Achraf Ben Alaya
No Result
View All Result
  • Home
  • News
  • Blog
    • blazor
    • c#
    • Cloud
      • Azure
    • docker
    • sql
    • xamarin
    • Dapr
    • Tricks, Tips and Fixes
    • General Tips & Fix
  • AI
  • Cloud
  • Motivation
  • Courses
  • About
    • Resume
    • Privacy Policy
SUBSCRIBE
  • Home
  • News
  • Blog
    • blazor
    • c#
    • Cloud
      • Azure
    • docker
    • sql
    • xamarin
    • Dapr
    • Tricks, Tips and Fixes
    • General Tips & Fix
  • AI
  • Cloud
  • Motivation
  • Courses
  • About
    • Resume
    • Privacy Policy
No Result
View All Result
Achraf Ben Alaya
No Result
View All Result
ADVERTISEMENT
Home Blog Cloud Azure

Part 5-A : Using Azure DevOps, Automate Your CI/CD Pipeline and Your Deployments

Part A : Creating Storage account and setting up service connection with azure devops

achraf by achraf
April 17, 2023
in Azure, Blog, Cloud, Kubernetes Service (AKS), Terrafrom
5 min read
1
Part 5-A : Using Azure DevOps, Automate Your CI/CD Pipeline and Your Deployments
0
SHARES
473
VIEWS
Share on FacebookShare on Twitter

Hello, it’s been a month and a half since I last wrote about aks and azure. It’s been a very busy time for me, particularly since I moved into a new apartment. However, I’ll be posting once a week going forward.

So let’s get going.

In this series, we’ll learn how to set up our infrastructure using Azure and Azure DevOps. We’ll learn how to establish aks, acr, and all the resources we’ll need for our project, including the storage account and the service connection.

You can follow the instructions in this document to deploy our infra as code , as for deployment we will use a private agent dedicated to our organisation , this article will not cover that ,you can follow the instruction in this article to see how to create a Self-hosted agent in azure and how to use it .

This article is a part of a series:

  1. Part 1 : How to setup nginx reverse proxy for aspnet core apps with and without Docker compose
  2. Part 2 :How to setup nginx reverse proxy && load balancer for aspnet core apps with Docker and azure kubernetes service
  3. Part 3 : How to configure an ingress controller using TLS/SSL for the Azure Kubernetes Service (AKS)
  4. Part 4 : switch to Azure Container Registry from Docker Hub
  5. Part 5 (A-B) : Using Azure DevOps, Automate Your CI/CD Pipeline and Your Deployments
  6. Part 6 : Using Github, Automate Your CI/CD Pipeline and Your Deployments
  7. Part 7 : Possible methods to reduce your costAnd today we are at this part

Part 5 – A : Creating Storage account and setting up service connection with azure DevOps

Part 5- B : Creating CI/CD pipeline

Part 1 : Creating The Storage account

Setting up the storage account for our infrastructure is so important detailed informations in this article  DevOps : Deploy infrastructure using Terraform and Azure DevOps pipelines

# Set the Azure subscription you want to use if you have multiple subscriptions
Set-AzContext -SubscriptionId <SubscriptionId>

<----------------------------------------------------------------------------------------------------->
# Set the resource group properties name and location
$rgName = "azure-loves-terraform-2023"
$location = "francecentral"

<----------------------------------------------------------------------------------------------------->
# Create the resource group
New-AzResourceGroup -Name $rgName -Location $location

<----------------------------------------------------------------------------------------------------->
#Create Storage account


$location = "francecentral"  
$rgName = "azure-loves-terraform-2023"  
$accountName = "mystorageaccount2023"

$st = New-AzStorageAccount -ResourceGroupName $rgName -Name $accountName `
    -Location $location -SkuName Standard_GRS -AccessTier Hot `
    -Kind StorageV2 -AllowCrossTenantReplication $false `
    -AllowBlobPublicAccess $false -PublicNetworkAccess Disabled `
    -RequireInfrastructureEncryption -MinimumTlsVersion TLS1_2

# Enable containers soft delete :  retention of 60 days.
Enable-AzStorageContainerDeleteRetentionPolicy -ResourceGroupName $rgName `
    -StorageAccountName $accountName `
    -RetentionDays 60

# Enable blob soft delete : retention of 60 days.
Enable-AzStorageBlobDeleteRetentionPolicy -ResourceGroupName $rgName `
    -StorageAccountName $accountName `
    -RetentionDays 60

# Enable change feed and versioning .
Update-AzStorageBlobServiceProperty -ResourceGroupName $rgName `
    -StorageAccountName $accountName `
    -EnableChangeFeed $true `
    -ChangeFeedRetentionInDays 60 `
    -IsVersioningEnabled $true

# Enable point-in-time restore with a retention period of 59 days.
# The retention period for point-in-time restore must be at least one day less than that set for soft delete.
Enable-AzStorageBlobRestorePolicy -ResourceGroupName $rgName `
    -StorageAccountName $accountName `
    -RestoreDays 59

# View the service settings.
Get-AzStorageBlobServiceProperty -ResourceGroupName $rgName `
    -StorageAccountName $accountName

and we will end up by having a storage account like this :

As you can see, a few configurations have been made up to safeguard and restore our storage account in the event of a malfunction.

for that we have enabled

  • Enable point-in-time restore for containers :  in order to restore one or more containers to an earlier state .
  • Enable soft delete for blobs : in order   to recover blobs that were previously marked for deletion, including blobs that were overwritten .
  • Enable soft delete for containers :  in order to ecover containers that were previously marked for deletion .
  • Enable versioning for blobs :  to automatically maintain previous versions of your blobs .

As you can see, we have disabled access to this storage account because, to be protected, it should only be accessible from the Self-hosted agent that we will establish a private endpoint with it.

Setting Private Endpoint :

This storage mainly will contain the tfsate for our Terraform .

We never know when we’ll need in-depth diagnostic and auditing information for the resources we’ve made, so I also advise turning on “Diagnostic settings” and sending all logs to Log Analytics workspace and archiving to a storage account.

Part 2: Create application registration

We must authorize Azure DevOps to deploy to the resource group we’ve established (azure-loves-terraform-2023) through a service connection we’re going to set up.

First thing we need to create an “App registrations”

and we need one more thing to do before we set up azure DevOps , is to create “Certificates & secrets”  (do not forgot to save the value because we are going to use it later )

Before moving on to Azure DevOps, there is still one more stage in which we will grant access control to the application we have created as the owner of our resource group (in other circumstances, I grant Contributor Role).

Now let’s setup Azure DevOps .

Part 3 : Create a service connection

First lets understand this ,a “Service Connection” represent a Service Principal in Azure AD,an identity which uses Headless authentication (think of it as a user who have some rights to do in a certain resources ) .

 

After you have entered all the necessary information, click Verify to check that the setup is correct. When you see Verification Succeed, click Save, and you are ready to go.

Now with this , the first part is set and ready , in the next part we will create the pipeline and deploy our aks .

 

ShareTweet
Previous Post

Configuring Self-hosted Agent In Azure DevOps Pipeline

Next Post

Part 5-B : Using Azure DevOps, Automate Your CI/CD Pipeline and Your Deployments

Related Posts

AI

Model Context Protocol (MCP): The Future of AI Integration

April 21, 2025
138
Azure

Step-by-Step Guide: Azure Front Door + Storage Account Static Website + Custom Domain with Terraform

March 11, 2025
283
Network Security & Route Tables – Checking NSGs, route tables, and service endpoints for a targeted VNET or Subnet
Azure

Network Security & Route Tables – Checking NSGs, route tables, and service endpoints for a targeted VNET or Subnet

February 3, 2025
143
Understanding Generative AI and RAG Benefits
AI

Understanding Generative AI and RAG Benefits

January 12, 2025
98
Azure Communication Services Email Sending Simplified: From Setup to Execution and Monitoring
Azure

Azure Communication Services Email Sending Simplified: From Setup to Execution and Monitoring

December 8, 2024
1.7k
PowerShell Automation for Azure Networks: Detailed VNET and Subnet Analysis
Azure

PowerShell Automation for Azure Networks: Detailed VNET and Subnet Analysis

November 2, 2024
514
Next Post
Part 5-A : Using Azure DevOps, Automate Your CI/CD Pipeline and Your Deployments

Part 5-B : Using Azure DevOps, Automate Your CI/CD Pipeline and Your Deployments

Comments 1

  1. Pingback: Part 5-C : Using Azure DevOps, Automate Your CI/CD Pipeline and Your Deployments – achraf ben alaya

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Terraform

Certifications

Microsoft certified trainer (MCT)

Recommended

 Azure Container Apps : User-Assigned Identity, ACR, and Key Vault

 Azure Container Apps : User-Assigned Identity, ACR, and Key Vault

November 12, 2023
219
Background Tasks With Hangfire And .Net 5

Background Tasks With Hangfire And .Net 5

January 25, 2021
3k
Xamarin.forms,Blazor and Web API

Xamarin.forms,Blazor and Web API

December 3, 2020
1.3k
Migrate and modernize your applications on Azure

Migrate and modernize your applications on Azure – Part – 00 (creating .Net 5.0 application )

March 29, 2021
326
How To Send Mail Using SQL Server

How To Send Mail Using SQL Server

April 20, 2020
296
Azure Policy for governance

Azure Policy for governance

August 29, 2020
1.4k
Facebook Twitter LinkedIn Youtube

Model Context Protocol (MCP): The Future of AI Integration

April 21, 2025

Step-by-Step Guide: Azure Front Door + Storage Account Static Website + Custom Domain with Terraform

March 11, 2025
Network Security & Route Tables – Checking NSGs, route tables, and service endpoints for a targeted VNET or Subnet

Network Security & Route Tables – Checking NSGs, route tables, and service endpoints for a targeted VNET or Subnet

February 3, 2025

Categories

  • AI (2)
  • Apps (1)
  • Azure (63)
  • blazor (2)
  • Blog (91)
  • c# (7)
  • Cloud (65)
  • Courses (3)
  • Dapr (4)
  • docker (4)
  • Games (1)
  • General Tips & Fix (1)
  • Home (1)
  • Kubernetes Service (AKS) (1)
  • motivation (2)
  • Motivation (3)
  • News (9)
  • Resume (1)
  • sql (4)
  • Terrafrom (1)
  • Tricks, Tips and Fixes (4)
  • xamarin (5)
No Result
View All Result
  • Home
  • News
  • Blog
    • blazor
    • c#
    • Cloud
      • Azure
    • docker
    • sql
    • xamarin
    • Dapr
    • Tricks, Tips and Fixes
    • General Tips & Fix
  • AI
  • Cloud
  • Motivation
  • Courses
  • About
    • Resume
    • Privacy Policy