Exercise - Set up your Azure DevOps environment

Completed

In this section, you make sure that your Azure DevOps organization is set up to complete the rest of this module. You also create the Azure Kubernetes Service environment that you'll deploy to.

To accomplish these goals, you:

  • Add a user to ensure Azure DevOps can connect to your Azure subscription.
  • Set up an Azure DevOps project for this module.
  • On Azure Boards, move the work item for this module to the Doing column.
  • Create an Azure Container Registry (ACR) and Azure Kubernetes Service (AKS) cluster using the Azure CLI in Azure Cloud Shell.
  • Create pipeline variables that define the names of your Azure resources.
  • Create a service connection that enables Azure Pipelines to securely access your Azure subscription.
  • Update the source project on GitHub to use your new ACR instance.

Add a user to Azure DevOps

To complete this module, you need your own Azure subscription. You can get started with Azure for free.

You don't need an Azure subscription to work with Azure DevOps, but here you'll use Azure DevOps to deploy to Azure resources that exist in your Azure subscription. To simplify the process, use the same Microsoft account to sign in to both your Azure subscription and your Azure DevOps organization.

If you use different Microsoft accounts to sign in to Azure and Azure DevOps, add a user to your DevOps organization under the Microsoft account that you use to sign in to Azure. For more information, see Add users to your organization or project. When you add the user, choose the Basic access level.

Then sign out of Azure DevOps and sign in. Use the Microsoft account that you use to sign in to your Azure subscription.

Get the Azure DevOps project

Here you make sure that your Azure DevOps organization is set up to complete the rest of this module. To do so, you run a template that creates a project in Azure DevOps.

The modules in this learning path form a progression. You follow the Tailspin web team through their DevOps journey. For learning purposes, each module has its own Azure DevOps project.

Run the template

Run a template that sets up your Azure DevOps organization:

From the Azure DevOps Demo Generator site, follow these steps to run the template:

  1. Select Sign In and accept the usage terms.

  2. On the Create New Project page, select your Azure DevOps organization. Enter a project name, such as Space Game - web - Kubernetes.

    A screenshot of the Azure DevOps Demo Generator showing the process to create the project.

  3. Select Yes, I want to import this repository > Authorize.

    If a window appears, authorize access to your GitHub account.

    Important

    You need to select this option so the template will connect to your GitHub repository. Select it even if you've already forked the Space Game website project. The template uses your existing fork.

  4. Select Create Project.

    The template takes a few moments to run.

  5. Select Navigate to project to go to your project in Azure DevOps.

Important

In this module, the Clean up your Azure DevOps environment page contains important cleanup steps. Cleaning up helps ensure that you don't run out of free build minutes. Be sure to follow the cleanup steps even if you don't complete this module.

Set your project's visibility

Your fork of the Space Game repository on GitHub is initially public. The Azure DevOps template creates a project that's initially private.

A public GitHub repository is accessible to everyone, whereas a private repository is accessible to you and the people you share it with. In both cases, only collaborators can commit changes to a GitHub repository.

A project on Azure DevOps works the same way. Users who aren't signed in to the service have read-only access to public projects. Private projects require users to be granted access to the project and signed in to access the services.

For learning purposes, you don't need to change any of these settings right now. But for your own projects, you need to decide what visibility and access you want to provide to others. For example, if your project is open source, you might make both your GitHub repository and your Azure DevOps project public. If your project is closed source, you would likely make both your GitHub repository and your Azure DevOps project private.

Later, you can use these resources to help you decide which option is best for your project:

Move the work item to Doing

Here you assign a work item to yourself on Azure Boards. You also move the work item to the Doing state. In practice, you and your team would create work items at the start of each sprint, or work iteration.

This work assignment gives you a checklist to work from. It gives other team members visibility into what you're working on and how much work is left. The work item also helps enforce work-in-progress (WIP) limits so that the team doesn't take on too much work at one time.

Here you move the first item, Create multi-container version of web site orchestrated with Kubernetes, to the Doing column. Then you assign yourself to the work item.

To set up the work item:

  1. From Azure DevOps, go to Boards. Then, select Boards from the menu.

    A screenshot of Azure DevOps showing the location of the Boards menu.

  2. In the Create multi-container version of web site orchestrated with Kubernetes work item, select the down arrow at the bottom of the card. Then assign the work item to yourself.

    A screenshot of Azure Boards showing the location of the down arrow.

  3. Move the work item from the To Do column to the Doing column.

    A screenshot of Azure Boards showing the card in the Doing column.

At the end of this module, you'll move the card to the Done column after you complete the task.

Create the Azure Kubernetes Service environment

Here you create the Azure Kubernetes Service resources that are required to deploy the new container version of the site.

In Create a release pipeline with Azure Pipelines, you brought up Azure resources through the Azure portal. Although the portal is a great way to explore what's available on Azure or to do basic tasks, bringing up components such as Azure Kubernetes Service can be tedious.

In this module, you use the Azure CLI to bring up the resources need to deploy and run your app on Azure Kubernetes Service. You can access the Azure CLI from a terminal or through Visual Studio Code. Here you access the Azure CLI from Azure Cloud Shell. This browser-based shell experience is hosted in the cloud. In Cloud Shell, the Azure CLI is configured for use with your Azure subscription.

Important

You need your own Azure subscription to complete the exercises in this module.

Bring up Cloud Shell through the Azure portal

  1. Go to the Azure portal, and sign in.

  2. From the menu, select Cloud Shell. When prompted, select the Bash experience.

    A screenshot of the Azure portal showing the location of the Cloud Shell menu item.

    Note

    Cloud Shell requires an Azure storage resource to persist any files that you create in Cloud Shell. When you first open Cloud Shell, you're prompted to create a resource group, storage account, and Azure Files share. This setup is automatically used for all future Cloud Shell sessions.

Select an Azure region

A region is one or more Azure datacenters within a geographic location. East US, West US, and North Europe are examples of regions. Every Azure resource, including an App Service instance, is assigned a region.

To make commands easier to run, start by selecting a default region. After you specify the default region, later commands use that region unless you specify a different region.

  1. From Cloud Shell, run the following az account list-locations command to list the regions that are available from your Azure subscription.

    az account list-locations \
      --query "[].{Name: name, DisplayName: displayName}" \
      --output table
    
  2. From the Name column in the output, choose a region that's close to you. For example, choose eastasia or westus2.

  3. Run az configure to set your default region. Replace <REGION> with the name of the region you chose.

    az configure --defaults location=<REGION>
    

    This example sets westus2 as the default region.

    az configure --defaults location=westus2
    

Create Bash variables

Create Bash variables to make the setup process more convenient and less error-prone. Using variables for shared text strings helps avoid accidental typos.

  1. From Cloud Shell, generate a random number. This will make it easier to create globally unique names for certain services in the next step.

    resourceSuffix=$RANDOM
    
  2. Create globally unique names for your Azure Container Registry and Azure Kubernetes Service instance. Note that these commands use double quotes, which instructs Bash to interpolate the variables using the inline syntax.

    registryName="tailspinspacegame${resourceSuffix}"
    aksName="tailspinspacegame-${resourceSuffix}"
    
  3. Create another Bash variable to store the name of your resource group.

    rgName='tailspin-space-game-rg'
    
  4. Create a variable to hold the latest AKS version available in your default region.

    aksVersion=$(az aks get-versions \
      --query 'orchestrators[-1].orchestratorVersion' \
      --output tsv)
    

Create the Azure resources

This solution requires several Azure resources for deployment, which you create now.

Note

For learning purposes, here you use the default network settings. These settings make your site accessible from the internet. In practice, you could configure an Azure virtual network that places your website in a network that's not internet routable, and that only you and your team can access. Later, you could reconfigure your network to make the website available to your users.

  1. Run the following az group create command to create a resource group using the name defined earlier.

    az group create --name $rgName
    
  2. Run the following az acr create command to create an Azure Container Registry using the name defined earlier.

    az acr create \
      --name $registryName \
      --resource-group $rgName \
      --sku Standard
    
  3. Run the following az aks create command to create an AKS instance using the name defined earlier.

    az aks create \
      --name $aksName \
      --resource-group $rgName \
      --enable-addons monitoring \
      --kubernetes-version $aksVersion \
      --generate-ssh-keys
    

    Note

    It may take 10-15 minutes for the AKS deployment to complete.

  4. Create a variable to store the ID of the service principal configured for the AKS instance.

    clientId=$(az aks show \
      --name $aksName \
      --resource-group $rgName \
      --query "servicePrincipalProfile.clientId" \
      --output tsv)
    
  5. Create a variable to store the ID of the Azure Container Registry.

    acrId=$(az acr show \
      --name $registryName \
      --resource-group $rgName \
      --query "id" \
      --output tsv)
    
  6. Run the following az acr list command to print the login server for your ACR instance.

    az acr list \
     --resource-group $rgName \
     --query "[].{loginServer: loginServer}" \
     --output table
    

    Note the login server for your container registry. You'll need this when configuring the pipeline and environment in some upcoming steps. Here's an example.

    LoginServer                      
    --------------------------------
    tailspinspacegame4692.azurecr.io
    
  7. Run the following az role assignment create command to create a role assignment to authorize the AKS cluster to connect to the Azure Container Registry.

    az role assignment create \
      --assignee $clientId \
      --role acrpull \
      --scope $acrId
    

Important

The Clean up your Azure DevOps environment page in this module contains important cleanup steps. Cleaning up helps ensure that you're not charged for Azure resources after you complete this module. Be sure to perform the cleanup steps even if you don't complete this module.

Create pipeline variables in Azure Pipelines

In Automate Docker container deployments with Azure Pipelines, you added a variable to your pipeline that stores the name of your Azure Container Registry. Here you do the same.

You could hard-code this name in your pipeline configuration, but if you define it as a variable, your configuration will be more reusable. Plus, if the name of your instance changes, you can update the variable and trigger your pipeline without modifying your configuration.

To add the variables:

  1. In Azure DevOps, go to your Space Game - web - Kubernetes project.

  2. Under Pipelines, select Library.

    A screenshot of Azure Pipelines showing the Library menu option.

  3. Select + Variable group.

  4. Under Properties, enter Release for the variable group name.

  5. Under Variables, select Add.

  6. For the name of your variable, enter RegistryName. For the value, enter the login server for your Azure Container Registry, such as tailspinspacegame4692.azurecr.io.

  7. Near the top of the page, select Save to save your variable to the pipeline.

    Your variable group resembles this one:

    A screenshot of Azure Pipeline showing the variable group. The group contains one variable.

Create required service connections

Here, you create service connections that enable Azure Pipelines to access your Azure Container Registry and Azure Kubernetes Service instances. Azure Pipelines uses these service connections to push your containers, as well as to instruct your AKS cluster to pull them in to update the deployed service.

Important

Make sure that you're signed in to both the Azure portal and Azure DevOps under the same Microsoft account.

  1. In Azure DevOps, go to your Space Game - web - Kubernetes project.

  2. From the bottom corner of the page, select Project settings.

  3. Under Pipelines, select Service connections.

  4. Select New service connection, then select Docker Registry, and then select Next.

  5. Near the top of the page, select Azure Container Registry.

  6. Enter the following values for each setting.

    Setting Value
    Subscription Your Azure subscription
    Azure container registry Select the one you created earlier
    Service connection name Container Registry Connection
  7. Ensure that Grant access permission to all pipelines is selected.

  8. Select Save.

  9. Select New service connection, then select Kubernetes, and then select Next.

  10. Near the top of the page, select Azure Subscription.

  11. Enter the following values for each setting.

    Setting Value
    Subscription Your Azure subscription
    Cluster Select the one you created earlier
    Namespace default
    Service connection name Kubernetes Cluster Connection
  12. Ensure that Grant access permission to all pipelines is selected.

  13. Select Save.

Create the environment

  1. Under Pipelines, select Environments.

    A screenshot of Azure Pipelines showing the Environments menu option.

  2. Select Create environment.

  3. Under Name, enter spike.

  4. Under Resource, select Kubernetes.

  5. Select Next.

  6. Under Provider, select Azure Kubernetes Service.

  7. Under Azure subscription, select your subscription.

  8. Under Cluster, select the AKS cluster you created earlier.

  9. Under Namespace, Existing and default.

  10. Select Validate and create.

Update the Kubernetes deployment manifest in your GitHub source project

Here you update the Kubernetes deployment.yml manifest to point to the container registry you created earlier.

  1. Go to the GitHub project created for this module. The project is named mslearn-tailspin-spacegame-web-kubernetes in your GitHub account.

  2. Open the file at manifests/deployment.yml in edit mode.

    A screenshot of GitHub showing the location of the edit mode icon.

  3. Change the container image references to use your ACR login server. The following code uses tailspinspacegame2439.azurecr.io as an example.

    apiVersion : apps/v1
    kind: Deployment
    metadata:
      name: web
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: web
      template:
        metadata:
          labels:
            app: web
        spec:
          containers:
            - name: web
              image: tailspinspacegame4692.azurecr.io/web
              ports:
              - containerPort: 80
    
    apiVersion : apps/v1
    kind: Deployment
    metadata:
      name: leaderboard
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: leaderboard
      template:
        metadata:
          labels:
            app: leaderboard
        spec:
          containers:
            - name: leaderboard
              image: tailspinspacegame4692.azurecr.io/leaderboard
              ports:
              - containerPort: 80
    
  4. Commit the changes to the main branch.