CI/CD for AKS apps with Azure Pipelines

Azure Container Registry
Azure DevOps
Azure Kubernetes Service (AKS)
GitHub

Important

Microservices with AKS and Azure DevOps is a variant of Design a CI/CD pipeline using Azure DevOps. This article focuses on the AKS-specific facets of deploying AKS applications with Azure Pipelines.

Potential use cases

Use Azure Pipelines to deploy AKS applications.

Architecture

Architecture diagram of an AKS CI/CD pipeline using Azure Pipelines.

Download a Visio file of this architecture.

Dataflow

  1. A pull request (PR) to Azure Repos Git triggers a PR pipeline. This pipeline runs fast quality checks such as linting, building, and unit testing the code. If any of the checks fail, the PR doesn't merge. The result of a successful run of this pipeline is a successful merge of the PR.
  2. A merge to Azure Repos Git triggers a CI pipeline. This pipeline runs the same tasks as the PR pipeline with some important additions. The CI pipeline runs integration tests. These tests require secrets, so this pipeline gets those secrets from Azure Key Vault.
  3. The result of a successful run of this pipeline is the creation and publishing of a container image in a non-production Azure Container Registry.
  4. The completion of the CI pipeline triggers the CD pipeline.
  5. The CD pipeline deploys a YAML template to the staging AKS environment. The template specifies the container image from the non-production environment. The pipeline then performs acceptance tests against the staging environment to validate the deployment. A manual validation task is run if the tests succeed, requiring a person to validate the deployment and resume the pipeline. The manual validation step is optional. Some organizations will automatically deploy.
  6. If the manual intervention is resumed, the CD pipeline promotes the image from the non-production Azure Container Registry to the production registry.
  7. The CD pipeline deploys a YAML template to the production AKS environment. The template specifies the container image from the production environment.
  8. Container Insights periodically forwards performance metrics, inventory data, and health state information from container hosts and containers to Azure Monitor.
  9. Azure Monitor collects observability data such as logs and metrics so that an operator can analyze health, performance, and usage data. Application Insights collects all application-specific monitoring data, such as traces. Azure Log Analytics is used to store all that data.

Components

  • Container Insights collects logs and metrics and logs and forwards them to Azure Monitor.
  • Azure Container Registry is a managed, private container registry service on Azure. Use Container Registry to store private container images.
  • Azure Kubernetes Service is a managed Kubernetes service where Azure handles critical tasks, like health monitoring and maintenance.
  • Defender for DevOps performs static analysis and helps you gain visibility of security postures across multiple pipelines in AKS development and deployment.

Next steps