NGSA App is intended for platform testing and monitoring in one or many Kubernetes clusters and/or cloud deployments.
- Bash shell (tested on Visual Studio Codespaces, Mac, Ubuntu, Windows with WSL2)
- Will not work with WSL1 or Cloud Shell
- Azure CLI (download)
- Docker CLI (download)
- .NET 5.0 (download)
- Visual Studio Code (optional) (download)
- Visual Studio 2022 (optional) - Must export the AZURE_TENANT_ID value to an environment variable.
Usage:
Ngsa.Application [options]
Options:
-a, --app-type <App|WebAPI> Application Type [default: App]
-p, --prometheus Send metrics to Prometheus [default: False]
-m, --in-memory Use in-memory database [default: False]
-n, --no-cache Don't cache results [default: False]
--url-prefix <url-prefix> URL prefix for ingress mapping [default: ]
--port <port> Listen Port [default: 8080]
-d, --cache-duration <cache-duration> Cache for duration (seconds) [default: 300]
--retries <retries> Cosmos 429 retries [default: 10]
--timeout <timeout> Request timeout [default: 10]
-s, --data-service <data-service> Data Service URL [default: ]
-v, --secrets-volume <secrets-volume> Secrets Volume Path [default: secrets]
-z, --zone <zone> Zone for log [default: dev]
-r, --region <region> Region for log [default: dev]
-l, --log-level <Critical|Debug|Error|Information|None|Trace|Warning> Log Level [default: Error]
-q, --request-log-level <Critical|Debug|Error|Information|None|Trace|Warning> Request Log Level [default: Information]
-c, --cosmos-auth-type <ManagedIdentity|SecretKey> CosmosDB Authentication type [default: SecretKey]
--dry-run Validates configuration
--version Show version information
-?, -h, --help Show help and usage information
Visual Studio Codespaces is the easiest way to evaluate ngsa.
To open with codespaces:
- Click the
Code
button on this repo - Click the
Codespaces
tab - Click
New Codespace
- Choose the
4 core
option
Prior to running the application in Visual Studio Codespaces, use the command below to authenticate:
# These two values can be obtained from the Azure Portal
local tenantId=''
local subscriptionId=''
az login --tenant $tenantId
az account set --subscription $subscriptionId
The code above is uses to establish Azure credentials, and specify which tenant and subscription should be utilized for the execution.
For ease of debugging, a launch.json file can be created in the .vscode directory, if there is one already created it can be modified with the following value:
"args": ["--cosmos-auth-type=ManagedIdentity"],
--cosmos-auth-type
has two potential values; ManagedIdentity
and Secret
. If set to Secret
, a secret key must be provided in the secrets directory.
If a user is testing locally there is not the option to use ManagedIdentity
. To move past this the following commands can be used to add the user in question to the correct Cosmos groups
In bash add your own AAD user to CosmosDB:
# Get your own Principal ID (replace the email with yours)
export PRINCIPAL=$(az ad signed-in-user show --query 'id' -o tsv)
export COSMOS_RG=<Your-COSMOSDB-Resource-Group>
export COSMOS_NAME=<Your-COSMOSDB-Name>
export COSMOS_SCOPE=$(az cosmosdb show -g $COSMOS_RG -n $COSMOS_NAME --query id -o tsv)
# Add yourself to CosmosDB SQL Access
az cosmosdb sql role assignment create -g $COSMOS_RG --account-name $COSMOS_NAME --role-definition-id 00000000-0000-0000-0000-000000000002 --principal-id $PRINCIPAL --scope $COSMOS_SCOPE
This will work from a terminal in Visual Studio Codespaces as well
- Clone the repo
- Change to the app root directory
cd ngsa-app
- Run the application in memory mode
Running the application in memory mode allows us to run the application without setting up the rest of the supporting infrastructure.
# run the application
dotnet run -- -m
You should see the following response:
Hosting environment: Production Content root path: /mnt/c/Users/t-anbassey/Source/ngsa-app Now listening on: http://[::]:8080 Application started. Press Ctrl+C to shut down.
Open a new bash shell
Visual Studio Codespaces allows you to open multiple shells by clicking on the
Split Terminal
icon
# test the application
# test using http ie (installed automatically in Codespaces)
http localhost:8080/version
# test using curl
curl localhost:8080/version
Stop ngsa by typing Ctrl-C or the stop button if run via F5
The Ngsa application when running as --in-memory
mode, utilizes its built-in data storage, so having more than one replica deployed into a cluster will cause each pod
to have its own local data storage. As a result, requests made to ngsa app endpoints will be managed by the default load balancer
and can end up at a different pod
each time where data requested may or may not exist returning unexpected error codes.
🛑 According to the above explanation, there is a restriction for Ngsa-memory template, the deployment should only have 1
replica.
# delete cluster if exists, create cluster, and build/deploy application
# makes ngsa-memory, to make ngsa-cosmos, run: make create deploy-ngsa-cosmos
make all
# deploy latest changes locally if cluster already exists
make deploy-ngsa-memory
# check if cluster and application is deployed
make check
- Navigate to
Codespaces main menu
(top left icon with three horizontal lines) - Click on
Terminal
menu item, thenRun Task
- From tasks menu locate
Run Checkov Scan
and click on it - Task terminal will show up executing substasks and indicating when scan completed
- Scan results file
checkov_scan_results
will be created at root level, and automatically will get open by VSCode - Review the file and evaluate failed checks. For instance:
kubernetes scan results:
Passed checks: 860, Failed checks: 146, Skipped checks: 0
...
...
dockerfile scan results:
Passed checks: 22, Failed checks: 4, Skipped checks: 0
...
...
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit Microsoft Contributor License Agreement.
When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.