Cloud can be tricky sometimes. Find out what scenarios we've ran into that are worth being mentioned and explained.
If you want to deploy ARM Templates by using Azure DevOps Pipelines, then you're in lukc - this article explains how to do this.
Let’s start with the basics and define what is Azure DevOps
If you are already deploying into Azure, you most probably found out about Azure DevOps, which is a Software as a Service (SaaS) platform hosted by Microsoft that helps in the developing and deploying software process by providing an end-to-end toolchain. Moreover, Azure DevOps is compatible with many leading tools on the market and allows you to deploy CI/CD Pipelines.
Mandatory things to be considered before starting to deploy
It is necessary to have in place some prior requirements before you can start the deployment of ARM templates by using Azure DevOps.
As so, you will need:
- Azure DevOps Project;
- Azure Service Principal;
- ARM code Sample.
I will explain below a little of each of these requirements and I will include a example of configuration.
Azure DevOps Project
When you use Azure DevOps to deploy ARM templates, you will need some kind of project. I will show you next how to create a new project.
You can find the official Microsoft documentation here, as a guide that explains how to create a DevOps Project similar to the one I will show below.
My DevOps project will be entitled cpopaARMTemplates.
Azure Service Principal
In you CI/CD pipeline, the best practice for DevOps is considered the Service Principal (SPN). In order for you to be allowed to deploy the relevant ARM code, the SPN functions as an identity that enables you to authenticate within the Azure Subscription.
I will demonstrate below how to create this manually. Although you can use PowerShell/CLI, I want to explain through this example how to do the initial setup for this.
To start creating something, you have to select the Project Settings button within the new Azure DevOps Project that you have created.
Then, select Service Connections.
Then, select Create Service Connection -> Azure Resource Manager -> Service Principal (Automatic)
For the scope level I selected Subscription and then I entered as shown below. For the Resource Group, I selected cpopaarm that I have created earlier.
You can now select Manage Service Principal to continue reviewing.
When I use this method to create, I like to give it a relevant name so that the SPN can be referenced easier in my Subscription. To do this, you select Manage Service Principal.
Manage -> Branding and then change the name as seen below:
If you want to give more IAM control for the subscription, you can also reference your SPN in an easier way. For this example, I want to give the SPN “contributor” access also to my subscription. You can see here the official Microsoft documentation for role assignment.
ARM Code sample
The ARM templates and parameters file seen below will create a virtual network that contains two subnets:
Use of Azure DevOps Pipelines when deploying ARM Templates
Now that the mandatory requirements have been created, we can start the configuration of Azure DevOps in order to deploy the ARM template into Azure.
We will use Azure Pipelines (YAML) with the task below to deploy: AzureResourceManagerTemplateDeployment@3
After the sequence above have been uploaded to the Azure DevOps Repo, we can start creating the pipeline.
To do so, select Pipeline -> New pipeline.
Then, select the repo and .yaml file:
After this save and run the pipeline.
Then, review the pipeline output: