skip to Main Content

I have an Azure subscription in which I have deployed an AKS private cluster. I created a VM in same virtual network and I can access AKS kubeapi and am able to create/update/delete resources in AKS cluster.

When it comes to CICD with Azure DevOps pipeline (dev.azure.com portal), I am not able to find any way for CICD to work. I cannot create a Service Connection for private AKS cluster, hence cannot move forward with next steps of pipeline.

Following is a screenshot where it waits infinite on loading namespace.

Screenshot of Azure DevOps error

When I earlier created a private Azure Container Registry, I faced same issue that my CI pipeline was not able to push image on private ACR. Then I created Service Connection for my private ACR and also created self-hosted agents on a VM and using both in CI pipeline, I was able to push docker image from Azure DevOps pipeline on to Azure Container Registry.

Now, in order to complete the CD pipeline (release) on Azure DevOps, I have to be able to create Service Connection of Kubernetes on Azure DevOps portal which I am not able to make currently since namespace is not loading as it’s trying to access private IP 10.11.x.x which belongs ot my Kubernetes cluster private network.

What can be possible solution. Since I am new to Azure, I would highly appreciate if someone can answer with steps easy to understand and apply.

2

Answers


  1. Chosen as BEST ANSWER

    I tried to implement the suggested process in an answer but it did not go well.

    Then I found out an alternative. This time with Azure Resource Manager Service Connection.

    I created an ARM Service Connection and used the following part in Azure DevOps Pipeline:

    - task: Kubernetes@1
      displayName: Deployment in Kubernetes
      inputs:
        connectionType: Azure Resource Manager
        azureSubscriptionEndpoint: $(azureSubscriptionEndpoint)
        azureResourceGroup: $(azureResourceGroup)
        kubernetesCluster: $(kubernetesCluster)
        useClusterAdmin: $(useClusterAdmin)
        namespace: $(namespace)
        command: apply
        arguments: -f $(kubernetesFilePath)
    

    This worked well for my use case.

    I shall still review the process again once I get some time from my workload.

    Thaks for answers everyone. Really appreciate the help.


  2. The screenshot you’ve provided shows that Azure DevOps is having trouble loading namespaces from your AKS private cluster when trying to create a service connection. This is typically because Azure DevOps cannot reach the private cluster’s API server, which is not accessible from the public internet.

    Given that you’ve already successfully set up a self-hosted agent for your Azure Container Registry (ACR), you can follow a similar approach for your AKS cluster. Here are the steps to create a service connection for your AKS private cluster using a self-hosted agent in Azure DevOps.

    To create a Service Connection for a private AKS cluster, you need to use a self-hosted agent. This agent should be deployed in the same virtual network as the AKS cluster. You can then use this agent to create the Service Connection for the private AKS cluster. Private AKS Clusters has the API Server accessible only within the virtual network. This limits the deployments from Hosted Azure DevOps agents. To overcome this, a self-hosted agent within the same virtual network needs to be deployed.

    To resolve the issue with the namespace not loading in Azure DevOps, you can try the following steps mentioned here

    Also would request you to-

    1. Check if the virtual network peering is set up correctly between the AKS cluster and the VM.
    2. Ensure that the VM has the necessary network security group rules to allow traffic to and from the AKS cluster.
    3. Check if the DNS resolution is working correctly between the VM and the AKS cluster.
    4. Try accessing the Kubernetes API server from the VM using kubectl to ensure that it’s accessible.

    Follow the document and create a Virtual Network and add the subnets accordingly.

    az network vnet create 
      --name gov-devops-vnet 
      --resource-group arko-devops 
      --subnet-name default
      
    az network vnet subnet create 
      --address-prefixes 10.0.1.0/24
      --name acr-snt 
      --resource-group arko-devops 
      --vnet-name gov-devops-vnet
      
    az network vnet subnet create 
      --address-prefixes 10.0.2.0/24
      --name devops-snt 
      --resource-group arko-devops 
      --vnet-name gov-devops-vnet
      
    az network vnet subnet create 
      --address-prefixes 10.0.4.0/22
      --name aks-snt 
      --resource-group arko-devops 
      --vnet-name gov-devops-vnet
    

    enter image description here
    enter image description here
    enter image description here
    enter image description here

    Create a private AKS cluster in the aks-snt subnet
    enter image description here

    If you need to push an image from your acr then integrate ACR with AKS
    enter image description here

    Since you have already created a VM in same virtual network and can access AKS kubeapi and am able to create/update/delete resources in AKS cluster. No action required on that front.
    Finally create the pipeline and create Service Connections

    To create a Service Connection for a private AKS cluster in Azure DevOps, you need to follow these steps:

    1. In Azure DevOps, open the Service connections page from the project settings page.
    2. Choose + New service connection and select Kubernetes.
    3. Fill in the parameters for the service connection.
      enter image description here
      enter image description here

    Same way to link your Azure Container registry,
    enter image description here

    Finally to run kubectl task against the AKS cluster, Create Service Principal and grant contributor access to the resource group

    References:

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search