03 - Configuration, Secrets, and Dapr¶
This step configures runtime settings in Azure Container Apps, including environment variables, secrets, KEDA scaling rules, and Dapr sidecar options.
Infrastructure Context
Service: Container Apps (Consumption) | Network: VNet integrated | VNet: ✅
This tutorial assumes a production-ready Container Apps deployment with a custom VNet, ACR with managed identity pull, and private endpoints for backend services.
flowchart TD
INET[Internet] -->|HTTPS| CA["Container App\nConsumption\nLinux Node 18 LTS"]
subgraph VNET["VNet 10.0.0.0/16"]
subgraph ENV_SUB["Environment Subnet 10.0.0.0/23\nDelegation: Microsoft.App/environments"]
CAE[Container Apps Environment]
CA
end
subgraph PE_SUB["Private Endpoint Subnet 10.0.2.0/24"]
PE_ACR[PE: ACR]
PE_KV[PE: Key Vault]
PE_ST[PE: Storage]
end
end
PE_ACR --> ACR[Azure Container Registry]
PE_KV --> KV[Key Vault]
PE_ST --> ST[Storage Account]
subgraph DNS[Private DNS Zones]
DNS_ACR[privatelink.azurecr.io]
DNS_KV[privatelink.vaultcore.azure.net]
DNS_ST[privatelink.blob.core.windows.net]
end
PE_ACR -.-> DNS_ACR
PE_KV -.-> DNS_KV
PE_ST -.-> DNS_ST
CA -.->|System-Assigned MI| ENTRA[Microsoft Entra ID]
CAE --> LOG[Log Analytics]
CA --> AI[Application Insights]
style CA fill:#107c10,color:#fff
style VNET fill:#E8F5E9,stroke:#4CAF50
style DNS fill:#E3F2FDConfiguration Flow¶
graph TD
ENV[Env Vars] --> ACA[Container App]
SEC[Secrets] --> ACA
DAPR[Dapr] --> ACA
ACA --> APP[Application]Prerequisites¶
- Completed 02 - First Deploy to Azure Container Apps
- A running Container App
Step-by-step¶
-
Set standard variables
-
Set environment variables
-
Store and reference a secret
az containerapp secret set \ --name "$APP_NAME" \ --resource-group "$RG" \ --secrets "db-password=<secret-value>"Expected output
-
Configure KEDA HTTP autoscaling
-
Enable Dapr sidecar
Node.js example: read config safely¶
In Node.js, environment variables are accessed via process.env. Use the dotenv package (already included in the reference app) for local development.
// src/config.js
const LOG_LEVEL = process.env.LOG_LEVEL || 'INFO';
const FEATURE_FLAG = process.env.FEATURE_FLAG === 'true';
const DB_PASSWORD = process.env.DB_PASSWORD;
module.exports = { LOG_LEVEL, FEATURE_FLAG, DB_PASSWORD };
Advanced Topics¶
- Use Managed Identity to pull secrets directly from Azure Key Vault.
- Implement a custom KEDA scaler (e.g., Azure Service Bus) for event-driven processing.
- Use Dapr components for state management and pub/sub without writing SDK-specific code.