Categories
00 - Cloud-Native App Dev

How to rock CI/CD with Azure DevOps and OpenShift in 6 easy steps

Azure DevOps enables you to build, test, and deploy any application to any cloud or on premises. Red Hat OpenShift is the leading enterprise Kubernetes platform, built for an open hybrid cloud strategy. Learn how to configure release pipelines in Azure DevOps and deploy your applications on Red Hat OpenShift.

In this tutorial I am going to show you how-to set up a CI/CD pipeline in Azure DevOps that builds a small .NET application and finally deploys it to OpenShift.

The steps are based on the Microsoft learning path module Automate multi-container Kubernetes deployments with Azure Pipelines. But instead of deploying to AKS, the application is deployed on OpenShift.

6 steps to success

  1. Set up a OpenShift Kubernetes cluster
  2. Set up an Azure DevOps environment
  3. Create an Azure Container Registry
  4. Create Kubernetes connection
  5. Update a few Kubernetes manifests and the pipeline
  6. Build and deploy the application to OpenShift

Setup your OpenShift Kubernetes cluster

Microsoft Azure Red Hat OpenShift or a self-managed OpenShift Cluster on Azure are great options. However, in this tutorial we are using the Developer Sandbox for Red Hat OpenShift, because it is quick and free.

Get your Developer Sandbox

Navigate to Get started in the Sandbox and hit Launch your Developer Sandbox for Red Hat OpenShift. Log in to your Red Hat account (Don’t have an account? Simply create your free account here). Now login into your Red Hat OpenShift development cluster by selecting Start using your sandbox.

The sandbox contains two projects/namespaces: <redhat-account-name>-dev and <redhat-account-name>-stage.

Download the oc OpenShift Command Line Interface (CLI) via the questions mark and select Command line tools.

Login with the oc CLI by,

  • navigating to the top-right in the console select under your name Copy login command, and Display token,
  • and enter the displayed oc login command in a shell on your computer. E.g.,
$ oc login --token=sha256~xxxyyyzz --server=https://api.sandbox-xxxyyyzzz.openshiftapps.com:6443
Code language: Bash (bash)

Create a service account for Azure DevOps

Switch to the stage project:

$ oc project <redhat-account-name>-stage
Code language: HTML, XML (xml)

Create a service account for Azure DevOps:

$ cat << EOF | oc apply -f - apiVersion: v1 kind: ServiceAccount metadata: name: azure-sa EOF serviceaccount/azure-sa created

Add the edit role to the service account:

$ oc policy add-role-to-user edit system:serviceaccount:<redhat-account-name>:azure-sa clusterrole.rbac.authorization.k8s.io/edit added
Code language: HTML, XML (xml)

Set up your Azure DevOps environment

Follow the instructions in Exercise – Set up your Azure DevOps environment with a few exceptions:

  1. Don’t deploy the Azure Kubernetes Service.
  2. Skip the az role assignment create command to create a role assignment to authorise the AKS cluster to connect to the Azure Container Registry.
  3. Don’t create the service connection to Azure Kubernetes Service.
  4. Don’t create an environment for Azure Kubernetes Service, but a generic Kubernetes environment for OpenShift.
You might want to open this blog post and the Microsoft learning path module side by side to follow the tutorial without getting lost.

Create a generic Kubernetes environment for OpenShift

  1. In Azure DevOps, under Pipelines, select Environments.
  2. Select Create environment.
  3. Under Name, enter openshift-sandbox.
  4. Under Resource, select Kubernetes.
  1. Select Next.
  2. Under Provider, select Generic provider (exiting service account).
  3. Under Cluster Name, enter sandbox.
  4. Under Namespace, enter <redhat-account-name>-stage.
  5. Run kubectl config view --minify -o jsonpath={.clusters[0].cluster.server} and enter the URL under Server URL.
  6. Switch to the stage project/namespace and get the service account secret.
$ oc project <redhat-account-name>-stage $ kubectl get serviceAccounts azure-sa -o=jsonpath={.secrets[*].name} azure-sa-dockercfg-w8b9s azure-sa-token-dkhx8 # Use the token from the output ^^^ $ kubectl get secret azure-sa-token-dkhx8 -o json { "apiVersion": "v1", "data": { ... }, "type": "kubernetes.io/service-account-token" }
Code language: PHP (php)
  1. Under Secret, enter the json output from the last command.
  2. Select Validate and create
  1. Under Project Settings, select Service Connection.
  2. Copy the name of the new Kubernetes service connection openshift-sandbox-<redhat-account-name>-stage-######. E.g, openshift-sandbox-stefan-bergstein-stage-1621852211065

Update the Kubernetes deployment manifest in your GitHub source project

Follow the last instructions in Exercise – Set up your Azure DevOps environment under Update the Kubernetes deployment manifest.

Deploy a multi-container application to Kubernetes

Switch the application to non-privileged

First we will update a few manifests so that the application runs well as non-root, because privileged containers are not allowed by default on OpenShift:

  1. Update the two Dockerfiles so that the application runs well as non-root.
  2. Update the containerPort in the deployment.yml
  3. Update the service.yaml with the correct ports and add an openshift route.

Update the two Dockerfiles so that the application runs well as non-root:

Go to your GitHub repository and update:

  • mslearn-tailspin-spacegame-web-kubernetes/Tailspin.SpaceGame.LeaderboardContainer/Dockerfile
  • mslearn-tailspin-spacegame-web-kubernetes/Tailspin.SpaceGame.Web/Dockerfile

In each file, replace EXPOSE 80 with the following lines:

# Serve on port 8080, we cannot serve on port 80 with a custom user that is not root. ENV ASPNETCORE_URLS=http://+:8080 EXPOSE 8080
Code language: PHP (php)

Next, edit the file mslearn-tailspin-spacegame-web-kubernetes/manifests/deployment.yml and change the containerPort to 8080. Double-check that the image contains your ACR name.

Update the service.yaml with the correct ports and add an openshift route:

apiVersion: v1 kind: Service metadata: name: leaderboard spec: selector: app: leaderboard ports: - protocol: TCP port: 80 targetPort: 8080 --- apiVersion: v1 kind: Service metadata: name: web spec: selector: app: web ports: - protocol: TCP port: 80 targetPort: 8080 --- kind: Route apiVersion: route.openshift.io/v1 metadata: name: web spec: to: kind: Service name: web weight: 100 port: targetPort: 8080 wildcardPolicy: None

Save, stage, commit and push all the changes.

Update the pipeline

In this part, you’ll:

  • Update the pipeline to support CI/CD on a commit to the master branch.
  • Define some pipeline variables to make the build pipeline easier to maintain.
  • Add a task to build and publish the leaderboard container to your container registry.
  • Add a task to publish Kubernetes manifests from the Build stage so that they can be downloaded for use in the Deploy stage.
  • Add a task to create an image pull secret for use between your Kubernetes and container registry instances.
  • Add a task to deploy updated images to a Kubernetes cluster.
  • Save the pipeline to trigger a CI/CD workflow.

Follow the instructions in Exercise – Deploy a multi-container solution to Kubernetes with a few exceptions:

  1. Set the environment to 'openshift-sandbox.<redhat-account-name>-stage' instead of 'spike.default'
  2. Set the kubernetesServiceConnection to service connection you copied above: openshift-sandbox-<redhat-account-name>-stage-######. E.g, openshift-sandbox-stefan-bergstein-stage-1621852211065
  3. Set the namespace to '<redhat-account-name>-stage' instead of 'default'
  4. In the section Save the pipeline to trigger a build and release, please use the OpenShift Console to get the URL of the deployed application.

You can follow the Pipeline run in Azure DevOps:

Check the deployed application in OpenShift

Open your OpenShift Developer Console of your Sandbox and navigate to the topology of your stage project. Two deployments are running:

Select the web deployment and then the Resources tab.

Launch the web frontend of the application by selecting the URL of the displayed route. The SPACE GAME will come up:

Great work! In this tutorial, you updated a Azure DevOps release pipeline to build, publish, and deploy a two container .NET application to OpenShift.

Troubleshooting

Compare your changes with the files in this example repository: https://github.com/stefan-bergstein/mslearn-tailspin-spacegame-web-kubernetes/tree/openshift_sandbox

By Stefan Bergstein

Solution Architect at Red Hat with a focus on innovative open source software solutions for the manufacturing industry. IoT, Machine Learning and open source enthusiast. Event host for the Stuttgart Industrie 4.0 and IoT Meetup.

One reply on “How to rock CI/CD with Azure DevOps and OpenShift in 6 easy steps”

Leave a Reply