Skip to main content Link Menu Expand (external link) Document Search Copy Copied
Java Dapr-AKS-ACA Workshop

Reference a secret in Dapr components

Table of contents

Previously, you have use a secret in FineCollectionService code using the secretstore component (i.e. Azure Key Vault). Now you will use a secret from a secret store in another Dapr component. This third part of the assignment is about using Azure Key Vault as a secret store to store the connection string of the Azure Service Bus and use it in the pubsub component.

Step 1: Create a secret in the Azure Key Vault for the connetion string

Azure Service Bus’ connection string will be store as a string/literal secret:

  1. Open a terminal window.

  2. Create a secret in the Azure Key Vault for Azure Service Bus’ connection string:

     az keyvault secret set --vault-name $KEY_VAULT --name azSericeBusconnectionString --value "<connection-string>"

    Replace <connection-string> with the connection string of the Azure Service Bus created in assignement 3.

Step 2: Use a secret in pubsub component

  1. Open the file dapr/components/aca-azure-servicebus-pubsub.yaml (created in assignment 3) in your code editor, and inspect it.

  2. Add the following line afterversion: v1:

     secretStoreComponent: "secretstore"

    This tells Dapr to use the secret store component secretstore to retrieve the secret.

  3. Replace value:

     value: "Endpoint=sb://{ServiceBusNamespace}.servicebus.windows.net/;SharedAccessKeyName={PolicyName};SharedAccessKey={Key};EntityPath={ServiceBus}"

    with:

     secretRef: azSericeBusconnectionString

    This tells Dapr to use the secret azSericeBusconnectionString from the secret store.

    It should look like:

     componentType: pubsub.azure.servicebus
 version: v1
 secretStoreComponent: "secretstore"
 metadata:
   - name: connectionString
     secretRef: azSericeBusconnectionString
 scopes:
   - traffic-control-service
   - fine-collection-service

  4. Update Darp component using the following command in the root of the project:

     az containerapp env dapr-component set \
   --name cae-dapr-workshop-java \
   --resource-group rg-dapr-workshop-java \
   --dapr-component-name pubsub \
   --yaml ./dapr/components/aca-azure-servicebus-pubsub.yaml

To know more about how to use a secret in a Dapr component with Azure Container Apps, please refer to this documentation.

Step 3: Restart FineCollectionService and TrafficControlService

  1. Run the following command to identify the running revision of fine collection service container apps:

    • Linux/Unix shell:

      FINE_COLLECTION_SERVICE_REVISION=$(az containerapp revision list -n ca-fine-collection-service -g rg-dapr-workshop-java --query "[0].name" -o tsv)
echo $FINE_COLLECTION_SERVICE_REVISION

    • Powershell:

      $FINE_COLLECTION_SERVICE_REVISION = az containerapp revision list -n ca-fine-collection-service -g rg-dapr-workshop-java --query "[0].name" -o tsv
$FINE_COLLECTION_SERVICE_REVISION

  2. Restart fine collection service revision:

     az containerapp revision restart \
   --name ca-fine-collection-service \
   --resource-group rg-dapr-workshop-java \
   --revision $FINE_COLLECTION_SERVICE_REVISION

  3. Run the following command to identify the running revision of traffic control service container apps:

    • Linux/Unix shell:

      TRAFFIC_CONTROL_SERVICE_REVISION=$(az containerapp revision list -n ca-traffic-control-service -g rg-dapr-workshop-java --query "[0].name" -o tsv)
echo $TRAFFIC_CONTROL_SERVICE_REVISION

    • Powershell:

      $TRAFFIC_CONTROL_SERVICE_REVISION = az containerapp revision list -n ca-traffic-control-service -g rg-dapr-workshop-java --query "[0].name" -o tsv
$TRAFFIC_CONTROL_SERVICE_REVISION

  4. Restart traffic control service revision:

     az containerapp revision restart \
   --name ca-traffic-control-service \
   --resource-group rg-dapr-workshop-java \
   --revision $TRAFFIC_CONTROL_SERVICE_REVISION

Step 4 - Run the simulation

  1. Set the following environment variable:

    • Linux/Unix shell:

      export TRAFFIC_CONTROL_SERVICE_BASE_URL=https://$TRAFFIC_CONTROL_SERVICE_FQDN

    • Powershell:

      $env:TRAFFIC_CONTROL_SERVICE_BASE_URL = "https://$TRAFFIC_CONTROL_SERVICE_FQDN"

  2. In the root folder of the simulation (Simulation), start the simulation:

     mvn spring-boot:run

Step 5 - Test the microservices running in ACA

You can access the log of the container apps from the Azure Portal or directly in a terminal window. To access the logs in the portal, you need to go to your resource group rg-dapr-workshop-java and select the container app for which you need the log. Then select Log stream in Monitoring section.

To access the logs from the terminal, follow the instructions below for each microservice.

The logs can take a few minutes to appear in the Log Analytics Workspace. If the logs are not updated, open the log stream in the Azure Portal.

Traffic Control Service

  1. Run the following command to identify the running revision of traffic control service container apps:

    • Linux/Unix shell:

      TRAFFIC_CONTROL_SERVICE_REVISION=$(az containerapp revision list -n ca-traffic-control-service -g rg-dapr-workshop-java --query "[0].name" -o tsv)
echo $TRAFFIC_CONTROL_SERVICE_REVISION

    • Powershell:

      $TRAFFIC_CONTROL_SERVICE_REVISION = az containerapp revision list -n ca-traffic-control-service -g rg-dapr-workshop-java --query "[0].name" -o tsv
$TRAFFIC_CONTROL_SERVICE_REVISION

  2. Run the following command to get the last 10 lines of traffic control service logs from Log Analytics Workspace:

     az monitor log-analytics query \
   --workspace $LOG_ANALYTICS_WORKSPACE_CUSTOMER_ID \
   --analytics-query "ContainerAppConsoleLogs_CL | where RevisionName_s == '$TRAFFIC_CONTROL_SERVICE_REVISION' | project TimeGenerated, Log_s | sort by TimeGenerated desc | take 10" \
   --out table

Fine Collection Service

  1. Run the following command to identify the running revision of fine collection service container apps:

    • Linux/Unix shell:

      FINE_COLLECTION_SERVICE_REVISION=$(az containerapp revision list -n ca-fine-collection-service -g rg-dapr-workshop-java --query "[0].name" -o tsv)
echo $FINE_COLLECTION_SERVICE_REVISION

    • Powershell:

      $FINE_COLLECTION_SERVICE_REVISION = az containerapp revision list -n ca-fine-collection-service -g rg-dapr-workshop-java --query "[0].name" -o tsv
$FINE_COLLECTION_SERVICE_REVISION

  2. Run the following command to get the last 10 lines of fine collection service logs from Log Analytics Workspace:

     az monitor log-analytics query \
   --workspace $LOG_ANALYTICS_WORKSPACE_CUSTOMER_ID \
   --analytics-query "ContainerAppConsoleLogs_CL | where RevisionName_s == '$FINE_COLLECTION_SERVICE_REVISION' | project TimeGenerated, Log_s | sort by TimeGenerated desc | take 10" \
   --out table

Vehicle Registration Service

  1. Run the following command to identify the running revision of vehicle registration service container apps:

    • Linux/Unix shell:

      VEHICLE_REGISTRATION_SERVICE_REVISION=$(az containerapp revision list -n ca-vehicle-registration-service -g rg-dapr-workshop-java --query "[0].name" -o tsv)
echo $VEHICLE_REGISTRATION_SERVICE_REVISION

    • Powershell:

      $VEHICLE_REGISTRATION_SERVICE_REVISION = az containerapp revision list -n ca-vehicle-registration-service -g rg-dapr-workshop-java --query "[0].name" -o tsv
$VEHICLE_REGISTRATION_SERVICE_REVISION

  2. Run the following command to get the last 10 lines of vehicle registration service logs from Log Analytics Workspace:

     az monitor log-analytics query \
   --workspace $LOG_ANALYTICS_WORKSPACE_CUSTOMER_ID \
   --analytics-query "ContainerAppConsoleLogs_CL | where RevisionName_s == '$VEHICLE_REGISTRATION_SERVICE_REVISION' | project TimeGenerated, Log_s | sort by TimeGenerated desc | take 10" \
   --out table

Challenge

You can use the secret store to store Cosmos DB master key as well. Try it out! More information on Cosmos DB as a state store can be found in Bonus Assignment: State Store.

< Retreive a secret in the application Assignment 8 - Managed Identities >