Continuous Deployment with AKS and AGIC using Azure Pipelines
NOTE: Application Gateway for Containers has been released, which introduces numerous performance, resilience, and feature changes. Please consider leveraging Application Gateway for Containers for your next deployment.
To achieve an efficiently deployed and managed global infrastucture, it is important to setup workflows for continuous integration and deployment. Azure Devops
is one of the options to achieve this goal.
In following example, we setup a Azure Devops release pipeline to deploy an AKS cluster along with AGIC as ingress. This example is merely a scaffolding. You need to separately setup a build pipeline to install your application and ingress on the AKS cluster deployed as part of the release.
Setup up new service connection with service principal
Note: Skip if already have service connection with owner access for role assigment
-
Create a service principal to use with Azure Pipelines. This service principal will have owner access to current subscription. Access will be used to perform role assigement for AGIC identity in the pipeline.
az ad sp create-for-rbac -n azure-pipeline-cd --role owner # Copy the AppId and Password. We will use these in the next step.
-
Now, create a new service connection in Azure Devops. Select "use the full version of the service connection dialog" option so that you can provide the newly created service principal.
Create a new Azure release pipeline
We have prepared an example release pipeline. This pipeline has following tasks:
- Deploy AKS Cluster
- Create a user assigned identity used by AGIC Pod
- Install Helm
- Install AAD Pod identity
- Install AGIC
- Install a sample application (with ingress)
To use the example release pipeline,
- Download the template and import it to your project's release pipeline.
-
Now provide the required settings for all tasks:
- Select the correct
Agent Pool
and Agent Specification (ubuntu-18.04) - Select the newly created service connection for the
Create Kubernetes Cluster
andCreate AGIC Identity
tasks. -
Provide the values for
clientId
andclientSecret
that will be configured as cluster credentials for the AKS cluster. You should create a separate service principal for the AKS cluster for security reasons.# create a new one and copy the appId and password to the variable section in the pipeline az ad sp create-for-rbac -n aks-cluster
- Select the correct
-
Click
Save
. Now your pipeline is all set up.
Hit Create release
and provide a location(Azure region) where you want the cluster to be deployed.
Snapshot of how the AKS node resource group will look:
If this is your first deployment, AGIC will create a new application gateway. You should be able to visit the Application Gateway's ip address to visit the sample application.