Tutorial: Deploy to Azure Kubernetes Service (AKS) using the blue/green deployment pattern
Azure Kubernetes Service (AKS) manages your hosted Kubernetes environment, making it quick and easy to deploy and manage containerized applications. You don't need expertise in container orchestration. AKS also eliminates the burden of ongoing operations and maintenance, by provisioning, upgrading, and scaling resources on demand. You don't need to take your applications offline. For more information about AKS, see the AKS documentation.
Blue/green deployment is an Azure DevOps Continuous Delivery pattern that relies on keeping an existing (blue) version live, while a new (green) one is deployed. Typically, this pattern employs load balancing to direct increasing amounts of traffic to the green deployment. If monitoring discovers an incident, traffic can be rerouted to the blue deployment, which is still running. For more information about Continuous Delivery, see What is Continuous Delivery.
In this tutorial, you learn how to perform the following tasks:
- Learn about the blue/green deployment pattern
- Create a managed Kubernetes cluster
- Run a sample script to configure a Kubernetes cluster
- Manually configure a Kubernetes cluster
- Create and run a Jenkins job
- GitHub account : You need a GitHub account to clone the sample repo.
- Azure CLI 2.0 : You use the Azure CLI 2.0 to create the Kubernetes cluster.
- Chocolatey: A package manager you use to install kubectl.
- kubectl: A command-line interface you use for running commands against Kubernetes clusters.
- jq: A lightweight, command-line JSON processor.
Clone the sample app from GitHub
On the Microsoft repo in GitHub, you can find a sample app that illustrates how to deploy to AKS by using Jenkins and the blue/green pattern. In this section, you create a fork of that repo in your GitHub, and clone the app to your local system.
Browse to the GitHub repo for the todo-app-java-on-azure sample app.
Fork the repo by selecting Fork in the upper right of the page, and follow the instructions to fork the repo in your GitHub account.
After you fork the repo, you see that the account name changes to your account name, and a note indicates from where the repo was forked (Microsoft).
Select Clone or download.
In the Clone with HTTPS window, select the copy icon.
Open a terminal or Git Bash window.
Change directories to the desired location where you want to store the local copy (clone) of the repo.
git clonecommand, clone the URL you copied previously.
Press the Enter key to start the clone process.
Change directories to the newly created directory that contains the clone of the app source.
Create and configure a managed Kubernetes cluster
In this section, you perform the following steps:
- Use the Azure CLI 2.0 to create a managed Kubernetes cluster.
- Learn how to set up a cluster, either by using the setup script or manually.
- Create an instance of the Azure Container Registry service.
Use the Azure CLI 2.0 to create a managed Kubernetes cluster
In order to create a managed Kubernetes cluster with the Azure CLI 2.0, ensure that you are using the Azure CLI version 2.0.25 or later.
Sign in to your Azure account. After you enter the following command, you receive instructions that explain how to complete the sign-in.
When you run the
az logincommand in the previous step, a list of all your Azure subscriptions appears (along with their subscription IDs). In this step, you set the default Azure subscription. Replace the <your-subscription-id> placeholder with the desired Azure subscription ID.
az account set -s <your-subscription-id>
Create a resource group. Replace the <your-resource-group-name> placeholder with the name of your new resource group, and replace the <your-location> placeholder with the location. The command
az account list-locationsdisplays all Azure locations. During the AKS preview, not all locations are available. If you enter a location that is not valid at this time, the error message lists the available locations.
az group create -n <your-resource-group-name> -l <your-location>
Create the Kubernetes cluster. Replace the <your-resource-group-name> with the name of the resource group created in the previous step, and replace the <your-kubernetes-cluster-name> with the name of your new cluster. (This process can take several minutes to complete.)
az aks create -g <your-resource-group-name> -n <your-kubernetes-cluster-name> --generate-ssh-keys --node-count 2
Set up the Kubernetes cluster
You can set up a blue/green deployment in AKS manually, or with a setup script provided in the sample cloned earlier. In this section, you see how to do both.
Set up the Kubernetes cluster via the sample setup script
Edit the deploy/aks/setup/setup.sh file, replacing the following placeholders with the appropriate values for your environment:
Run the setup script.
Set up a Kubernetes cluster manually
Download the Kubernetes configuration to your profile folder.
az aks get-credentials -g <your-resource-group-name> -n <your-kubernetes-cluster-name> --admin
Change the directory to the deploy/aks/setup directory.
Run the following kubectl commands to set up the services for the public endpoint, and the two test endpoints.
kubectl apply -f service-green.yml kubectl apply -f test-endpoint-blue.yml kubectl apply -f test-endpoint-green.yml
Update the DNS name for the public and test endpoints. When you create a Kubernetes cluster, you also create an additional resource group, with the naming pattern of MC_<your-resource-group-name><your-kubernetes-cluster-name><your-location>.
Locate the public IPs in the resource group.
For each of the services, find the external IP address by running the following command:
kubectl get service todoapp-service
Update the DNS name for the corresponding IP address with the following command:
az network public-ip update --dns-name aks-todoapp --ids /subscriptions/<your-subscription-id>/resourceGroups/MC_<resourcegroup>_<aks>_<location>/providers/Microsoft.Network/publicIPAddresses/kubernetes-<ip-address>
Repeat the call for
az network public-ip update --dns-name todoapp-blue --ids /subscriptions/<your-subscription-id>/resourceGroups/MC_<resourcegroup>_<aks>_<location>/providers/Microsoft.Network/publicIPAddresses/kubernetes-<ip-address> az network public-ip update --dns-name todoapp-green --ids /subscriptions/<your-subscription-id>/resourceGroups/MC_<resourcegroup>_<aks>_<location>/providers/Microsoft.Network/publicIPAddresses/kubernetes-<ip-address>
The DNS name needs to be unique in your subscription. To ensure the uniqueness, you can use
Create an instance of Container Registry
az acr createcommand to create an instance of Container Registry. In the next section, you can then use
login serveras the Docker registry URL.
az acr create -n <your-registry-name> -g <your-resource-group-name>
az acr credentialcommand to show your Container Registry credentials. Note the Docker registry username and password, as you need them in the next section.
az acr credential show -n <your-registry-name>
Prepare the Jenkins server
In this section, you see how to prepare the Jenkins server to run a build, which is fine for testing. However, you should use an Azure VM agent or Azure Container agent to spin up an agent in Azure to run your builds. For more information, see the Jenkins article on the security implications of building on master.
Deploy a Jenkins Master on Azure.
Connect to the server via SSH, and install the build tools on the server where you run your build.
sudo apt-get install git maven
Install Docker. Ensure that the user
jenkinshas permission to run the
Install jq with the following command:
sudo apt-get install jq
Install the plugins in Jenkins by performing the following steps within the Jenkins dashboard:
- Select Manage Jenkins > Manage Plugins > Available.
- Search for and install the Azure Container Service plug-in.
Add credentials to manage resources in Azure. If you don’t already have the plug-in, install the Azure Credential plug-in.
Add your Azure Service Principal credential as the type Microsoft Azure Service Principal.
Add your Azure Docker registry username and password (as obtained in the section, "Create an instance of Container Registry") as the type Username with password.
Edit the Jenkinsfile
In your own repo, go to
/deploy/aks/, and open
Update the file as follows:
def servicePrincipalId = '<your-service-principal>' def resourceGroup = '<your-resource-group-name>' def aks = '<your-kubernetes-cluster-name>' def cosmosResourceGroup = '<your-cosmodb-resource-group>' def cosmosDbName = '<your-cosmodb-name>' def dbName = '<your-dbname>' def dockerRegistry = '<your-acr-name>.azurecr.io'
Update the Container Registry credential ID:
def dockerCredentialId = '<your-acr-credential-id>'
Create the job
Add a new job in type Pipeline.
Select Pipeline > Definition > Pipeline script from SCM.
Enter the SCM repo URL with your <your-forked-repo>.
Enter the script path as
Run the job
Verify that you can run your project successfully in your local environment. Here's how: Run project on local machine.
Run the Jenkins job. The first time you run the job, Jenkins deploys the todo app to the blue environment, which is the default inactive environment.
To verify that the job ran, go to these URLs:
- Public end point:
- Blue end point -
- Green end point -
- Public end point:
The public and the blue test end points have the same update, while the green end point shows the default tomcat image.
If you run the build more than once, it cycles through blue and green deployments. In other words, if the current environment is blue, the job deploys and tests to the green environment. Then, if tests are good, the job updates the application public endpoint to route traffic to the green environment.
For more on zero-downtime deployment, see this quickstart template.
Clean up resources
When you no longer need the resources you created in this tutorial, you can delete them.
az group delete -y --no-wait -n <your-resource-group-name>
If you encounter any bugs with the Jenkins plugins, file an issue in the Jenkins JIRA for the specific component.
In this tutorial, you learned how to deploy to AKS by using Jenkins and the blue/green deployment pattern. To learn more about the Azure Jenkins provider, see the Jenkins on Azure site.