简体繁体 English

Azure ADO 发布管道中的 App Service Deployment Slot 和 Key Vault 映射

[英]Azure App Service Deployment Slot and Key Vault mapping in ADO Release pipelines

原文 2023-01-22 06:05:57 0 1 azure-devops/ azure-web-app-service/ azure-pipelines

I have an Azure App Service where I want to have a Deployment Slot for doing zero-downtime deployments.我有一个 Azure 应用服务，我想在其中有一个部署槽来进行零停机部署。 The problem I am facing is, how to apply 2 different appsetting values for the "staging" deployment slot and production slot, for example if I want to point to 2 different DB connection strings.我面临的问题是，如何为“暂存”部署槽和生产槽应用 2 个不同的 appsetting 值，例如，如果我想指向 2 个不同的数据库连接字符串。

I cannot/do not want to do this directly via Azure Portal, but via ADO's Release Pipelines (Classic).我不能/不想直接通过 Azure 门户执行此操作，而是通过 ADO 的发布管道（经典）执行此操作。
My current Release Pipeline stages look like this:我当前的发布管道阶段如下所示：

a.一种。 Stage 1 is to deploy new code to Staging Slot b.阶段 1 是将新代码部署到 Staging Slot b。 Stage 2 is to do a slot swap c. Stage 3 is optional for rollbacks (swap slot again)第 2 阶段是进行插槽交换 c。第 3 阶段对于回滚是可选的（再次交换插槽）

Within Stage-1 following is how things are setup: Stage-1:在 Stage-1 中，以下是设置方式： Stage-1：

a.一种。 So I refer to a KeyVault (which contains production DB connection string for example) b.所以我指的是 KeyVault（例如包含生产数据库连接字符串）b。 Stop the staging slot, deploy new code and start the slot up.停止暂存槽，部署新代码并启动槽。

Stage-2 is setup this way: Stage-2 是这样设置的：

a.一种。 Here I do a slot swap between staging and production slots在这里，我在暂存槽和生产槽之间进行槽交换

Now my end goal is to basically have ConnectionStringA in the staging slot and ConnectionStringB in the production slot for DB appsettings which come from the KeyVault.What is the best way to accomplish this?现在我的最终目标基本上是在临时插槽中使用 ConnectionStringA，在来自 KeyVault 的数据库应用程序设置的生产插槽中使用 ConnectionStringB。完成此操作的最佳方法是什么？

Possible solutions?可能的解决方案？

One possible solution is to have 2 separate KeyVaults for Staging and Production slots.一种可能的解决方案是为暂存和生产槽设置 2 个单独的 KeyVault。 But I do not know how to use a different KeyVault in Stage-2, or if even that is possible to replace the key vault with another one before slot-swap.但我不知道如何在第 2 阶段使用不同的 KeyVault，或者是否有可能在槽交换之前用另一个密钥库替换密钥库。
Another solution is to mark the DB connection string as "deployment slot setting", and maintain only the StagingDB connection string in KeyVault, that way the staging slot will use the staging DB string after deployment, but after a slot-swap, it will use the production setting.另一种解决方案是将数据库连接字符串标记为“部署插槽设置”，并在 KeyVault 中仅维护 StagingDB 连接字符串，这样临时插槽将在部署后使用临时数据库字符串，但在插槽交换后，它将使用生产环境。 But this would mean, I need to maintain the Prod DB connection string in the Azure Portal itself on the production slot, without it coming from the KeyVault.但这意味着，我需要在生产插槽上的 Azure 门户本身中维护 Prod DB 连接字符串，而不是来自 KeyVault。

Let me know if there is a recommendation for the final goal of having 2 different appsettings on the staging slot and prod slot.让我知道是否有关于在暂存槽和生产槽上有 2 个不同应用程序设置的最终目标的建议。

1 个解决方案

First, you don't need to stop your App Service to deploy in a deployment slot, I think you can skip that step.首先，您无需停止应用服务即可在部署槽中进行部署，我认为您可以跳过该步骤。

Then, to have multiple connectiong strings, you can use Feature Flags, this let you enable some functionality based on some condition (the conditions are not required for the use of Feature Flags, but in your case it is).然后，要有多个 connectiong 字符串，您可以使用功能标志，这使您可以根据某些条件启用某些功能（使用功能标志不需要条件，但在您的情况下是这样）。

Check the "How to filter feature flags" point.检查“如何过滤功能标志”点。 You can have multiple feature flags and set a label on each one.您可以拥有多个功能标志，并在每个功能标志上设置一个 label。 In your project, you can use this flags to filter your connectionString depending if it is production or no.在您的项目中，您可以使用此标志来过滤您的 connectionString，具体取决于它是生产还是否。 You can store those connection into Azure Key Vault and pick the one you need based on that Feature Flag您可以将这些连接存储到 Azure Key Vault 中，并根据该功能标志选择您需要的连接

Feature Flags configuration 功能标志配置

Feature Flags management is located in the Azure portal, so with a few clicks you can modify the behavior of your application without redeploying it. Feature Flags 管理位于 Azure 门户中，因此只需单击几下，您就可以修改应用程序的行为，而无需重新部署它。