Getting started with GitOps, Argo, and Azure Kubernetes Service
First, what is GitOps? Is it the same as DevOps? I'm so glad you asked. Let's begin with a refresher on what DevOps is: "DevOps is the union of people, process, and products to enable the continuous delivery of value to our end users." ~ Donovan Brown Donovan puts it best - DevOps is a combination of several key factors: people, process, and products - but it starts with people. Getting started with DevOps involves a cultural shift, which means it's so much more than buzz words like agile, continuous integration, continuous deployment, automation, etc. While those buzz words have their place and are needed, truly embracing DevOps means creating a DevOps culture between your engineering teams - this includes developers, operations, security, and beyond.
Deploy app service with private endpoint enabled via Azure DevOps
There is a common scenario that customers want their app service being allocated inside private network and cannot be accessed by public network. Therefore, they usually enable private endpoint as well as configure Access Restriction to deny all the public traffic. When the private endpoint is enabled and public traffic is denied to the web app, all the public traffic to this app is cut off. Since there is a range of IP addresses where agents are deployed, they have a public IP. Obviously, these agents are unable to reach web app. As a solution, we can either allow the IP ranges list in the firewall or use self-hosted agents to deploy. You may check below document for more information Microsoft-hosted-agents for Azure Pipelines In below lab, we will demo 2 tests. One is what if we deploy code to a web app with private endpoint by Microsoft-agent and another one is how to deploy by a self-hosted agent. Lab Test1: deploy using Microsoft-hosted agent Result: We will see Error: Failed to deploy web package to App Service. Ip Forbidden (CODE: 403) since web app is not accessible via internet. Create a new pipeline Here, I select GitHub in this demo Deploy a Django app. So I choose the second one. Select subscription and web app name Save and run Web app is private endpoint enabled which means the inbound traffic needs to be a private IP from the same subnet as web app or an IP that has permission to access this app service. However, Microsoft-agent works over public network. It is deployed failed and the Error - Failed to deploy web package to App Service. Ip Forbidden (CODE: 403) Test2: deploy using self-hosted agent on Linux VM (Ubuntu 20.04) Result: it works fine. Deploy successfully. Create Linux VM (Ubuntu 20.04) in the same VNET as web app. In Azure Devops portal, Add agent pool Then New Agent and choose operating system of your build machine. (Here, I choose Linux) Get Personal Access Tokens New token and grant permission to agent pools Remember to record this token as it will not displayed again. SSH into Linux VM and configure agent to connect Azure pipeline Download and create agent Configure agent settings Sever URL: Please refer to Deploy an Azure Pipelines agent on Linux - Azure Pipelines | Microsoft Learn Run agent Check from portal that agent is online In order to get confused, we create a separated pipeline here. Creation Steps are the same as previous steps: New Pipeline -> GitHub -> Python to Linux Web App on Azure -> Select subscription -> Select web app name -> Save and run Modify the yml file. Change pool to the one just created. Then, run the pipeline again. We can see that it deployed successfully this time. References Deploy an Azure Pipelines agent on Linux - Azure Pipelines | Microsoft Learn Microsoft-hosted-agents for Azure PipelinesHow to deploy your Web App from Azure Pipeline with restricted access.
More and more users now choose to integrate App Service with Azure DevOps to streamline build and deployment process of their applications. The SCM site is the engine behind App Service for deployment, meaning that the release pipeline of Azure DevOps deploys code to the SCM site of an app. In most scenario, SCM site can be reached through public internet. Therefore, ensuring secure access to the site becomes more important. We can enable access restriction on SCM site or set up other firewall solutions to control incoming traffic to the site. Here we will introduce you on how to identify and whitelist deployment traffic from Azure pipeline to SCM site with access restriction. This article also applies when setting up the same rules in other firewall solutions.Extend the capabilities of your AKS deployments with Kubernetes Apps on Azure Marketplace
We’re excited to announce that Kubernetes Apps in the Azure Marketplace is now Generally Available. Azure Kubernetes Service (AKS) provides a robust and scalable managed Kubernetes platform for organizations running their most mission-critical applications on Azure. With Kubernetes Apps, teams can further extend the capabilities of their AKS deployments with a vibrant ecosystem of tested and transactable third-party solutions from industry-leading partners and popular open-source offerings.Introduction and Deployment of Backstage on Azure Kubernetes Service
In this Walkthrough we will learn about what Backstage is as well as how we can build and deploy it on Azure using multiple services including Azure Kubernetes Service, Azure Container Registry, Azure Databases for Postgresql and Entra ID
