Implante o CaseBender no Microsoft Azure
Este guia orienta você na implantação do CaseBender no Azure usando imagens Docker pré-construídas com Azure Container Apps e serviços gerenciados.
# Usando Homebrew
brew install azure-cli
# Login no Azure
az login
# Configurar Docker para ACR
az acr login --name casebenderacr
# Definir variáveis
RESOURCE_GROUP="casebender-rg"
LOCATION="eastus"
# Criar grupo de recursos
az group create --name $RESOURCE_GROUP --location $LOCATION
# Habilitar serviços necessários
az provider register --namespace Microsoft.ContainerRegistry
az provider register --namespace Microsoft.App
az provider register --namespace Microsoft.Storage
# Criar conta de armazenamento
az storage account create \
--name casebenderstorage \
--resource-group $RESOURCE_GROUP \
--location $LOCATION \
--sku Standard_LRS \
--encryption-services blob
# Criar contêiner de blob
az storage container create \
--name casebender \
--account-name casebenderstorage \
--auth-mode key \
--public-access off
# Obter chave da conta de armazenamento
STORAGE_KEY=$(az storage account keys list \
--account-name casebenderstorage \
--resource-group $RESOURCE_GROUP \
--query '[0].value' -o tsv)
# Criar identidade gerenciada para acesso ao armazenamento
az identity create \
--name casebender-storage-identity \
--resource-group $RESOURCE_GROUP
# Obter ID da identidade gerenciada
IDENTITY_ID=$(az identity show \
--name casebender-storage-identity \
--resource-group $RESOURCE_GROUP \
--query id -o tsv)
# Atribuir função de Colaborador de Dados de Blob de Armazenamento
az role assignment create \
--assignee-object-id $(az identity show --name casebender-storage-identity --resource-group $RESOURCE_GROUP --query principalId -o tsv) \
--role "Storage Blob Data Contributor" \
--scope $(az storage account show --name casebenderstorage --resource-group $RESOURCE_GROUP --query id -o tsv)
# Criar servidor PostgreSQL
az postgres flexible-server create \
--resource-group $RESOURCE_GROUP \
--name casebender-db \
--admin-user superadmin \
--admin-password <sua-senha-segura> \
--sku-name Standard_B2s \
--storage-size 32 \
--version 14
# Criar banco de dados
az postgres flexible-server db create \
--resource-group $RESOURCE_GROUP \
--server-name casebender-db \
--database-name casebender
# Criar cache Redis
az redis create \
--resource-group $RESOURCE_GROUP \
--name casebender-redis \
--sku Basic \
--vm-size c0 \
--location $LOCATION
# Criar Azure Container Registry
az acr create \
--resource-group $RESOURCE_GROUP \
--name casebenderacr \
--sku Standard \
--admin-enabled true
# Obter credenciais do registro
ACR_USERNAME=$(az acr credential show --name casebenderacr --query username -o tsv)
ACR_PASSWORD=$(az acr credential show --name casebenderacr --query "passwords[0].value" -o tsv)
# Baixar imagens do CaseBender
docker pull casebender/casebender:latest
docker pull casebender/workflow-processor:latest
docker pull casebender/misp-processor:latest
# Marcar imagens para ACR
docker tag casebender/casebender:latest casebenderacr.azurecr.io/casebender/app:latest
docker tag casebender/workflow-processor:latest casebenderacr.azurecr.io/casebender/workflow-processor:latest
docker tag casebender/misp-processor:latest casebenderacr.azurecr.io/casebender/misp-processor:latest
# Enviar imagens para ACR
docker push casebenderacr.azurecr.io/casebender/app:latest
docker push casebenderacr.azurecr.io/casebender/workflow-processor:latest
docker push casebenderacr.azurecr.io/casebender/misp-processor:latest
# Criar ambiente de Container Apps
az containerapp env create \
--name casebender-env \
--resource-group $RESOURCE_GROUP \
--location $LOCATION
# Criar aplicação principal
az containerapp create \
--name casebender-app \
--resource-group $RESOURCE_GROUP \
--environment casebender-env \
--image casebenderacr.azurecr.io/casebender/app:latest \
--target-port 3000 \
--ingress external \
--registry-server casebenderacr.azurecr.io \
--registry-username $ACR_USERNAME \
--registry-password $ACR_PASSWORD \
--user-assigned-identity $IDENTITY_ID \
--env-vars \
AUTH_SECRET=<seu-segredo-de-autenticação> \
AUTH_SALT=<seu-salt-de-autenticação> \
POSTGRES_PRISMA_URL="postgresql://superadmin:<senha>@casebender-db.postgres.database.azure.com:5432/casebender" \
REDIS_URL="redis://casebender-redis.redis.cache.windows.net:6380?ssl=true&password=<chave-redis>" \
AZURE_STORAGE_ACCOUNT="casebenderstorage" \
AZURE_STORAGE_CONTAINER="casebender" \
AZURE_STORAGE_CONNECTION_STRING="DefaultEndpointsProtocol=https;AccountName=casebenderstorage;AccountKey=${STORAGE_KEY};EndpointSuffix=core.windows.net"
# Criar processador de fluxo de trabalho
az containerapp create \
--name workflow-processor \
--resource-group $RESOURCE_GROUP \
--environment casebender-env \
--image casebenderacr.azurecr.io/casebender/workflow-processor:latest \
--registry-server casebenderacr.azurecr.io \
--registry-username $ACR_USERNAME \
--registry-password $ACR_PASSWORD \
--min-replicas 1 \
--max-replicas 1 \
--env-vars \
POSTGRES_PRISMA_URL="postgresql://superadmin:<senha>@casebender-db.postgres.database.azure.com:5432/casebender" \
REDIS_URL="redis://casebender-redis.redis.cache.windows.net:6380?ssl=true&password=<chave-redis>"
# Criar processador MISP
az containerapp create \
--name misp-processor \
--resource-group $RESOURCE_GROUP \
--environment casebender-env \
--image casebenderacr.azurecr.io/casebender/misp-processor:latest \
--registry-server casebenderacr.azurecr.io \
--registry-username $ACR_USERNAME \
--registry-password $ACR_PASSWORD \
--min-replicas 1 \
--max-replicas 1 \
--env-vars \
POSTGRES_PRISMA_URL="postgresql://superadmin:<senha>@casebender-db.postgres.database.azure.com:5432/casebender" \
REDIS_URL="redis://casebender-redis.redis.cache.windows.net:6380?ssl=true&password=<chave-redis>"
# Criar perfil Front Door
az afd profile create \
--profile-name casebender-afd \
--resource-group $RESOURCE_GROUP \
--sku Standard_AzureFrontDoor
# Criar endpoint
az afd endpoint create \
--endpoint-name casebender \
--profile-name casebender-afd \
--resource-group $RESOURCE_GROUP
# Criar grupo de origem
az afd origin-group create \
--origin-group-name casebender-origin-group \
--profile-name casebender-afd \
--resource-group $RESOURCE_GROUP \
--probe-path "/" \
--probe-protocol Http \
--probe-request-type GET
# Adicionar origem
az afd origin create \
--origin-group-name casebender-origin-group \
--origin-name casebender-origin \
--profile-name casebender-afd \
--resource-group $RESOURCE_GROUP \
--host-name <url-do-seu-container-app> \
--origin-host-header <url-do-seu-container-app> \
--priority 1 \
--weight 1000 \
--enabled-state Enabled
# Adicionar domínio personalizado ao Front Door
az afd custom-domain create \
--custom-domain-name casebender-domain \
--host-name seu-dominio.com \
--profile-name casebender-afd \
--resource-group $RESOURCE_GROUP \
--minimum-tls-version TLS12
# Habilitar HTTPS
az afd custom-domain enable-https \
--custom-domain-name casebender-domain \
--profile-name casebender-afd \
--resource-group $RESOURCE_GROUP
# Criar Application Insights
az monitor app-insights component create \
--app casebender-insights \
--location $LOCATION \
--resource-group $RESOURCE_GROUP \
--application-type web
# Obter chave de instrumentação
az monitor app-insights component show \
--app casebender-insights \
--resource-group $RESOURCE_GROUP \
--query instrumentationKey \
--output tsv
# Criar grupo de ação
az monitor action-group create \
--name casebender-alerts \
--resource-group $RESOURCE_GROUP \
--action email admin email@seudominio.com
# Criar regra de alerta
az monitor metrics alert create \
--name "uso-alto-de-cpu" \
--resource-group $RESOURCE_GROUP \
--scopes <id-do-recurso-container-app> \
--condition "avg CPU > 80" \
--window-size 5m \
--evaluation-frequency 1m \
--action <id-do-grupo-de-ação>
# Visualizar logs do container app
az containerapp logs show \
--name casebender-app \
--resource-group $RESOURCE_GROUP \
--follow
# Configurar regras de escalonamento
az containerapp update \
--name casebender-app \
--resource-group $RESOURCE_GROUP \
--min-replicas 1 \
--max-replicas 10 \
--scale-rule-name http-rule \
--scale-rule-type http \
--scale-rule-http-concurrency 50
# Habilitar backups automatizados
az postgres flexible-server update \
--resource-group $RESOURCE_GROUP \
--name casebender-db \
--backup-retention 7
# Criar recursos de região secundária
az postgres flexible-server replica create \
--name casebender-db-secondary \
--source-server casebender-db \
--resource-group $RESOURCE_GROUP \
--location westus