Failed to install Tiller

 [error]Error: tiller was not found. polling deadline exceeded

 helm init --upgrade --wait --service-account tiller

After removing the argument “–service-account tiller”, tiller can be installed or upgraded successfully:

 Tiller (the Helm server-side component) has been upgraded to the current version.Happy Helming!

If you enabled RBAC, you need to create a service account and keep the argument and value “–service-account tiller”

Please refer to https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/aks/kubernetes-helm.md

Failed to parse yaml file in “helm upgrade”

 [error]Error: YAML parse error on joineree/charts/joineree-identityserver/templates/deployment.yaml: error converting YAML to JSON: yaml: line 26: found unknown escape character

I troubleshooted this issue by:

• Verify all my yaml files to remove escape or tab characters - failed
• Run helm upgrade on AKS context (by passing values.Production.yaml) - failed
• Run helm upgrade on local Kubernetes context (by passing values.override.yaml) - succeed
• Run helm upgrade on local Kubernetes context (by passing values.Production.yaml) - failed

Then I realized my image/repository setting used “\” instead of “/”

 image:
   repository: jaycoder.azurecr.io\jaycoderprojectwebui

Time out in “helm upgrade”

 [error]Error: release jaycoder-aks failed: timed out waiting for the condition

I realized AKS had no permission to pull image from ACR, then I ran the following command to grant AKS

 #!/bin/bash

 AKS_RESOURCE_GROUP=JayCoder
 AKS_CLUSTER_NAME=JayCoder-AKS-Prod
 ACR_RESOURCE_GROUP=JayCoder
 ACR_NAME=JayCoder

 # Get the id of the service principal configured for AKS
 CLIENT_ID=$(az aks show --resource-group $AKS_RESOURCE_GROUP --name $AKS_CLUSTER_NAME --query "servicePrincipalProfile.clientId" --output tsv)

 # Get the ACR registry resource id
 ACR_ID=$(az acr show --name $ACR_NAME --resource-group $ACR_RESOURCE_GROUP --query "id" --output tsv)

 # Create role assignment
 az role assignment create --assignee $CLIENT_ID --role acrpull --scope $ACR_ID

Please refer to https://docs.microsoft.com/en-au/azure/container-registry/container-registry-auth-aks#grant-aks-access-to-acr

Useful resources on Youtube:

Jessica Deen

• https://www.youtube.com/watch?v=HMIxLaisKiI&t=1307s
• https://www.youtube.com/watch?v=d_kHKGiI7lU&t=1014s
• https://www.youtube.com/watch?v=aR2D7uqOM1o&t=617s

Houssem Dellai

• https://www.youtube.com/playlist?list=PLpbcUe4chE79s_9ZFNQpSRl8F0iSVhcM2

New release pipeline

Choose artifact as release source

In some scenarios, new docker image from ACR or Docker Hub can be set as “Source type” to trigger the release.

Select Helm Chart template to deploy to Kubernetes

Setup release tasks

• Authorize to Azure, Resource Group and AKS

  

• Install Helm - keep the default settings

  

• Helm Init - tick “Upgrade Tiller”

  

  Tiller is a service running at Kubernetes cluster to manage helm charts.

  Note: Arguments is empty, it will install both client and tiller.

  

• Helm Upgrade - install helm charts in Kubernetes

  

  Select tgz package from artifact, regex can be used e.g. helm-*.tgz

  Value File can be used to replace configuration for specific environment e.g. values.Staging.yaml or values.Production.yaml

  Command will be generated like:

    helm upgrade --install --reset-values --values /helm/values.Production.yaml --wait azuredevops /helm-0.1.0.tgz
  

  

New build pipeline

Select source control – every check-in to that branch will trigger the build process

NOTE: My demo code is not ready yet, I will push to github when ready

Start with an Empty job

Choose Ubuntu as agent pool to build Linux images

Add Docker Compose task to build images

• Fill in Azure Subscription and Container Registry

  It will authorize build agent to access to Azure and Container Registry Service (e.g. Azure Container Registry or Docker Hub)

• Select docker-compose files from source control

  Docker command will be generated based on Docker Compose File and Additional Docker Compose Files e.g.

    docker-compose -f docker-compose.yml -f docker-compose.production.yml build
  

• Select “Build service images” in Action dropdown

  

  

Clone the #5 task to push images to ACR

Just change Action to “Push service images”

Clone the #5 task to lock images

Just change Action to “Lock service images”

Add “Copy Files” task to copy environment configuration yaml files e.g. values.Production.yaml

Install helm client

• Fill in Azure Subscription, Resource group and Kubernetes group
• Select “init” in Command dropdown
• Set Arguments as “–client-only” to install helm client to package helm charts

Package helm charts

• Select “package” in Command dropdown
• Set Destination for the package to be saved in artifact

Publish Build Artifacts

Tools for local environment

• Azure CLI - https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest
• Docker Desktop - https://www.docker.com/products/docker-desktop
• Helm - https://github.com/helm/helm/releases

Get your Azure subscription

• Azure (12 months of free services and $200 in credit) - https://azure.microsoft.com/en-au/free/
• Visual Studio Dev Essential - https://visualstudio.microsoft.com/dev-essentials/
• Or your own subscription

Get your source control e.g. Azure DevOps, Github, etc

Azure DevOps is free with up to 5 users - https://azure.microsoft.com/en-au/services/devops/

Login Azure Portal - https://portal.azure.com

• Create an ACR (Azure Container Registry)

  

  If “Admin user” is enabled, [ACR Name] and [password1] or [password2] will be needed to run “docker login” locally before pull or push images.

    docker login --username [ACR Name] --password [Password] [ACR Name].azurecr.io
  

• Create an AKS (Azure Kubernetes Service) cluster

  Node size and Node count can be customized here

  

  PS: I didn’t enable RBAC in this example, but RBAC can be integrated with Azure AD https://docs.microsoft.com/en-us/azure/aks/aad-integration later.

  

  Network can be customized if “Advanced” is selected