Set Up New Environment
Part 1: Set up a pipeline
To be able to deploy the code automatically when one commit the code to the repository, we need to create a pipeline that auto deploy the code, we use a Docker image to the new environment.
...
Go to https://dev.azure.com/transport-canada/Medical Certificate Processing/_build and click on create a new pipeline
Select Use the classic editor
Select the correct branch you need for the pipeline and click Continue
Under the Select a template select Empty job or Docker container
Give the pipeline a name
Under Get sources make sure to select the correct repo and branch
Under Agent job check that you have a check mark under Allow scripts to access the OAuth token
Click to add a task if you selected an empty job, if selected Docker container in step 4 you will have this task already.
Configure the first task “Build an image”. Under the Task version make sure to change it to 0.*. The Action should be Build an image. The Display name you can change to reflect building an image. Select the correct Subscription.
Select the Dockerfile by clicking on the 3 dots
Under Build Arguments add the following:
Code Block PAT=$(System.AccessToken) FEED_URL=https://pkgs.dev.azure.com/transport-canada/_packaging/DevOps-Nuget/nuget/v3/index.json
...
17. Configure the Triggers: Check “Enable continuous integration”
...
18. Configure the options. Make sure the Build number is in the following format:
Code Block |
---|
$(date:yyyyMMdd)$(rev:.r) |
...
19. Save the pipeline and run it. At this point all should be running correctly and the code should be in the container registry under Repository.
Pipeline on IIS Special consideration:
The following pipelines are using these configurations: CAMIS-SIMAC-API, CAMMS-SMMAC-Publisher and the CAMMS-SMMAC-Ocelot.
Configurations:
We add a File Transform task as in the picture
...
2. Add pipeline variables:
...
3. Add Variable groups and link them to the pipeline
...
4. All Variable groups are created and stored in the Library
...
Part 2: Set up and configure Azure AD
Setting up Azure portal involved few steps:
Activate your Developer role in order to configure Azure AD
< Azure Portal configurations etc >In order to configure and view some features in Azure AD we need to activate our Developer role for the day or for few hours. To do that go to Azure Ad Privileged Identity Management
...
Click on My roles
...
Click on Activate
...
Give a reason for activating your role and click continue
...
Once your role is activated you can continue to configure the other steps.
Configure App registrations
To do ..
How to set up app reg.
How to set up app roles
and all the other configurations under app reg.
...
API permissions
In API permission, our clients that don’t have the role “Application Developer” in Azure can have an error to open the website.
...
So, we need to grant TC/TC and admin consent required for all permissions.
...
Configure Groups
To do..
Why do we need a group
How to configure
What is the link with the other services on Azure AD like the app reg. groups etc.
...
Configure Container registries
Under Container registries we have 3 existing containers for Development, Test and Acceptance.
ncdsafsecsurcr → Development
nctsafsecsurcr → Test
ncasafsecsurcr → Acceptance
...
The repository holds all the images that are pushed to this Development environment
...
Configure App Services
Go to App Services and click on Create
...
Click Next: Docker to set up the Docker container with the correct image.
...
No more changes required, click Review + create.
Once created → We need to configure the following in app services:
Go to Configuration and create 3 new application settings with the correct value depending on the Environment:
ASPNETCORE_ENVIRONMENT
ASPNETCORE_FORWARDEDHEADERS_ENABLED
ENVIRONMENT
...
Go to TLS/SSL settings and click on “On” to enable HTTPS only
...
Go to Deployment center to verify that the settings are correct
...
Go to Identity to verify that the Status is ON
...
You will need the Object ID to search our App service for the Key vault.
Lastly, we can go to Overview to restart the app service and see the URL for our new environment
...
Configure Key vaults
To DO…
Configure the access policies
...
Click on he correct environment under Key vault.
Go to Access polices and add a new Access Policy
...
Select Get and List for all Secret permissions, Certificate permissions. Then click on None selected under Select principal to configure the Principal.
Enter the Object Id from the Identity under the App Service in order to find your Principal
...