Deploy Azure PostgreSQL on AKS using Azure DevOps Release Pipeline

The following Jumpstart scenario will guide you on how to use Azure DevOps (ADO) Release pipelines to deploy a “Ready to Go” environment so you can start using Azure Arc-enabled data services with Azure PostgreSQL on Azure Kubernetes Service (AKS) cluster using Azure ARM Template.

By the end of this scenario, you will have an Azure DevOps Release pipeline to deploy AKS cluster with an Azure Arc Data Controller (in “Directly Connected” mode, Azure PostgreSQL with a sample database and a Microsoft Windows Server 2022 (Datacenter) Azure VM, installed & pre-configured with all the required tools needed to work with Azure Arc Data Services.

NOTE: Currently, Azure Arc-enabled data services with PostgreSQL is in public preview.

NOTE: The following scenario is focusing the Azure DevOps Release pipeline creation. Once the pipeline has been created and the environment deployment has finished, the automation flow and next steps are as described on in the main bootstrap scenario

Prerequisites

  • Azure DevOps account set up with your organization and ready for project creation.

  • Install or update Azure CLI to version 2.36.0 and above. Use the below command to check your current installed version.

    az --version
    
  • Generate SSH Key (or use existing ssh key).

  • Create Azure service principal (SP)

    To be able to complete the scenario and its related automation, Azure service principal assigned with the “Contributor” role is required. To create it, login to your Azure account run the below command (this can also be done in Azure Cloud Shell).

    az login
    subscriptionId=$(az account show --query id --output tsv)
    az ad sp create-for-rbac -n "<Unique SP Name>" --role "Contributor" --scopes /subscriptions/$subscriptionId
    az ad sp create-for-rbac -n "<Unique SP Name>" --role "Security admin" --scopes /subscriptions/$subscriptionId
    az ad sp create-for-rbac -n "<Unique SP Name>" --role "Security reader" --scopes /subscriptions/$subscriptionId
    az ad sp create-for-rbac -n "<Unique SP Name>" --role "Monitoring Metrics Publisher" --scopes /subscriptions/$subscriptionId
    

    For example:

    az login
    subscriptionId=$(az account show --query id --output tsv)
    az ad sp create-for-rbac -n "JumpstartArcDataSvc" --role "Contributor" --scopes /subscriptions/$subscriptionId
    az ad sp create-for-rbac -n "JumpstartArcDataSvc" --role "Security admin" --scopes /subscriptions/$subscriptionId
    az ad sp create-for-rbac -n "JumpstartArcDataSvc" --role "Security reader" --scopes /subscriptions/$subscriptionId
    az ad sp create-for-rbac -n "JumpstartArcDataSvc" --role "Monitoring Metrics Publisher" --scopes /subscriptions/$subscriptionId
    

    Output should look like this:

    {
    "appId": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX",
    "displayName": "JumpstartArcDataSvc",
    "password": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX",
    "tenant": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX"
    }
    

    NOTE: If you create multiple subsequent role assignments on the same service principal, your client secret (password) will be destroyed and recreated each time. Therefore, make sure you grab the correct password.

    NOTE: The Jumpstart scenarios are designed with as much ease of use in-mind and adhering to security-related best practices whenever possible. It is optional but highly recommended to scope the service principal to a specific Azure subscription and resource group as well considering using a less privileged service principal account

Deployment

In this scenario, you will create a new Release pipeline to deploy the environment ARM template for this Jumpstart scenario.

  • In a new or an existing ADO project, start the process of creating a new release pipeline.

    Screenshot of creating new ADO pipeline

    Screenshot of creating new ADO pipeline

  • To create the pipeline, we will be using an empty job template and give it a name (once done click the X button).

    Screenshot of creating new empty job template

    Screenshot of creating new empty job template

  • Create a new task for the stage you have just created. This task will be the one for deploying the ARM template.

    Screenshot of creating new ARM template deployment task

    Screenshot of creating new ARM template deployment task

  • Click on the new task to start it’s configuration.

    Screenshot of deployment task config

  • When deploying an ARM template, the Azure Resource Manager connection and subscription must be provided.

    Screenshot of Azure Resource Manager connection config

    NOTE: For new ADO project, you will be asked to click the authorization button

    Screenshot of Azure subscription config

  • Provide the Azure resource group and location where all the resources will be deployed. Make sure to validate if the service is currently available in your Azure region.

    Screenshot of resource group and location config

  • As mentioned, the task will deployed the existing ARM template for deploying Azure Arc-enabled data services with PostgreSQL that in the Azure Arc Jumpstart GitHub repository.

    • Change the Template location to “URL of the file”

    • Copy the raw URLs for both the template and the parameters json files and paste it in it’s the proper field.

    • The deployment ARM template requires you provide parameters values. Click on the Edit Override template parameters to add your parameters values.

      Screenshot of ARM template config

    • sshRSAPublicKey - Your ssh public key

    • spnClientId - Your Azure service principal name

    • spnClientSecret - Your Azure service principal password

    • spnTenantId - Your Azure tenant ID

    • windowsAdminUsername - Client Windows VM admin username

    • windowsAdminPassword - Client Windows VM admin password

    • myIpAddress - Public IP address of your network

    • logAnalyticsWorkspaceName - Unique Log Analytics workspace name

    • deploySQLMI - SQL Managed Instance deployment (true/false)

    • SQLMIHA - SQL Managed Instance high-availability deployment (true/false)

    • deployPostgreSQL - PostgreSQL deployment (true/false)

    • clusterName - AKS cluster name

    • bastionHostName - Indicate whether to deploy bastion host to manage AKS

    • dnsPrefix - AKS unique DNS prefix

    • kubernetesVersion - AKS Kubernetes Version (See previous prerequisite)

      NOTE: Make sure that you are using the same Azure resource group name as the one you’ve just used in the azuredeploy.parameters.json file

      Screenshot of ARM template parameters config

      Screenshot of ARM template parameters config

      Screenshot of ARM template parameters config

      Screenshot of ARM template parameters config

  • Provide a deployment name.

    Screenshot of ARM template parameters config

  • Click the save button.

    Screenshot of config save

  • After saving the task configuration, continue to create the release pipeline.

    Screenshot of pipeline creation

    Screenshot of pipeline creation

    Screenshot of pipeline creation

    Screenshot of pipeline creation

  • Once done, click on the new release link. In this scenario, you will perform a manually triggering for the deployment. Once you do, click on the Logs button to see the progress.

    Screenshot of pipeline deployment

    Screenshot of pipeline deployment

    Screenshot of deployment progress logs

    Screenshot of deployment progress logs

  • Once completed, all the deployment resources will be available in the Azure portal.

    NOTE: Deployment time of the Azure resources (AKS + Windows VM) can take ~25-30 minutes.

    Screenshot of deployment completed

    Screenshot of Azure resources

  • As mentioned, this scenario is focusing on the Azure DevOps Release pipeline creation. At this point, now that you have the Azure resources created, continue to the next steps as described on in the main bootstrap scenario.