitoring" {
+  name                         = "${var.name}-monitoring"
+  container_app_environment_id = azurerm_container_app_environment.apps.id
+  resource_group_name          = azurerm_resource_group.instance.name
+  revision_mode                = "Single"
+
+  template {
+    container {
+      name   = "aspire-dashboard"
+      image  = "onlinestorecontainerregistry.azurecr.io/dotnet/aspire-dashboard:8.0.0"
+      cpu    = 0.25
+      memory = "0.5Gi"
+      env {
+        name  = "DOTNET_DASHBOARD_UNSECURED_ALLOW_ANONYMOUS"
+        value = "true"
+      }
+    }
+    max_replicas = 1
+  }
+
+  ingress {
+    external_enabled = true
+    transport        = "http"
+    target_port      = 18888
+    traffic_weight {
+      latest_revision = true
+      percentage = 100
+    }
+  }
+
+  registry {
+    server   = "onlinestorecontainerregistry.azurecr.io"
+    username = var.acr_username
+    password_secret_name = "acr-password"
+  }
+
+  secret {
+    name = "acr-password"
+    value = var.acr_password
+  }
+}
+
+# update the container app with extra additionalPortMappings, as this is not supported by the existing TF provider
+resource "azapi_update_resource" "monitoring_portmappings" {
+  type        = "Microsoft.App/containerApps@2023-11-02-preview"
+  resource_id = azurerm_container_app.monitoring.id
+
+  body = jsonencode({
+    properties = {
+      configuration = {
+        secrets = [{
+          name = "acr-password"
+          value = var.acr_password
+        }]
+        ingress = {
+          additionalPortMappings = [{
+            exposedPort = 18889,
+            targetPort = 18889,
+            external = false
+          }]
+        }
+      }
+    }
+  })
+
+  depends_on = [
+    azurerm_container_app.monitoring,
+  ]
+
+  lifecycle {
+    replace_triggered_by = [azurerm_container_app.monitoring]
+  }
+}