将 Consul 与 Azure 应用服务结合使用
Using Consul with Azure App Services
我希望将所有 Azure Web 应用程序服务以及 Azure 外部资源的所有配置设置集中在一个位置。 Consul 的键值存储似乎很合适(如果有其他更合适的东西,我很高兴听到其他建议)。从我对 Consul 的有限理解来看,每个节点都需要一个代理 运行 才能访问键值存储。
这是正确的吗?如果是这样,我该怎么做,是通过 Azure 中的连续网络作业吗?如果没有,如何在没有代理的情况下访问 KV 存储?
看来我们根本无法将 consul 与 Azure 应用服务(也称为 Web 应用)一起使用。
这是我试过的方法。
1.天真的方法 - 作为 WebJob
的领事
由于网络限制,尝试连接到任何本地主机端口时,如果不是使用属于应用服务(Web 应用程序)本身的进程生成的,最终将出现以下异常。
An attempt was made to access a socket in a way forbidden by its
access permissions 127.0.0.1:8500.
参考文献:
https://github.com/projectkudu/kudu/wiki/Azure-Web-App-sandbox#networking-restrictionsconsiderations
The only way an application can be accessed via the internet is
through the already-exposed HTTP (80) and HTTPS (443) TCP ports;
applications may not listen on other ports for packets arriving from
the internet. However, applications may create a socket which can
listen for connections from within the sandbox. For example, two
processes within the same app may communicate with one another via TCP
sockets; connection attempts incoming from outside the sandbox, albeit
they be on the same machine, will fail. See the next topic for
additional detail.
这是一篇有趣的文章:
Connection attempts to local addresses (e.g. localhost, 127.0.0.1) and
the machine's own IP will fail, except if another process in the same
sandbox has created a listening socket on the destination port.
2。领事从应用服务本身产生
我已将 consul 复制到 Web 应用程序(作为构建输出)并将以下行添加到应用程序启动代码中:
var consul = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "bin/consul/consul.exe");
Process.Start(consul, "agent --data-dir=../../data");
Process.Start(consul, "join my-cluster-dns.name");
...它加入了集群和我什至能够通过127.0.0.1:8500从应用服务(Web App)本身连接到consul。
但是,它仍然是无用的设置,因为 Consul 代理必须可以从服务器访问,所以从集群的角度来看,我只能看到一个失效节点 "serf" health-check。同样,根据文档,没有解决此问题的方法:"The only way an application can be accessed via the internet is through the already-exposed HTTP (80) and HTTPS (443) TCP ports".
https://www.consul.io/docs/agent/basics.html
Not all Consul agents in a cluster have to use the same port, but this address MUST
be reachable by all other nodes.
总结
All-in-all,可能没有办法正确地 host/use Consul with Azure App Services。
您不需要 Consul Agent 来检索您的应用程序的配置。
您可以使用可以集成到您的应用程序中的库 Winton.Extensions.Configuration.Consul. It introduces Configuration Provider (docs)。
此处示例配置(完整示例项目可用 here)
internal sealed class Program
{
public static IHostBuilder CreateHostBuilder(string[] args)
{
return Host
.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(builder => builder.UseStartup<Startup>())
.ConfigureAppConfiguration(
builder =>
{
builder
.AddConsul(
"appsettings.json",
options =>
{
options.ConsulConfigurationOptions =
cco => { cco.Address = new Uri("http://consul:8500"); };
options.Optional = true;
options.PollWaitTime = TimeSpan.FromSeconds(5);
options.ReloadOnChange = true;
})
.AddEnvironmentVariables();
});
}
public static void Main(string[] args)
{
CreateHostBuilder(args).Build().Run();
}
}
您的应用配置会定期更新。
我希望将所有 Azure Web 应用程序服务以及 Azure 外部资源的所有配置设置集中在一个位置。 Consul 的键值存储似乎很合适(如果有其他更合适的东西,我很高兴听到其他建议)。从我对 Consul 的有限理解来看,每个节点都需要一个代理 运行 才能访问键值存储。
这是正确的吗?如果是这样,我该怎么做,是通过 Azure 中的连续网络作业吗?如果没有,如何在没有代理的情况下访问 KV 存储?
看来我们根本无法将 consul 与 Azure 应用服务(也称为 Web 应用)一起使用。
这是我试过的方法。
1.天真的方法 - 作为 WebJob
的领事由于网络限制,尝试连接到任何本地主机端口时,如果不是使用属于应用服务(Web 应用程序)本身的进程生成的,最终将出现以下异常。
An attempt was made to access a socket in a way forbidden by its access permissions 127.0.0.1:8500.
参考文献:
https://github.com/projectkudu/kudu/wiki/Azure-Web-App-sandbox#networking-restrictionsconsiderations
The only way an application can be accessed via the internet is through the already-exposed HTTP (80) and HTTPS (443) TCP ports; applications may not listen on other ports for packets arriving from the internet. However, applications may create a socket which can listen for connections from within the sandbox. For example, two processes within the same app may communicate with one another via TCP sockets; connection attempts incoming from outside the sandbox, albeit they be on the same machine, will fail. See the next topic for additional detail.
这是一篇有趣的文章:
Connection attempts to local addresses (e.g. localhost, 127.0.0.1) and the machine's own IP will fail, except if another process in the same sandbox has created a listening socket on the destination port.
2。领事从应用服务本身产生
我已将 consul 复制到 Web 应用程序(作为构建输出)并将以下行添加到应用程序启动代码中:
var consul = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "bin/consul/consul.exe");
Process.Start(consul, "agent --data-dir=../../data");
Process.Start(consul, "join my-cluster-dns.name");
...它加入了集群和我什至能够通过127.0.0.1:8500从应用服务(Web App)本身连接到consul。
但是,它仍然是无用的设置,因为 Consul 代理必须可以从服务器访问,所以从集群的角度来看,我只能看到一个失效节点 "serf" health-check。同样,根据文档,没有解决此问题的方法:"The only way an application can be accessed via the internet is through the already-exposed HTTP (80) and HTTPS (443) TCP ports".
https://www.consul.io/docs/agent/basics.html
Not all Consul agents in a cluster have to use the same port, but this address MUST be reachable by all other nodes.
总结
All-in-all,可能没有办法正确地 host/use Consul with Azure App Services。
您不需要 Consul Agent 来检索您的应用程序的配置。
您可以使用可以集成到您的应用程序中的库 Winton.Extensions.Configuration.Consul. It introduces Configuration Provider (docs)。
此处示例配置(完整示例项目可用 here)
internal sealed class Program
{
public static IHostBuilder CreateHostBuilder(string[] args)
{
return Host
.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(builder => builder.UseStartup<Startup>())
.ConfigureAppConfiguration(
builder =>
{
builder
.AddConsul(
"appsettings.json",
options =>
{
options.ConsulConfigurationOptions =
cco => { cco.Address = new Uri("http://consul:8500"); };
options.Optional = true;
options.PollWaitTime = TimeSpan.FromSeconds(5);
options.ReloadOnChange = true;
})
.AddEnvironmentVariables();
});
}
public static void Main(string[] args)
{
CreateHostBuilder(args).Build().Run();
}
}
您的应用配置会定期更新。