Azure 应用程序配置最佳做法Azure App Configuration best practices

本文介绍了使用 Azure 应用程序配置时的常见模式和最佳做法。This article discusses common patterns and best practices when you're using Azure App Configuration.

键分组Key groupings

应用程序配置提供了两个用于组织键的选项:App Configuration provides two options for organizing keys:

  • 键前缀Key prefixes
  • 标签Labels

可以使用一个或两个选项对键进行分组。You can use either one or both options to group your keys.

键前缀是键的开头部分。Key prefixes are the beginning parts of keys. 可以通过在键名称中使用相同的前缀对一组键进行逻辑分组。You can logically group a set of keys by using the same prefix in their names. 前缀可以包含由分隔符连接的多个构成部分,如 /(类似于 URL 路径),以形成一个命名空间。Prefixes can contain multiple components connected by a delimiter, such as /, similar to a URL path, to form a namespace. 当你在一个应用程序配置存储中存储多个应用程序、组件服务和环境的键时,此类层次结构非常有用。Such hierarchies are useful when you're storing keys for many applications, component services, and environments in one App Configuration store.

需要记住的重要一点是,键是你的应用程序代码所引用的内容,用于检索相应设置的值。An important thing to keep in mind is that keys are what your application code references to retrieve the values of the corresponding settings. 键不应进行更改,否则每次发生更改时都必须修改你的代码。Keys shouldn't change, or else you'll have to modify your code each time that happens.

标签是键上的一个属性。Labels are an attribute on keys. 它们用于创建键的变体。They're used to create variants of a key. 例如,可以将标签分配给多个版本的键。For example, you can assign labels to multiple versions of a key. 版本可以是迭代、环境或某些其他上下文信息。A version might be an iteration, an environment, or some other contextual information. 你的应用程序可以通过指定其他标签来请求一组完全不同的键值。Your application can request an entirely different set of key values by specifying another label. 其结果是,所有关键引用在代码中均保持不变。As a result, all key references remain unchanged in your code.

键-值组合Key-value compositions

应用程序配置将使用它存储的所有键视为独立的实体。App Configuration treats all keys stored with it as independent entities. 应用程序配置不会尝试推断键之间的任何关系,也不会基于键的层次结构来继承键值。App Configuration doesn't attempt to infer any relationship between keys or to inherit key values based on their hierarchy. 但是,可通过在应用程序代码中将标签和适当的配置堆叠配合使用来聚合多组键。You can aggregate multiple sets of keys, however, by using labels coupled with proper configuration stacking in your application code.

接下来举例说明。Let's look at an example. 假设你有一个名为“Asset1”的设置,其值可能因开发环境而异。Suppose you have a setting named Asset1, whose value might vary based on the development environment. 创建一个名为“Asset1”的键,其中包含一个空标签和一个名为“Development”的标签。You create a key named "Asset1" with an empty label and a label named "Development". 在第一个标签中,为“Asset1”输入默认值,在后者中为“Development”输入特定值。In the first label, you put the default value for Asset1, and you put a specific value for "Development" in the latter.

在代码中,首先检索没有任何标签的键值,然后使用“Development”标签第二次检索相同的一组键值。In your code, you first retrieve the key values without any labels, and then you retrieve the same set of key values a second time with the "Development" label. 第二次检索该值时,将覆盖先前的键值。When you retrieve the values the second time, the previous values of the keys are overwritten. .NET Core 配置系统使你可以“堆叠”多组配置数据。The .NET Core configuration system allows you to "stack" multiple sets of configuration data on top of each other. 如果一个键存在于多个集中,则使用包含该键的最后一个集。If a key exists in more than one set, the last set that contains it is used. 通过新式编程框架(如 .NET Core),如果使用本机配置提供程序访问应用程序配置,则可以免费获得此堆叠功能。With a modern programming framework, such as .NET Core, you get this stacking capability for free if you use a native configuration provider to access App Configuration. 以下代码片段演示如何在 .NET Core 应用程序中实现堆叠:The following code snippet shows how you can implement stacking in a .NET Core application:

// Augment the ConfigurationBuilder with Azure App Configuration
// Pull the connection string from an environment variable
configBuilder.AddAzureAppConfiguration(options => {
    options.Connect(configuration["connection_string"])
           .Select(KeyFilter.Any, LabelFilter.Null)
           .Select(KeyFilter.Any, "Development");
});

使用标签为不同环境启用不同配置提供一个完整的示例。Use labels to enable different configurations for different environments provides a complete example.

应用程序配置启动App Configuration bootstrap

若要访问应用程序配置存储,可以使用其连接字符串,该字符串可在 Azure 门户中获取。To access an App Configuration store, you can use its connection string, which is available in the Azure portal. 由于连接字符串包含凭据信息,因此它们被视为机密。Because connection strings contain credential information, they're considered secrets. 这些机密需要存储在 Azure Key Vault 中,你的代码必须向 Key Vault 进行身份验证才能检索这些机密。These secrets need to be stored in Azure Key Vault, and your code must authenticate to Key Vault to retrieve them.

更好的选择是使用 Azure Active Directory 中的托管标识功能。A better option is to use the managed identities feature in Azure Active Directory. 通过托管标识,只需使用应用程序配置终结点 URL 即可启动对应用程序配置存储的访问。With managed identities, you need only the App Configuration endpoint URL to bootstrap access to your App Configuration store. 可以将 URL 嵌入到应用程序代码中(例如嵌入到 appsettings.json 文件中)。You can embed the URL in your application code (for example, in the appsettings.json file). 有关详细信息,请参阅与 Azure 托管标识集成See Integrate with Azure managed identities for details.

应用或函数对应用程序配置的访问权限App or function access to App Configuration

你可以使用以下任一方法为 Web 应用或函数提供对应用程序配置的访问权限:You can provide access to App Configuration for web apps or functions by using any of the following methods:

  • 通过 Azure 门户,在应用服务的应用程序设置中输入应用程序配置存储的连接字符串。Through the Azure portal, enter the connection string to your App Configuration store in the Application settings of App Service.
  • 将连接字符串存储到 Key Vault 中的应用程序配置存储,并从应用服务中引用该字符串Store the connection string to your App Configuration store in Key Vault and reference it from App Service.
  • 使用 Azure 托管标识访问应用程序配置存储。Use Azure managed identities to access the App Configuration store. 有关详细信息,请参阅与 Azure 托管标识集成For more information, see Integrate with Azure managed identities.
  • 将配置从应用程序配置推送到应用服务。Push configuration from App Configuration to App Service. 应用程序配置提供了可将数据直接发送到应用服务中的导出功能(在 Azure 门户和 Azure CLI 中)。App Configuration provides an export function (in Azure portal and the Azure CLI) that sends data directly into App Service. 通过此方法,你无需更改应用程序代码。With this method, you don't need to change the application code at all.

减少对应用程序配置发出的请求Reduce requests made to App Configuration

对应用程序配置的请求过多可能会导致限制或超额费用。Excessive requests to App Configuration can result in throttling or overage charges. 若要减少发出的请求数,方法如下:To reduce the number of requests made:

将配置数据导入到应用程序配置中Importing configuration data into App Configuration

应用程序配置提供了使用 Azure 门户或 CLI 从当前配置文件批量导入配置设置的选项。App Configuration offers the option to bulk import your configuration settings from your current configuration files using either the Azure portal or CLI. 还可以使用相同的选项从应用程序配置中导出值,例如在相关存储之间导出值。You can also use the same options to export values from App Configuration, for example between related stores. 若要设置与 GitHub 存储库的持续同步,可以使用 GitHub 操作,这样可以继续使用现有的源代码管理实践,同时又能获得应用程序配置的优势。If you’d like to set up an ongoing sync with your GitHub repo, you can use our GitHub Action so that you can continue using your existing source control practices while getting the benefits of App Configuration.

应用程序配置中的多区域部署Multi-region deployment in App Configuration

应用程序配置是一种区域服务。App Configuration is regional service. 对于在每个区域设有不同配置的应用程序,将这些配置存储在一个实例中可能会导致单一故障点。For applications with different configurations per region, storing these configurations in one instance can create a single point of failure. 跨多个区域为每个区域部署一个应用程序配置实例可能是一个更好的选择。Deploying one App Configuration instances per region across multiple regions may be a better option. 它可帮助实现区域性灾难恢复、提高性能以及实现安全孤岛。It can help with regional disaster recovery, performance, and security siloing. 按区域配置还可以减少延迟并使用单独的限制配额,因为限制是按实例执行的。Configuring by region also improves latency and uses separated throttling quotas, since throttling is per instance. 若要应用灾难恢复缓解,可以使用多个配置存储To apply disaster recovery mitigation, you can use multiple configuration stores.

后续步骤Next steps