# Azure Resources Overview Quick reference of all Azure resources needed for CMDB Insight deployment. ## 📋 Resources Summary | Resource Type | Resource Name | Purpose | SKU/Tier | Estimated Cost | Shared? | |--------------|---------------|---------|----------|----------------|--------| | **Resource Group** | `rg-cmdb-insight-prod` | Container for all resources | - | Free | No | | **Container Registry** | `yourcompanyacr` | Store Docker images (can be shared) | Basic/Standard | €5-20/month | ✅ Yes | | **PostgreSQL Database** | `cmdb-postgres-prod` | Production database | Standard_B1ms | €20-30/month | No | | **Key Vault** | `kv-cmdb-insight-prod` | Store secrets securely | Standard | €1-2/month | No | | **App Service Plan** | `plan-cmdb-insight-prod` | Hosting plan | B1 | €15-25/month | No | | **App Service (Backend)** | `cmdb-backend-prod` | Backend API | - | Included in plan | No | | **App Service (Frontend)** | `cmdb-frontend-prod` | Frontend web app | - | Included in plan | No | | **Application Insights** | `appi-cmdb-insight-prod` | Monitoring & logging | Basic | €0-5/month | No | **Total Estimated Cost: €41-82/month** (depending on ACR tier and usage) **💡 Note**: Container Registry can be **shared across multiple applications**. The repository name (`cmdb-insight`) separates this app from others. If you already have an ACR, reuse it to save costs! --- ## 🔗 Resource Dependencies ``` Resource Group (App-specific) ├── PostgreSQL Database │ └── Stores: Application data ├── Key Vault │ └── Stores: Secrets (JIRA tokens, passwords, etc.) ├── Application Insights │ └── Monitors: Backend & Frontend apps └── App Service Plan ├── Backend App Service │ ├── Pulls from: Shared ACR (cmdb-insight/backend:latest) │ ├── Connects to: PostgreSQL │ ├── Reads from: Key Vault │ └── Sends logs to: Application Insights └── Frontend App Service ├── Pulls from: Shared ACR (cmdb-insight/frontend:latest) └── Connects to: Backend App Service Shared Resources (can be in separate resource group) └── Container Registry (ACR) ← Shared across multiple applications ├── cmdb-insight/ ← This application │ ├── backend:latest │ └── frontend:latest ├── other-app/ ← Other applications │ └── api:latest └── shared-services/ ← Shared images └── nginx:latest ``` --- ## 🌐 Endpoints After deployment, your application will be available at: - **Frontend**: `https://cmdb-frontend-prod.azurewebsites.net` - **Backend API**: `https://cmdb-backend-prod.azurewebsites.net/api` - **Health Check**: `https://cmdb-backend-prod.azurewebsites.net/api/health` If custom domain is configured: - **Frontend**: `https://cmdb.yourcompany.com` - **Backend API**: `https://api.cmdb.yourcompany.com` (or subdomain of your choice) --- ## 🔐 Required Secrets These secrets should be stored in Azure Key Vault: | Secret Name | Description | Example | |-------------|-------------|---------| | `JiraPat` | Jira Personal Access Token (if using PAT auth) | `ATATT3xFfGF0...` | | `SessionSecret` | Session encryption secret | `a1b2c3d4e5f6...` (32+ chars) | | `JiraOAuthClientId` | Jira OAuth Client ID | `OAuthClientId123` | | `JiraOAuthClientSecret` | Jira OAuth Client Secret | `OAuthSecret456` | | `JiraSchemaId` | Jira Assets Schema ID | `schema-123` | | `DatabasePassword` | PostgreSQL admin password | `SecurePassword123!` | --- ## 📊 Resource Sizing Recommendations ### For 20 Users (Current) | Resource | Recommended SKU | Alternative | |----------|----------------|-------------| | App Service Plan | B1 (1 vCore, 1.75GB RAM) | B2 if experiencing slowness | | PostgreSQL | Standard_B1ms (1 vCore, 2GB RAM) | Standard_B2s for growth | | Container Registry | Basic (10GB) | Standard for production | | Key Vault | Standard | Standard (only option) | ### For 50+ Users (Future Growth) | Resource | Recommended SKU | Notes | |----------|----------------|-------| | App Service Plan | B2 or S1 | Better performance | | PostgreSQL | Standard_B2s (2 vCores, 4GB RAM) | More concurrent connections | | Container Registry | Standard (100GB) | More storage, geo-replication | --- ## 🔄 Update/Deployment Flow 1. **Code Changes** → Push to repository 2. **CI/CD Pipeline** → Builds Docker images 3. **Push to ACR** → Images stored in Container Registry 4. **Restart App Services** → Pulls new images from ACR 5. **Application Updates** → New version live ### Manual Deployment ```bash # Restart apps to pull latest images az webapp restart --name cmdb-backend-prod --resource-group rg-cmdb-insight-prod az webapp restart --name cmdb-frontend-prod --resource-group rg-cmdb-insight-prod ``` --- ## 🛡️ Security Configuration ### Network Security - **HTTPS Only**: Enabled on both App Services - **Database Firewall**: Restricted to Azure services (can be further restricted) - **Key Vault Access**: Managed Identity only (no shared keys) ### Authentication - **App Services**: Managed Identity for ACR and Key Vault access - **Database**: Username/password (stored in Key Vault) - **Application**: Jira OAuth 2.0 or Personal Access Token --- ## 📈 Monitoring & Logging ### Application Insights - **Metrics**: Response times, request rates, errors - **Logs**: Application logs, exceptions, traces - **Alerts**: Configured for downtime, errors, performance issues ### Access Logs ```bash # Backend logs az webapp log tail --name cmdb-backend-prod --resource-group rg-cmdb-insight-prod # Frontend logs az webapp log tail --name cmdb-frontend-prod --resource-group rg-cmdb-insight-prod ``` --- ## 🔧 Configuration Files ### Environment Variables (Backend) - `NODE_ENV=production` - `PORT=3001` - `DATABASE_TYPE=postgres` - `DATABASE_URL` (from Key Vault) - `JIRA_HOST=https://jira.zuyderland.nl` - `JIRA_AUTH_METHOD=oauth` - `JIRA_OAUTH_CLIENT_ID` (from Key Vault) - `JIRA_OAUTH_CLIENT_SECRET` (from Key Vault) - `JIRA_OAUTH_CALLBACK_URL` - `JIRA_SCHEMA_ID` (from Key Vault) - `SESSION_SECRET` (from Key Vault) - `FRONTEND_URL` - `APPINSIGHTS_INSTRUMENTATIONKEY` ### Environment Variables (Frontend) - `VITE_API_URL` (points to backend API) --- ## 🗑️ Cleanup (If Needed) To delete all resources: ```bash # Delete entire resource group (deletes all resources) az group delete --name rg-cmdb-insight-prod --yes --no-wait # Or delete individual resources az acr delete --name cmdbinsightacr --resource-group rg-cmdb-insight-prod az postgres flexible-server delete --name cmdb-postgres-prod --resource-group rg-cmdb-insight-prod az keyvault delete --name kv-cmdb-insight-prod --resource-group rg-cmdb-insight-prod az appservice plan delete --name plan-cmdb-insight-prod --resource-group rg-cmdb-insight-prod ``` **⚠️ Warning**: This will permanently delete all resources and data. Make sure you have backups if needed. --- ## 📞 Quick Commands Reference ```bash # Set variables RESOURCE_GROUP="rg-cmdb-insight-prod" BACKEND_APP="cmdb-backend-prod" FRONTEND_APP="cmdb-frontend-prod" # Check app status az webapp show --name $BACKEND_APP --resource-group $RESOURCE_GROUP --query state # View logs az webapp log tail --name $BACKEND_APP --resource-group $RESOURCE_GROUP # Restart apps az webapp restart --name $BACKEND_APP --resource-group $RESOURCE_GROUP az webapp restart --name $FRONTEND_APP --resource-group $RESOURCE_GROUP # List all resources az resource list --resource-group $RESOURCE_GROUP --output table # Get app URLs echo "Frontend: https://${FRONTEND_APP}.azurewebsites.net" echo "Backend: https://${BACKEND_APP}.azurewebsites.net/api" ``` --- ## 📚 Related Documentation - **`AZURE-NEW-SUBSCRIPTION-SETUP.md`** - Complete step-by-step setup guide - **`AZURE-APP-SERVICE-DEPLOYMENT.md`** - Detailed App Service deployment - **`AZURE-ACR-SETUP.md`** - ACR setup and usage - **`AZURE-QUICK-REFERENCE.md`** - Quick reference guide - **`PRODUCTION-DEPLOYMENT.md`** - General production deployment --- **Last Updated**: 2025-01-21