03 - Configuration, Secrets, and Dapr¶
This step configures runtime settings in Azure Container Apps for your .NET application, including environment variables, secrets, KEDA scaling rules, and Dapr sidecar options.
Infrastructure Context
Service: Container Apps (Consumption) | Network: VNet integrated | VNet: ✅
This tutorial assumes a production-ready Container Apps deployment with a custom VNet, ACR with managed identity pull, and private endpoints for backend services.
flowchart TD
INET[Internet] -->|HTTPS| CA["Container App\nConsumption\nLinux .NET 8"]
subgraph VNET["VNet 10.0.0.0/16"]
subgraph ENV_SUB["Environment Subnet 10.0.0.0/23\nDelegation: Microsoft.App/environments"]
CAE[Container Apps Environment]
CA
end
subgraph PE_SUB["Private Endpoint Subnet 10.0.2.0/24"]
PE_ACR[PE: ACR]
PE_KV[PE: Key Vault]
PE_ST[PE: Storage]
end
end
PE_ACR --> ACR[Azure Container Registry]
PE_KV --> KV[Key Vault]
PE_ST --> ST[Storage Account]
subgraph DNS[Private DNS Zones]
DNS_ACR[privatelink.azurecr.io]
DNS_KV[privatelink.vaultcore.azure.net]
DNS_ST[privatelink.blob.core.windows.net]
end
PE_ACR -.-> DNS_ACR
PE_KV -.-> DNS_KV
PE_ST -.-> DNS_ST
CA -.->|System-Assigned MI| ENTRA[Microsoft Entra ID]
CAE --> LOG[Log Analytics]
CA --> AI[Application Insights]
style CA fill:#107c10,color:#fff
style VNET fill:#E8F5E9,stroke:#4CAF50
style DNS fill:#E3F2FDConfiguration Flow¶
graph TD
ENV[Env Vars] --> ACA[Container App]
SEC[Secrets] --> ACA
DAPR[Dapr] --> ACA
ACA --> APP[ASP.NET Core App]
APP --> KESTREL[Kestrel Server]Prerequisites¶
- Completed 02 - First Deploy to Azure Container Apps
- A running Container App (deployed in 02 - First Deploy)
Step-by-step¶
- Set standard variables (reuse Bicep outputs from Step 02)
RG="rg-dotnet-guide"
DEPLOYMENT_NAME="main"
APP_NAME=$(az deployment group show \
--name "$DEPLOYMENT_NAME" \
--resource-group "$RG" \
--query "properties.outputs.containerAppName.value" \
--output tsv)
ACR_NAME=$(az deployment group show \
--name "$DEPLOYMENT_NAME" \
--resource-group "$RG" \
--query "properties.outputs.containerRegistryName.value" \
--output tsv)
- Set environment variables
ASP.NET Core automatically reads environment variables into its configuration system.
az containerapp update \
--name "$APP_NAME" \
--resource-group "$RG" \
--set-env-vars "Logging__LogLevel__Default=Information" "FeatureManagement__NewUI=true"
???+ example "Expected output"
- Store and reference a secret
az containerapp secret set \
--name "$APP_NAME" \
--resource-group "$RG" \
--secrets "db-connection-string=Server=tcp:sql.database.windows.net;Database=mydb;"
???+ example "Expected output"
Map the secret to an environment variable:
az containerapp update \
--name "$APP_NAME" \
--resource-group "$RG" \
--set-env-vars "ConnectionStrings__DefaultConnection=secretref:db-connection-string"
- Configure KEDA HTTP autoscaling
az containerapp update \
--name "$APP_NAME" \
--resource-group "$RG" \
--min-replicas 0 \
--max-replicas 10 \
--scale-rule-name "http-scale" \
--scale-rule-type "http" \
--scale-rule-http-concurrency 50
???+ example "Expected output"
- Enable Dapr sidecar
az containerapp dapr enable \
--name "$APP_NAME" \
--resource-group "$RG" \
--dapr-app-id "dotnet-api" \
--dapr-app-port 8000
???+ example "Expected output"
.NET example: read config safely¶
ASP.NET Core's IConfiguration makes it easy to read these values.
// In Program.cs or a Controller
var logLevel = configuration["Logging:LogLevel:Default"];
var isNewUIEnabled = configuration.GetValue<bool>("FeatureManagement:NewUI");
var connectionString = configuration.GetConnectionString("DefaultConnection");
Environment Variable Naming
Use double underscores (__) in environment variable names to represent hierarchical configuration keys in .NET (e.g., Logging__LogLevel__Default maps to Logging:LogLevel:Default).
Advanced Topics¶
- Managed Identity: Use
DefaultAzureCredentialfrom the Azure Identity SDK to access Key Vault without managing client secrets. - KEDA Scalers: Explore .NET specific scalers like
azure-servicebusorrabbitmqfor background processing. - Dapr SDK: Use the
Dapr.ClientNuGet package for advanced Dapr features like state store and pub/sub.