Every once in a while I get the opportunity to kick-start a new and exciting project. ๐ This allows me to refresh my knowledge and gives me a real taste of the latest technology trends and techniques. This includes the setup of the automated delivery pipeline using one of my favorite development platforms: Azure DevOps. โค๏ธ In this post I will cover some of the steps to automate the release from Azure DevOps to your Azure resources.
Create a new release pipeline in Azure DevOps
The first thing that we need to is to create a new release pipeline. You can either start from scratch or select from a list of predefined deployment templates. I prefer to use the Azure App Service deployment template and will use it in the rest of this post. ๐
Connect the Azure subscription
After selecting the deployment template you will be asked to select the targeted Azure subscription containing the Azure App Service resoures. Via the drop down you get a list with all the available Azure subscriptions that you can access. When you select the desired Azure subscription you get asked to authorize to configure an Azure service connection:
This is where the fun starts. ๐ Whenever I hit the Authorize button I get the following error:
The error message states that my account has insufficient privileges to create the Azure service principals needed to access and deploy to the Azure App Service. ๐คทโโ๏ธ
Fortunately this can be fixed by manually creating the Azure service connection using an Azure App Registration. ๐
Create the Azure App Registration
In Azure portal within the Azure Active Directory goto the App registrations tab and create a new registration. Provide a user-facing display name (e.g. Azure DevOps Connection) and Register the app.
Note: You might not have enough permissions to access Azure Active Directory. In that case ask your friendly neighborhood system administrator for help. ๐
Create a new client secret a.k.a. application password that we can use later in the setup of the Azure service connection in Azure DevOps.
Tip: Store your application secrets and access keys in Azure Key Vault. ๐ฅ
The next step is to assign the correct permissions so that the app registration can access the required resources.
Provide access to the Azure App Registration
Navigate to the resource group containing the Azure App Services that will be used for the deployment. In the Access control (IAM) panel add a new role assignment:
We are now ready to manually create the Azure service connection. ๐
Configure a new Azure service connection
Switch back to the newly created release pipeline in Azure DevOps and click on the Manage link next to the Azure subscription:
Create a new service connection based on the Azure Resource Manager connection type and select the Service principal (manual) authentication method:
Note: the automatic and recommended authentication method will result in the same insufficient privileges error message as received earlier when hitting the Authorize button. ๐
Next provide the following data from your Azure Cloud subscription:
- Subscription Id
- Subscription Name
- Service Principal Id (App Registration Application ID)
- Service principal key (App Registration Client Secret created earlier on)
- Tenant ID
Tip: Use the search function in Azure portal to quickly navigate to Subscriptions to grab the subscription ID and name or navigate to the Tenant properties for the tenant ID. ๐ฏ
Finally verify and save the service connection and you are good to go! Happy deploying! ๐
Top comments (1)
Wonderful. Maybe sometime in the future you could share how to build a release pipeline