Test Azure deployments in your VSTS Release Pipeline

When deploying Azure Resources you want to know if all resources are deployed as expected. To check if the resources are correctly deployed you can open the portal and visually inspect the deployed recourses or you can also run some powershell to validate the resources. Why not automate these checks and add them to your deployment pipeline. To validate the resources, I extended the Pester Build Task to connect to Azure. A test that checks the deployment of a VM can look like:

Continue reading “Test Azure deployments in your VSTS Release Pipeline”

Advertisement

Versioning ARM Template deployments

When deploying resources on Azure with Azure Resource Manager you want to be in control of which resources are deployed and control their life span. To get the control you need to do deploy in a tested, standardized and reusable manner. This can be done by managing your resource creation as Infrastructure as Code.
Continue reading “Versioning ARM Template deployments”

Use VSTS to deploy Functions as Infrastructure as Code

Azure Functions enable you to easily run small pieces of code in the cloud. To do this right, you need to setup continuous delivery of the infrastructure and the code involved. Otherwise you will end with an uncontrolled environment where nobody knows what code is actually running. In this blog post I’ll describe how to setup a deployment pipeline for Functions with VSTS. This will enable you to deploy Functions as Infrastructure as Code.

From an deployment perspective an Azure Function contains of two parts:

1. Azure infrastructure
2. Function code

Both the ARM template and the code can be deployed from VSTS. By doing this, you can manage functions like any other Azure resource.
Continue reading “Use VSTS to deploy Functions as Infrastructure as Code”

Lock Azure resources to prevent accidental deletion

In some cases you want to protect critical resources from accidental deletion. Some examples are a storage account with source data for processing, a Key Vault with disk encryption keys, or another key component in your infrastructure. When losing some resources that are key in your infrastructure, recovery can be dramatic. Resource Manager locks will enable you to protect these critical resources from deletion.

Resource Manager locks
Resource Manager locks apply to the management function of the locked resources. The locks do not have any impact the normal functions of the resource. You have two possible types of locks on a resource:

Locking down a resource can save your contributors from accidently delete a critical resources. An ‘oeps… I deleted the wrong resources’ moment should be a thing of the past.

CannotDelete means authorized users can still read and modify a resource, but they can’t delete the resource.
ReadOnly means authorized users can read a resource, but they can’t delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.
Continue reading “Lock Azure resources to prevent accidental deletion”

Infrastructure as Code VSTS

Your team is in the process of developing a new application feature, and the infrastructure has to be adapted. The first step is to change a file in your source control system that describes your infrastructure. When the changed definition file is saved in your source control system, it triggers a new build and release. Your new infrastructure is deployed to your test environment, and the whole process to get the new infrastructure deployed took minutes while you only changed a definition file and you did not touch the infrastructure itself.
Continue reading “Infrastructure as Code VSTS”

Keep your ARM deployment secrets in the Key Vault

When creating new resource in Azure that have secrets like passwords or ssl certificates you can securely save them in the Key Vault and get them from the Key Vault when you deploy. Only the people who need access to the secrets can read and write them to the Key Vault. In a infrastructure as code scenario the secrets are supplied when deploying your templates to Azure. The code it self will be free of secrets.
Continue reading “Keep your ARM deployment secrets in the Key Vault”

Deploy a Marketplace Linux VM with disk encryption using ARM templates

VM with disk encryption

Continue reading “Deploy a Marketplace Linux VM with disk encryption using ARM templates”

Access Azure PAAS without internet access

In some Azure environments the organization limits the outbound internet traffic from their servers. There are scenarios where you need to access Azure PAAS services (blob storage, or Azure SQL database etc.). You have to block the access to the internet and enable access to the Azure IP ranges Microsoft reserved for a specific Azure datacenter. To be able to access the service I made a script that will generate the Network Security Groep Rules in ARM format to give access to Azure services.
Continue reading “Access Azure PAAS without internet access”

Using the Inline PowerShell VSTS task

The Inline PowerShell VSTS task enables you to execute PowerShell from a textbox within your build or release pipeline. You can run a PowerShell script on you agent or on Azure. The task can be installed from the Marketplace.
Continue reading “Using the Inline PowerShell VSTS task”

Parallel deployment with Azure PowerShell VSTS Release Tasks

Making better software starts with shortening the time it takes to get feedback. The less time between you start an action and its result, the bigger the chance you will do anything with the feedback. Faster is better!
Continue reading “Parallel deployment with Azure PowerShell VSTS Release Tasks”