Setup DevOps on AKS (Azure Kubernetes Service) - What I learned

• Prerequisites
• Setup Build Pipelines (CI)
• Setup Release Pipelines (CD)
• What I learned

1. Failed to install Tiller

    [error]Error: tiller was not found. polling deadline exceeded
   

    helm init --upgrade --wait --service-account tiller
   

   After removing the argument “–service-account tiller”, tiller can be installed or upgraded successfully:

    Tiller (the Helm server-side component) has been upgraded to the current version.Happy Helming!
   

   If you enabled RBAC, you need to create a service account and keep the argument and value “–service-account tiller”

   Please refer to https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/aks/kubernetes-helm.md

2. Failed to parse yaml file in “helm upgrade”

    [error]Error: YAML parse error on joineree/charts/joineree-identityserver/templates/deployment.yaml: error converting YAML to JSON: yaml: line 26: found unknown escape character
   

   I troubleshooted this issue by:

   • Verify all my yaml files to remove escape or tab characters - failed
   • Run helm upgrade on AKS context (by passing values.Production.yaml) - failed
   • Run helm upgrade on local Kubernetes context (by passing values.override.yaml) - succeed
   • Run helm upgrade on local Kubernetes context (by passing values.Production.yaml) - failed

   Then I realized my image/repository setting used “\” instead of “/”

    image:
      repository: jaycoder.azurecr.io\jaycoderprojectwebui
   

3. Time out in “helm upgrade”

    [error]Error: release jaycoder-aks failed: timed out waiting for the condition
   

   I realized AKS had no permission to pull image from ACR, then I ran the following command to grant AKS

    #!/bin/bash
   
    AKS_RESOURCE_GROUP=JayCoder
    AKS_CLUSTER_NAME=JayCoder-AKS-Prod
    ACR_RESOURCE_GROUP=JayCoder
    ACR_NAME=JayCoder
   
    # Get the id of the service principal configured for AKS
    CLIENT_ID=$(az aks show --resource-group $AKS_RESOURCE_GROUP --name $AKS_CLUSTER_NAME --query "servicePrincipalProfile.clientId" --output tsv)
   
    # Get the ACR registry resource id
    ACR_ID=$(az acr show --name $ACR_NAME --resource-group $ACR_RESOURCE_GROUP --query "id" --output tsv)
   
    # Create role assignment
    az role assignment create --assignee $CLIENT_ID --role acrpull --scope $ACR_ID
   

   Please refer to https://docs.microsoft.com/en-au/azure/container-registry/container-registry-auth-aks#grant-aks-access-to-acr

4. Useful resources on Youtube:

   Jessica Deen

   • https://www.youtube.com/watch?v=HMIxLaisKiI&t=1307s
   • https://www.youtube.com/watch?v=d_kHKGiI7lU&t=1014s
   • https://www.youtube.com/watch?v=aR2D7uqOM1o&t=617s

   Houssem Dellai

   • https://www.youtube.com/playlist?list=PLpbcUe4chE79s_9ZFNQpSRl8F0iSVhcM2