docs: Update AZURE_SETUP.md with final ACR configuration
Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
ValueOn AG
parent
59544cd3b2
commit
363c9df08e
1 changed files with 57 additions and 97 deletions
154
AZURE_SETUP.md
154
AZURE_SETUP.md
|
|
@ -19,13 +19,44 @@ sich immer zur richtigen Gateway-Instanz zurückverbindet.
|
|||
└─────────────────┘ └──────────────────────────┘
|
||||
```
|
||||
|
||||
## Aktuelle Konfiguration
|
||||
|
||||
| Ressource | Wert |
|
||||
|-----------|------|
|
||||
| Container App URL | `https://cae-poweron-shared.redwater-53d21339.switzerlandnorth.azurecontainerapps.io` |
|
||||
| Azure Container Registry | `acrpoweron.azurecr.io` |
|
||||
| Image | `acrpoweron.azurecr.io/teams-browser-bot:latest` |
|
||||
| Health Check | `/health` |
|
||||
|
||||
---
|
||||
|
||||
## 1. Container App erstellen (Azure Portal)
|
||||
## 1. Voraussetzungen
|
||||
|
||||
1. **Azure Portal öffnen**: https://portal.azure.com
|
||||
2. **Suche**: "Container Apps" in der Suchleiste
|
||||
3. **+ Create** klicken
|
||||
### 1.1 Azure Container Registry (ACR)
|
||||
|
||||
Eine ACR muss existieren. Falls nicht:
|
||||
|
||||
1. Azure Portal → Suche "Container registries" → **+ Create**
|
||||
2. Name: `acrpoweron`, SKU: Basic, Location: Switzerland North
|
||||
3. Nach Erstellung: **Access keys** → **Admin user** aktivieren
|
||||
|
||||
### 1.2 GitHub Secrets für CI/CD
|
||||
|
||||
Im GitHub Repo `valueonag/service-teams-browser-bot`:
|
||||
|
||||
**Settings** → **Secrets and variables** → **Actions**:
|
||||
|
||||
| Secret Name | Wert |
|
||||
|-------------|------|
|
||||
| `ACR_LOGIN_SERVER` | `acrpoweron.azurecr.io` |
|
||||
| `ACR_USERNAME` | `acrpoweron` |
|
||||
| `ACR_PASSWORD` | Password aus ACR Access keys |
|
||||
|
||||
---
|
||||
|
||||
## 2. Container App erstellen (Azure Portal)
|
||||
|
||||
1. **Azure Portal** → Suche "Container Apps" → **+ Create**
|
||||
|
||||
### Basics Tab
|
||||
| Feld | Wert |
|
||||
|
|
@ -34,34 +65,17 @@ sich immer zur richtigen Gateway-Instanz zurückverbindet.
|
|||
| Resource group | resource-core |
|
||||
| Container app name | `teams-browser-bot` |
|
||||
| Region | Switzerland North |
|
||||
| Container Apps Environment | **Create new** → Name: `cae-poweron-shared`, Zone redundancy: Disabled → **Create** |
|
||||
| Container Apps Environment | **Create new** → Name: `cae-poweron-shared` |
|
||||
|
||||
### Container Tab
|
||||
|
||||
**Zuerst GitHub PAT erstellen** (brauchst du gleich):
|
||||
1. https://github.com/settings/tokens/new
|
||||
2. Note: "Azure Container App - teams-browser-bot"
|
||||
3. Expiration: 90 days (oder länger)
|
||||
4. Scope: ✅ `read:packages`
|
||||
5. **Generate token** → Kopieren und sicher aufbewahren
|
||||
|
||||
**Dann im Azure Portal:**
|
||||
|
||||
| Feld | Wert |
|
||||
|------|------|
|
||||
| Registry | Other registry |
|
||||
| Authentication type | Basic |
|
||||
| Registry login server | `ghcr.io` |
|
||||
| Username | `valueonag` |
|
||||
| Password | Dein GitHub PAT von oben |
|
||||
| Image | `valueonag/service-teams-browser-bot` |
|
||||
| Use quickstart image | ❌ Deaktivieren |
|
||||
| Registry | `acrpoweron` (Azure Container Registry) |
|
||||
| Image | `teams-browser-bot` |
|
||||
| Image tag | `latest` |
|
||||
|
||||
### Container Resources (weiter unten)
|
||||
| Feld | Wert |
|
||||
|------|------|
|
||||
| CPU cores | 2 |
|
||||
| Memory (Gi) | 4 |
|
||||
| Authentication type | Managed identity |
|
||||
| CPU and memory | 2 CPU cores, 4 Gi memory |
|
||||
|
||||
### Environment Variables
|
||||
| Name | Value |
|
||||
|
|
@ -71,7 +85,6 @@ sich immer zur richtigen Gateway-Instanz zurückverbindet.
|
|||
| BOT_NAME | PowerOn AI |
|
||||
| BOT_HEADLESS | true |
|
||||
| LOG_LEVEL | info |
|
||||
| SCREENSHOT_ON_ERROR | true |
|
||||
|
||||
> ⚠️ **Wichtig:** KEINE `GATEWAY_WS_URL` Variable setzen! Die URL kommt dynamisch vom Gateway.
|
||||
|
||||
|
|
@ -80,82 +93,19 @@ sich immer zur richtigen Gateway-Instanz zurückverbindet.
|
|||
|------|------|
|
||||
| Ingress | ✅ Enabled |
|
||||
| Ingress traffic | Accepting traffic from anywhere |
|
||||
| Ingress type | HTTP |
|
||||
| Target port | 4100 |
|
||||
|
||||
### Scale Tab
|
||||
| Feld | Wert |
|
||||
|------|------|
|
||||
| Min replicas | 0 |
|
||||
| Max replicas | 3 |
|
||||
|
||||
4. **Review + create** → **Create**
|
||||
2. **Review + create** → **Create**
|
||||
|
||||
---
|
||||
|
||||
## 2. Container App URL kopieren
|
||||
## 3. Gateway Konfiguration
|
||||
|
||||
Nach dem Deployment:
|
||||
Die Gateway env-Files sind bereits konfiguriert:
|
||||
|
||||
1. Gehe zu **Container Apps** → `teams-browser-bot`
|
||||
2. Im **Overview** Tab findest du die **Application Url**
|
||||
3. Kopiere die URL, z.B.: `https://teams-browser-bot.niceocean-12345678.switzerlandnorth.azurecontainerapps.io`
|
||||
|
||||
---
|
||||
|
||||
## 3. GitHub Actions für Auto-Deployment (Optional)
|
||||
|
||||
### 3.1 Service Principal erstellen (Azure Portal)
|
||||
|
||||
1. **Azure Portal** → **Microsoft Entra ID** (früher Azure AD)
|
||||
2. **App registrations** → **+ New registration**
|
||||
- Name: `github-teams-browser-bot`
|
||||
- Supported account types: Single tenant
|
||||
- **Register**
|
||||
3. Notiere die **Application (client) ID** und **Directory (tenant) ID**
|
||||
4. **Certificates & secrets** → **+ New client secret**
|
||||
- Description: "GitHub Actions"
|
||||
- Expires: 24 months
|
||||
- **Add** → Kopiere den **Value** (nur jetzt sichtbar!)
|
||||
|
||||
### 3.2 Service Principal Berechtigung geben
|
||||
|
||||
1. Gehe zu **Resource groups** → `resource-core`
|
||||
2. **Access control (IAM)** → **+ Add** → **Add role assignment**
|
||||
3. Role: **Contributor**
|
||||
4. Members: Select members → Suche `github-teams-browser-bot` → **Select**
|
||||
5. **Review + assign**
|
||||
|
||||
### 3.3 GitHub Secrets konfigurieren
|
||||
|
||||
1. GitHub Repo → **Settings** → **Secrets and variables** → **Actions**
|
||||
2. **New repository secret** für jedes:
|
||||
|
||||
| Secret Name | Wert |
|
||||
|-------------|------|
|
||||
| AZURE_CLIENT_ID | Application (client) ID |
|
||||
| AZURE_TENANT_ID | Directory (tenant) ID |
|
||||
| AZURE_CLIENT_SECRET | Client secret value |
|
||||
| AZURE_SUBSCRIPTION_ID | Subscription ID* |
|
||||
| AZURE_RESOURCE_GROUP | resource-core |
|
||||
| AZURE_CONTAINER_APP_NAME | teams-browser-bot |
|
||||
|
||||
*Subscription ID findest du unter: Subscriptions → Subscription Product → Subscription ID
|
||||
|
||||
---
|
||||
|
||||
## 4. Gateway Konfiguration
|
||||
|
||||
In **jeder** Gateway-Instanz die **gleiche** Bot URL konfigurieren:
|
||||
|
||||
**env_prod.env:**
|
||||
**env_prod.env & env_int.env:**
|
||||
```
|
||||
TEAMSBOT_BROWSER_BOT_URL=https://teams-browser-bot.<xyz>.switzerlandnorth.azurecontainerapps.io
|
||||
```
|
||||
|
||||
**env_int.env:**
|
||||
```
|
||||
TEAMSBOT_BROWSER_BOT_URL=https://teams-browser-bot.<xyz>.switzerlandnorth.azurecontainerapps.io
|
||||
TEAMSBOT_BROWSER_BOT_URL=https://cae-poweron-shared.redwater-53d21339.switzerlandnorth.azurecontainerapps.io
|
||||
```
|
||||
|
||||
**env_dev.env (lokal):**
|
||||
|
|
@ -163,7 +113,17 @@ TEAMSBOT_BROWSER_BOT_URL=https://teams-browser-bot.<xyz>.switzerlandnorth.azurec
|
|||
TEAMSBOT_BROWSER_BOT_URL=http://localhost:4100
|
||||
```
|
||||
|
||||
Ersetze `<xyz>` mit dem tatsächlichen Wert aus Schritt 3.
|
||||
---
|
||||
|
||||
## 4. CI/CD Pipeline
|
||||
|
||||
Der GitHub Actions Workflow (`build-deploy.yml`) pusht automatisch zu ACR bei jedem Push auf `main`.
|
||||
|
||||
**Manuelles Update der Container App:**
|
||||
|
||||
1. Azure Portal → Container Apps → `teams-browser-bot`
|
||||
2. **Revisions and replicas** → **Create new revision**
|
||||
3. Das neue Image wird automatisch gepullt
|
||||
|
||||
---
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue