Monday, 22 July 2024

Configure Azure Deployment Environments

Configure Azure Deployment Environments

A dev center is the top-level resource for Azure Deployment Environments that contains the collection of development projects. In the dev center, you specify the common configuration for your projects, such as catalogs with application templates, and the types of environments to which development teams can deploy their code.

A platform engineering team typically sets up the dev center, attaches external catalogs to the dev center, creates projects, and provides access to development teams. Development teams then create environments by using environment definitions, connect to individual resources, and deploy applications.

After you complete this quickstart, developers can use the developer portal, the Azure CLI, or the Azure Developer CLI to create environments in the project to deploy their applications.

To learn more about the components of Azure Deployment Environments, see Key concepts for Azure Deployment Environments.

You need to perform the steps in this quickstart and then create a project before you can create a deployment environment. Alternatively to creating these resources manually, you can also follow this quickstart to deploy the dev center and project using an ARM template.

Prerequisites

  • An Azure account with an active subscription. Create an account for free.
  • Azure role-based access control role with permissions to create and manage resources in the subscription, such as Contributor or Owner.

Create a dev center

First, you create a dev center and attach a catalog to it. The catalog contains the application templates, called environment definitions, that development teams can use to create environments. In this quickstart, you attach the Microsoft quick start catalog, which contains sample environment definitions to help you get started.

To create and configure a dev center in Azure Deployment Environments by using the Azure portal:

  1. Sign in to the Azure portal.

  2. Search for Azure Deployment Environments, and then select the service in the results.

  3. In Dev centers, select Create.

    Screenshot that shows how to create a dev center in Azure Deployment Environments.

  4. In Create a dev center, on the Basics tab, select or enter the following information:

    NameValue
    SubscriptionSelect the subscription in which you want to create the dev center.
    Resource groupEither use an existing resource group or select Create new and enter a name for the resource group.
    NameEnter a name for the dev center.
    LocationSelect the location or region where you want to create the dev center.
    Attach a quick start catalogSelect the Azure deployment environment definitions checkbox.
    Clear the Dev box customization tasks checkbox.
  5. Select Review + Create.

  6. On the Review tab, wait for deployment validation, and then select Create.

  7. You can check the progress of the deployment in your Azure portal notifications.

    Screenshot that shows portal notifications to confirm the creation of a dev center.

  8. When the creation of the dev center is complete, select Go to resource. Confirm that you see the dev center overview pane.

    Screenshot that shows the dev center overview pane.

Configure a managed identity for the dev center

To allow the creation of environments, the dev center requires permissions on the subscription. You can attach an identity to the dev center, and then assign the necessary permissions to that identity. You can attach either a system-assigned managed identity or a user-assigned managed identity. Learn about the two types of identities.

In this quickstart, you configure a system-assigned managed identity for your dev center. You then assign roles to the managed identity to allow the dev center to create environment types in your subscription.

Attach a system-assigned managed identity

To attach a system-assigned managed identity to your dev center:

  1. In your dev center, on the left menu under Settings, select Identity.

  2. Under System assigned, set Status to On, and then select Save.

    Screenshot that shows a system-assigned managed identity.

  3. In the Enable system assigned managed identity dialog, select Yes. It might take a few minutes for the rest of the fields to appear.

Assign roles for the dev center managed identity

The managed identity that represents your dev center requires access to the subscription where you configure the project environment types, and to the catalog.

  1. In your dev center, on left menu under Settings, select Identity.

  2. Under System assigned > Permissions, select Azure role assignments.

    Screenshot that shows a system-assigned managed identity with Role assignments highlighted.

  3. To give Contributor access to the subscription, select Add role assignment (Preview), enter or select the following information, and then select Save:

    NameValue
    ScopeSubscription
    SubscriptionSelect the subscription in which to use the managed identity.
    RoleContributor
  4. To give User Access Administrator access to the subscription, select Add role assignment (Preview), enter or select the following information, and then select Save:

    NameValue
    ScopeSubscription
    SubscriptionSelect the subscription in which to use the managed identity.
    RoleUser Access Administrator

Create an environment type

Use an environment type to help you define the different types of environments your development teams can deploy. You can apply different settings for each environment type.

  1. In the Azure portal, go to Azure Deployment Environments.

  2. In Dev centers, select your dev center.

  3. In the left menu under Environment configuration, select Environment types, and then select Create.

  4. In Create environment type, enter the following information, and then select Add.

    NameValue
    NameEnter a name for the environment type.
    TagsOptionally, enter a tag name and a tag value.

    Screenshot that shows the Create environment type pane.

An environment type that you add to your dev center is available in each project in the dev center, but environment types aren't enabled by default. When you enable an environment type at the project level, the environment type determines the managed identity and subscription that are used to deploy environments.

Create a project

In Azure Deployment Environments, a project represents a team or business function within the organization. For example, you might create a project for the implementation of an e-commerce application, which has a development, staging, and production environment. For another project, you might define a different configuration.

When you associate a project with a dev center, all the settings for the dev center are automatically applied to the project. Each project can be associated with only one dev center.

To create an Azure Deployment Environments project in your dev center:

  1. In the Azure portal, go to Azure Deployment Environments.

  2. In the left menu under Configure, select Projects.

  3. In Projects, select Create.

  4. In Create a project, on the Basics tab, enter or select the following information:

    NameValue
    SubscriptionSelect the subscription in which you want to create the project.
    Resource groupEither use an existing resource group or select Create new and enter a name for the resource group.
    Dev centerSelect a dev center to associate with this project. All settings for the dev center apply to the project.
    NameEnter a name for the project.
    Description (Optional)Enter any project-related details.
  5. On the Review + Create tab, wait for deployment validation, and then select Create.

  6. Confirm that the project was successfully created by checking your Azure portal notifications. Then, select Go to resource. Confirm that you see the project overview pane.

Create a project environment type

In Azure Deployment Environments, project environment types are a subset of the environment types that you configure for the dev center. They help you preconfigure the types of environments that specific development teams can create.

To configure a project, add a project environment type:

  1. In the Azure portal, go to your project.

  2. In the left menu under Environment configuration, select Environment types, and then select Add.

    Screenshot that shows the Environment types pane.

  3. In Add environment type to <project-name>, enter or select the following information:

    NameValue
    TypeSelect a dev center level environment type to enable for the specific project.
    Deployment subscriptionSelect the subscription in which the environment is created.
    Deployment identitySelect either a system-assigned identity or a user-assigned managed identity to perform deployments on behalf of the user.
    Permissions on environment resources > Environment creator role(s)Select the roles to give access to the creator of the environment resources.
    Permissions on environment resources > Additional accessSelect the users or Microsoft Entra groups to assign to specific roles on the environment resources.
    TagsEnter a tag name and a tag value. These tags are applied on all resources that are created as part of the environment.

 Note

At least one identity (system-assigned or user-assigned) must be enabled for deployment identity. The identity is used to perform the environment deployment on behalf of the developer. Additionally, the identity attached to the dev center should be assigned the Contributor and the User Access Admistrator roles for access to the deployment subscription for each environment type.

Give access to the development team

Before developers can create environments based on the environment types in a project, you must provide access for them through a role assignment at the level of the project. The Deployment Environments User role enables users to create, manage, and delete their own environments. You must have sufficient permissions to a project before you can add users to it.

  1. In the Azure portal, go to your project.

  2. In the left menu, select Access control (IAM).

  3. Select Add > Add role assignment.

  4. Assign the following role. For detailed steps, see Assign Azure roles using the Azure portal.

    SettingValue
    RoleSelect Deployment Environments User.
    Assign access toSelect User, group, or service principal.
    MembersSelect the users or groups you want to have access to the project.

    Screenshot that shows the Add role assignment pane.

Create a chaos experiment that uses an agent-based fault with the Azure portal

 

Create a chaos experiment that uses an agent-based fault with the Azure portal

You can use these same steps to set up and run an experiment for any agent-based fault. An agent-based fault requires setup and installation of the chaos agent. A service-direct fault runs directly against an Azure resource without any need for instrumentation.

Prerequisites

Enable Chaos Studio on your virtual machine

Chaos Studio can't inject faults against a VM unless that VM was added to Chaos Studio first. To add a VM to Chaos Studio, create a target and capabilities on the resource. Then you install the chaos agent.

Virtual machines have two target types. One target type enables service-direct faults (where no agent is required). Another target type enables agent-based faults (which requires the installation of an agent). The chaos agent is an application installed on your VM as a VM extension. You use it to inject faults in the guest operating system.

Enable the chaos target, capabilities, and agent

 Important

Prior to finishing the next steps, you must create a user-assigned managed identity. Then you assign it to the target VM or virtual machine scale set.

  1. Open the Azure portal.

  2. Search for Chaos Studio in the search bar.

  3. Select Targets and move to your VM.

    Screenshot that shows the Targets view in the Azure portal.

  4. Select the checkbox next to your VM and select Enable targets. Then select Enable agent-based targets from the dropdown menu.

    Screenshot that shows enabling targets in the Azure portal.

  5. Select the Managed Identity to use to authenticate the chaos agent and optionally enable Application Insights to see experiment events and agent logs.

    Screenshot that shows selecting a managed identity.

  6. Select Review + Enable > Enable.

    Screenshot that shows reviewing agent-based target enablement.

  7. After a few minutes, a notification appears that indicates that the resources selected were successfully enabled. The Azure portal adds the user-assigned identity to the VM. The portal enables the agent target and capabilities and installs the chaos agent as a VM extension.

    Screenshot that shows a notification that shows the target was successfully enabled.

  8. If you're enabling a virtual machine scale set, upgrade instances to the latest model by going to the virtual machine scale set resource pane. Select Instances, and then select all instances. Select Upgrade if you're not on the latest model.

You've now successfully added your Linux VM to Chaos Studio. In the Targets view, you can also manage the capabilities enabled on this resource. Select the Manage actions link next to a resource to display the capabilities enabled for that resource.

Create an experiment

Now you can create your experiment. A chaos experiment defines the actions you want to take against target resources. The actions are organized and run in sequential steps. The chaos experiment also defines the actions you want to take against branches, which run in parallel.

  1. Select the Experiments tab in Chaos Studio. In this view, you can see and manage all your chaos experiments. Select Create > New experiment.

    Screenshot that shows the Experiments view in the Azure portal.

  2. Fill in the SubscriptionResource Group, and Location where you want to deploy the chaos experiment. Give your experiment a name. Select Next: Experiment designer.

    Screenshot that shows adding basic experiment details.

  3. You're now in the Chaos Studio experiment designer. You can build your experiment by adding steps, branches, and faults. Give a friendly name to your Step and Branch. Then select Add action > Add fault.

    Screenshot that shows the experiment designer.

  4. Select CPU Pressure from the dropdown list. Fill in Duration with the number of minutes to apply pressure. Fill in pressureLevel with the % of CPU utilization pressure that you want to apply. Leave virtualMachineScaleSetInstances blank. Select Next: Target resources.

    Screenshot that shows fault properties.

  5. Select your VM and select Next.

    Screenshot that shows adding a target.

  6. Verify that your experiment looks correct. Then select Review + create > Create.

    Screenshot that shows reviewing and creating the experiment.

Give the experiment permission to your virtual machine

When you create a chaos experiment, Chaos Studio creates a system-assigned managed identity that executes faults against your target resources. This identity must be given appropriate permissions to the target resource for the experiment to run successfully.

  1. Go to your VM and select Access control (IAM).

    Screenshot that shows the virtual machine Overview page.

  2. Select Add > Add role assignment.

    Screenshot that shows Access control overview.

  3. Search for Reader and select the role. Select Next.

    Screenshot that shows assigning the virtual machine Contributor role.

  4. Choose Select members and search for your experiment name. Select your experiment and choose Select. If there are multiple experiments in the same tenant with the same name, your experiment name is truncated with random characters added.

    Screenshot that shows adding the experiment to a role.

  5. Select Review + assign > Review + assign.

Run your experiment

You're now ready to run your experiment. To see the impact, we recommend that you open an Azure Monitor metrics chart with your VM's CPU pressure in a separate browser tab.

  1. In the Experiments view, select your experiment. Select Start > OK.

    Screenshot that shows starting the experiment.

  2. After the Status changes to Running, under History, select Details for the latest run to see details for the running experiment.