Some buzzwords that are used:
- .NET Aspire
- .NET (Minimal) API
- EF Core (with Migrations)
- Angular
- OpenTelemetry
- Grafana Stack (Tempo, Loki)
- Prometheus (and Blackbox)
- YARP
- Containers
- Azure Developer CLI (azd)
- Authentication with Keycloak
- Secrets OPerationS (SOPS)
- Renovate for automatic dependency updates
- Testing
- Angular tests with Vitest
- .NET unit tests with TUnit
- .NET integration tests with Testcontainers
- End-to-End Testing with Playwright
graph TD
User["Browser (User)"] --> Gateway
subgraph "External Facing Components"
Gateway["API Gateway (YARP)<br>Sandbox.Gateway"]
Keycloak["Keycloak<br>Authentication Provider"]
end
subgraph "Internal Components"
AngularApp["Angular Frontend<br>Sandbox.AngularWorkspace"]
ApiService["API Service<br>Sandbox.ApiService<br>"]
SqlDatabase["SQL Server Database"]
DbMigrations["Database Migrations<br>Sandbox.ApiService.Migrations"]
Gateway --> AngularApp
Gateway --> ApiService
ApiService --> SqlDatabase
SqlDatabase -.-o DbMigrations
Gateway -.-> Keycloak
end
subgraph "Monitoring"
OpenTelemetry["OpenTelemetry Collector<br>Metrics, Traces, Logs"]
Gateway -.-> OpenTelemetry
AngularApp -.-> OpenTelemetry
ApiService -.-> OpenTelemetry
SqlDatabase -.-> OpenTelemetry
end
classDef externalFacing fill:#f96,stroke:#333,stroke-width:3px,stroke-dasharray: 5 5;
classDef gateway fill:#f9f,stroke:#333,stroke-width:2px;
classDef frontend fill:#bbf,stroke:#333,stroke-width:1px;
classDef backend fill:#bfb,stroke:#333,stroke-width:1px;
classDef database fill:#fbb,stroke:#333,stroke-width:1px;
classDef secrets fill:#9cf,stroke:#333,stroke-width:1px;
classDef auth fill:#f99,stroke:#333,stroke-width:1px;
classDef monitoring fill:#ffd,stroke:#333,stroke-width:1px;
class Gateway gateway,externalFacing;
class Keycloak auth,externalFacing;
class AngularApp frontend;
class ApiService backend;
class SqlDatabase,DbMigrations database;
class OpenTelemetry monitoring;
The project uses SOPS (Secrets Operations) to encrypt sensitive configuration values:
- Encrypted Configuration:
appsettings.encrypted.jsonfiles contain encrypted secrets - Selective Encryption: Only fields matching secret patterns (Secret, Password, Key, Token) are encrypted
- Development Friendly: Non-sensitive configuration remains in plain text for easy reading
$env:SOPS_AGE_KEY_FILE = "./config/sops/age/keys.txt"
sops --decrypt "config/appsettings.encrypted.json" > "Sandbox.AppHost/appsettings.json"
sops --encrypt "Sandbox.AppHost/appsettings.json" > "config/appsettings.encrypted.json"Clone the project and run the dotnet run command in the root folder to start the project.
dotnet run --project ./Sandbox.AppHostThe .NET Aspire dashboard provides a comprehensive view of all running services, their health status, and resource utilization in the development environment.
The monitoring stack uses Grafana to visualize OpenTelemetry data collected from all services, providing insights into application performance, logs, traces, and health metrics.
Keycloak serves as the identity and access management solution, providing secure authentication and authorization for the application.
Scalar provides an interactive API documentation interface generated from the OpenAPI specification, allowing developers to explore and test API endpoints.
To deploy the project, make sure you have an Azure subscription and azd installed.
Then, run the following commands to provision the resources and deploy the project:
azd init
azd up