Achraf Ben Alaya
No Result
View All Result
  • Home
  • News
  • Blog
    • blazor
    • c#
    • Cloud
      • Azure
    • docker
    • sql
    • xamarin
    • Dapr
    • Tricks, Tips and Fixes
  • Cloud
  • Motivation
  • General Tips & Fix
  • About
    • Resume
SUBSCRIBE
  • Home
  • News
  • Blog
    • blazor
    • c#
    • Cloud
      • Azure
    • docker
    • sql
    • xamarin
    • Dapr
    • Tricks, Tips and Fixes
  • Cloud
  • Motivation
  • General Tips & Fix
  • About
    • Resume
No Result
View All Result
Achraf Ben Alaya
No Result
View All Result
ADVERTISEMENT
Home Blog Cloud Azure

Part 5-A : Using Azure DevOps, Automate Your CI/CD Pipeline and Your Deployments

Part A : Creating Storage account and setting up service connection with azure devops

achraf by achraf
April 17, 2023
in Azure, Blog, Cloud, Kubernetes Service (AKS), Terrafrom
5 min read
1
Part 5-A : Using Azure DevOps, Automate Your CI/CD Pipeline and Your Deployments
0
SHARES
222
VIEWS
Share on FacebookShare on Twitter

Hello, it’s been a month and a half since I last wrote about aks and azure. It’s been a very busy time for me, particularly since I moved into a new apartment. However, I’ll be posting once a week going forward.

So let’s get going.

In this series, we’ll learn how to set up our infrastructure using Azure and Azure DevOps. We’ll learn how to establish aks, acr, and all the resources we’ll need for our project, including the storage account and the service connection.

You can follow the instructions in this document to deploy our infra as code , as for deployment we will use a private agent dedicated to our organisation , this article will not cover that ,you can follow the instruction in this article to see how to create a Self-hosted agent in azure and how to use it .

This article is a part of a series:

  1. Part 1 : How to setup nginx reverse proxy for aspnet core apps with and without Docker compose
  2. Part 2 :How to setup nginx reverse proxy && load balancer for aspnet core apps with Docker and azure kubernetes service
  3. Part 3 : How to configure an ingress controller using TLS/SSL for the Azure Kubernetes Service (AKS)
  4. Part 4 : switch to Azure Container Registry from Docker Hub
  5. Part 5 (A-B) : Using Azure DevOps, Automate Your CI/CD Pipeline and Your Deployments
  6. Part 6 : Using Github, Automate Your CI/CD Pipeline and Your Deployments
  7. Part 7 : Possible methods to reduce your costAnd today we are at this part

Part 5 – A : Creating Storage account and setting up service connection with azure DevOps

Part 5- B : Creating CI/CD pipeline

Part 1 : Creating The Storage account

Setting up the storage account for our infrastructure is so important detailed informations in this article  DevOps : Deploy infrastructure using Terraform and Azure DevOps pipelines

# Set the Azure subscription you want to use if you have multiple subscriptions
Set-AzContext -SubscriptionId <SubscriptionId>

<----------------------------------------------------------------------------------------------------->
# Set the resource group properties name and location
$rgName = "azure-loves-terraform-2023"
$location = "francecentral"

<----------------------------------------------------------------------------------------------------->
# Create the resource group
New-AzResourceGroup -Name $rgName -Location $location

<----------------------------------------------------------------------------------------------------->
#Create Storage account


$location = "francecentral"  
$rgName = "azure-loves-terraform-2023"  
$accountName = "mystorageaccount2023"

$st = New-AzStorageAccount -ResourceGroupName $rgName -Name $accountName `
    -Location $location -SkuName Standard_GRS -AccessTier Hot `
    -Kind StorageV2 -AllowCrossTenantReplication $false `
    -AllowBlobPublicAccess $false -PublicNetworkAccess Disabled `
    -RequireInfrastructureEncryption -MinimumTlsVersion TLS1_2

# Enable containers soft delete :  retention of 60 days.
Enable-AzStorageContainerDeleteRetentionPolicy -ResourceGroupName $rgName `
    -StorageAccountName $accountName `
    -RetentionDays 60

# Enable blob soft delete : retention of 60 days.
Enable-AzStorageBlobDeleteRetentionPolicy -ResourceGroupName $rgName `
    -StorageAccountName $accountName `
    -RetentionDays 60

# Enable change feed and versioning .
Update-AzStorageBlobServiceProperty -ResourceGroupName $rgName `
    -StorageAccountName $accountName `
    -EnableChangeFeed $true `
    -ChangeFeedRetentionInDays 60 `
    -IsVersioningEnabled $true

# Enable point-in-time restore with a retention period of 59 days.
# The retention period for point-in-time restore must be at least one day less than that set for soft delete.
Enable-AzStorageBlobRestorePolicy -ResourceGroupName $rgName `
    -StorageAccountName $accountName `
    -RestoreDays 59

# View the service settings.
Get-AzStorageBlobServiceProperty -ResourceGroupName $rgName `
    -StorageAccountName $accountName

and we will end up by having a storage account like this :

As you can see, a few configurations have been made up to safeguard and restore our storage account in the event of a malfunction.

for that we have enabled

  • Enable point-in-time restore for containers :  in order to restore one or more containers to an earlier state .
  • Enable soft delete for blobs : in order   to recover blobs that were previously marked for deletion, including blobs that were overwritten .
  • Enable soft delete for containers :  in order to ecover containers that were previously marked for deletion .
  • Enable versioning for blobs :  to automatically maintain previous versions of your blobs .

As you can see, we have disabled access to this storage account because, to be protected, it should only be accessible from the Self-hosted agent that we will establish a private endpoint with it.

Setting Private Endpoint :

This storage mainly will contain the tfsate for our Terraform .

We never know when we’ll need in-depth diagnostic and auditing information for the resources we’ve made, so I also advise turning on “Diagnostic settings” and sending all logs to Log Analytics workspace and archiving to a storage account.

Part 2: Create application registration

We must authorize Azure DevOps to deploy to the resource group we’ve established (azure-loves-terraform-2023) through a service connection we’re going to set up.

First thing we need to create an “App registrations”

and we need one more thing to do before we set up azure DevOps , is to create “Certificates & secrets”  (do not forgot to save the value because we are going to use it later )

Before moving on to Azure DevOps, there is still one more stage in which we will grant access control to the application we have created as the owner of our resource group (in other circumstances, I grant Contributor Role).

Now let’s setup Azure DevOps .

Part 3 : Create a service connection

First lets understand this ,a “Service Connection” represent a Service Principal in Azure AD,an identity which uses Headless authentication (think of it as a user who have some rights to do in a certain resources ) .

 

After you have entered all the necessary information, click Verify to check that the setup is correct. When you see Verification Succeed, click Save, and you are ready to go.

Now with this , the first part is set and ready , in the next part we will create the pipeline and deploy our aks .

 

ShareTweet
Previous Post

Configuring Self-hosted Agent In Azure DevOps Pipeline

Next Post

Part 5-B : Using Azure DevOps, Automate Your CI/CD Pipeline and Your Deployments

Related Posts

Block the default URL assigned to the azure web app using azure application gateway
Azure

Block the default URL assigned to the azure web app using azure application gateway

May 31, 2023
56
Block the default URL assigned to the azure web app
Blog

Block the default URL assigned to the azure web app

May 14, 2023
215
What if we can check the cost of Azure resources in a juts few seconds
Azure

What if we can check the cost of Azure resources in a juts few seconds

May 9, 2023
331
Part 5-A : Using Azure DevOps, Automate Your CI/CD Pipeline and Your Deployments
Azure

Part 5-C : Using Azure DevOps, Automate Your CI/CD Pipeline and Your Deployments

May 2, 2023
216
15 E-books that focus on learning Microsoft Azure Cloud
Azure

15 E-books that focus on learning Microsoft Azure Cloud

April 23, 2023
102
Part 5-A : Using Azure DevOps, Automate Your CI/CD Pipeline and Your Deployments
Cloud

Part 5-B : Using Azure DevOps, Automate Your CI/CD Pipeline and Your Deployments

April 20, 2023
123
Next Post
Part 5-A : Using Azure DevOps, Automate Your CI/CD Pipeline and Your Deployments

Part 5-B : Using Azure DevOps, Automate Your CI/CD Pipeline and Your Deployments

Comments 1

  1. Pingback: Part 5-C : Using Azure DevOps, Automate Your CI/CD Pipeline and Your Deployments – achraf ben alaya

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Terraform

Certifications

Microsoft certified trainer (MCT)

Recommended

Azure Tips

Azure Tips

April 28, 2020
327
Block the default URL assigned to the azure web app

Block the default URL assigned to the azure web app

May 14, 2023
215
The easiest way to deploy a website to Azure with Azure App Service

The easiest way to deploy a website to Azure with Azure App Service

April 21, 2020
544
Where is my Money ! The Proper way To Shutdown Azure VM

Where is my Money ! The Proper way To Shutdown Azure VM

November 2, 2020
556
Auto Post and Schedule Tweets & Linkedin using Azure Logic Apps

Auto Post and Schedule Tweets & Linkedin using Azure Logic Apps

April 14, 2021
380
Swagger & OpenAPI and Versioning for ASP.NET Core

Swagger & OpenAPI and Versioning for ASP.NET Core

December 8, 2020
1.1k
Facebook Twitter LinkedIn Youtube
Block the default URL assigned to the azure web app using azure application gateway

Block the default URL assigned to the azure web app using azure application gateway

May 31, 2023
Block the default URL assigned to the azure web app

Block the default URL assigned to the azure web app

May 14, 2023
What if we can check the cost of Azure resources in a juts few seconds

What if we can check the cost of Azure resources in a juts few seconds

May 9, 2023

Categories

  • Apps (1)
  • Azure (46)
  • blazor (2)
  • Blog (70)
  • c# (7)
  • Cloud (45)
  • Dapr (4)
  • docker (3)
  • Games (1)
  • General Tips & Fix (1)
  • Kubernetes Service (AKS) (1)
  • motivation (2)
  • Motivation (3)
  • News (9)
  • Resume (1)
  • sql (4)
  • Terrafrom (1)
  • Tricks, Tips and Fixes (3)
  • xamarin (5)
No Result
View All Result
  • Home
  • News
  • Blog
    • blazor
    • c#
    • Cloud
      • Azure
    • docker
    • sql
    • xamarin
    • Dapr
    • Tricks, Tips and Fixes
  • Cloud
  • Motivation
  • General Tips & Fix
  • About
    • Resume