Azure devopsとAzureクラウドシェルを使用してAKにアプリケーションを配備する
12765 ワード
必要条件
Azureアカウントへのアクセス
Azure devopsとパットトークンへのアクセス
GitHubアカウントへのアクセス
全体アーキテクチャ
私は、上記の図を作成するためにCloudSkewを使いました.非常にそれをチェックアウト(無料)をお勧めします.
初期設定
az extension add --name azure-devops
az devops configure --defaults organization=https://dev.azure.com/insertorgnamehere/
export AZURE_DEVOPS_EXT_PAT=insertyourpattokenhere
az devops project create --name k8s-project
az devops configure --defaults project=k8s-project
インフラストラクチャの配備
az group create --location westeurope --resource-group my-aks-rg
az ad sp create-for-rbac --skip-assignment
AZロール割り当てはクラウドシェルで失敗します。http://localhost:50342/oauth2/token
宗角9345
simongdavies
バグを説明する
CloudShellで動作し、コマンドが失敗し、クライアント上で正しく動作します.
コマンド名az role assignment create
エラーThe command failed with an unexpected error. Here is the traceback:
400 Client Error: Bad Request for url: http://localhost:50342/oauth2/token
Traceback (most recent call last):
File "/opt/az/lib/python3.6/site-packages/knack/cli.py", line 206, in invoke
cmd_result = self.invocation.execute(args)
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/__init__.py", line 560, in execute
raise ex
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/__init__.py", line 618, in _run_jobs_serially
results.append(self._run_job(expanded_arg, cmd_copy))
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/__init__.py", line 611, in _run_job
six.reraise(*sys.exc_info())
File "/opt/az/lib/python3.6/site-packages/six.py", line 693, in reraise
raise value
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/__init__.py", line 588, in _run_job
result = cmd_copy(params)
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/__init__.py", line 297, in __call__
return self.handler(*args, **kwargs)
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/__init__.py", line 453, in default_command_handler
return op(**command_args)
File "/opt/az/lib/python3.6/site-packages/azure/cli/command_modules/role/custom.py", line 134, in create_role_assignment
resolve_assignee=(not assignee_object_id))
File "/opt/az/lib/python3.6/site-packages/azure/cli/command_modules/role/custom.py", line 150, in _create_role_assignment
object_id = _resolve_object_id(cli_ctx, assignee) if resolve_assignee else assignee
File "/opt/az/lib/python3.6/site-packages/azure/cli/command_modules/role/custom.py", line 1614, in _resolve_object_id
filter="servicePrincipalNames/any(c:c eq '{}')".format(assignee)))
File "/opt/az/lib/python3.6/site-packages/msrest/paging.py", line 143, in __next__
self.advance_page()
File "/opt/az/lib/python3.6/site-packages/msrest/paging.py", line 129, in advance_page
self._response = self._get_next(self.next_link)
File "/opt/az/lib/python3.6/site-packages/azure/graphrbac/operations/service_principals_operations.py", line 156, in internal_paging
response = self._client.send(request, stream=False, **operation_config)
File "/opt/az/lib/python3.6/site-packages/msrest/service_client.py", line 336, in send
pipeline_response = self.config.pipeline.run(request, **kwargs)
File "/opt/az/lib/python3.6/site-packages/msrest/pipeline/__init__.py", line 197, in run
return first_node.send(pipeline_request, **kwargs) # type: ignore
File "/opt/az/lib/python3.6/site-packages/msrest/pipeline/__init__.py", line 150, in send
response = self.next.send(request, **kwargs)
File "/opt/az/lib/python3.6/site-packages/msrest/pipeline/requests.py", line 65, in send
self._creds.signed_session(session)
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/adal_authentication.py", line 26, in signed_session
scheme, token, _ = self._token_retriever()
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/_profile.py", line 532, in _retrieve_token
return self._get_token_from_cloud_shell(resource)
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/_profile.py", line 365, in _get_token_from_cloud_shell
auth = MSIAuthentication(resource=resource)
File "/opt/az/lib/python3.6/site-packages/msrestazure/azure_active_directory.py", line 576, in __init__
self.set_token()
File "/opt/az/lib/python3.6/site-packages/msrestazure/azure_active_directory.py", line 582, in set_token
self.scheme, _, self.token = get_msi_token(self.resource, self.port, self.msi_conf)
File "/opt/az/lib/python3.6/site-packages/msrestazure/azure_active_directory.py", line 485, in get_msi_token
result.raise_for_status()
File "/opt/az/lib/python3.6/site-packages/requests/models.py", line 940, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: http://localhost:50342/oauth2/token
複製する
動作を再現する手順.彼らが敏感な情報を含むかもしれないので、引数値は赤くされました.
The command failed with an unexpected error. Here is the traceback:
400 Client Error: Bad Request for url: http://localhost:50342/oauth2/token
Traceback (most recent call last):
File "/opt/az/lib/python3.6/site-packages/knack/cli.py", line 206, in invoke
cmd_result = self.invocation.execute(args)
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/__init__.py", line 560, in execute
raise ex
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/__init__.py", line 618, in _run_jobs_serially
results.append(self._run_job(expanded_arg, cmd_copy))
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/__init__.py", line 611, in _run_job
six.reraise(*sys.exc_info())
File "/opt/az/lib/python3.6/site-packages/six.py", line 693, in reraise
raise value
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/__init__.py", line 588, in _run_job
result = cmd_copy(params)
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/__init__.py", line 297, in __call__
return self.handler(*args, **kwargs)
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/__init__.py", line 453, in default_command_handler
return op(**command_args)
File "/opt/az/lib/python3.6/site-packages/azure/cli/command_modules/role/custom.py", line 134, in create_role_assignment
resolve_assignee=(not assignee_object_id))
File "/opt/az/lib/python3.6/site-packages/azure/cli/command_modules/role/custom.py", line 150, in _create_role_assignment
object_id = _resolve_object_id(cli_ctx, assignee) if resolve_assignee else assignee
File "/opt/az/lib/python3.6/site-packages/azure/cli/command_modules/role/custom.py", line 1614, in _resolve_object_id
filter="servicePrincipalNames/any(c:c eq '{}')".format(assignee)))
File "/opt/az/lib/python3.6/site-packages/msrest/paging.py", line 143, in __next__
self.advance_page()
File "/opt/az/lib/python3.6/site-packages/msrest/paging.py", line 129, in advance_page
self._response = self._get_next(self.next_link)
File "/opt/az/lib/python3.6/site-packages/azure/graphrbac/operations/service_principals_operations.py", line 156, in internal_paging
response = self._client.send(request, stream=False, **operation_config)
File "/opt/az/lib/python3.6/site-packages/msrest/service_client.py", line 336, in send
pipeline_response = self.config.pipeline.run(request, **kwargs)
File "/opt/az/lib/python3.6/site-packages/msrest/pipeline/__init__.py", line 197, in run
return first_node.send(pipeline_request, **kwargs) # type: ignore
File "/opt/az/lib/python3.6/site-packages/msrest/pipeline/__init__.py", line 150, in send
response = self.next.send(request, **kwargs)
File "/opt/az/lib/python3.6/site-packages/msrest/pipeline/requests.py", line 65, in send
self._creds.signed_session(session)
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/adal_authentication.py", line 26, in signed_session
scheme, token, _ = self._token_retriever()
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/_profile.py", line 532, in _retrieve_token
return self._get_token_from_cloud_shell(resource)
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/_profile.py", line 365, in _get_token_from_cloud_shell
auth = MSIAuthentication(resource=resource)
File "/opt/az/lib/python3.6/site-packages/msrestazure/azure_active_directory.py", line 576, in __init__
self.set_token()
File "/opt/az/lib/python3.6/site-packages/msrestazure/azure_active_directory.py", line 582, in set_token
self.scheme, _, self.token = get_msi_token(self.resource, self.port, self.msi_conf)
File "/opt/az/lib/python3.6/site-packages/msrestazure/azure_active_directory.py", line 485, in get_msi_token
result.raise_for_status()
File "/opt/az/lib/python3.6/site-packages/requests/models.py", line 940, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: http://localhost:50342/oauth2/token
az role assignment create --assignee {} --role {} --scope {}
予想行動
環境概要
Linux-4.15.0-1041-azure-x86_64-with-debian-stretch-sid
Python 3.6.5
Shell: bash
azure-cli 2.0.64
Extensions:
resource-graph 0.1.8
interactive 0.4.1
追加コンテキスト
あなたのフィードバックに感謝!
コマンドは4.050秒で走った.
View on GitHub
az aks create -g my-aks-rg -n myakscluster -c 1 --generate-ssh-keys --service-principal "insertappidhere" --client-secret "insertpasswordhere"
az acr create -g my-aks-rg -n insertuniqueacrnamehere --sku Basic --admin-enabled true
AKがACRからイメージを引くのを許すために、ACR_ID=$(az acr show --name ghostauacr --resource-group my-aks-rg --query "id" --output tsv)
CLIENT_ID=$(az aks show -g my-aks-rg -n myakscluster --query "servicePrincipalProfile.clientId" --output tsv)
az role assignment create --assignee $CLIENT_ID --role acrpull --scope $ACR_ID
アプリケーションの配備
このGithubレポをforkします(このタブを新しいタブで開き、「fork」をクリックします).
ゲートウェイ / K 8 Sアプリケーション
git clone https://github.com/<your-github-username-goes-here>/k8s-application.git
cd k8s-application
az pipelines create --name "k8s-application-pipeline"
おめでとう!
あなたはAzure devopsプロジェクトを作成しました!コンテナを構築するために数分待って、ACRにプッシュし、AKに展開します.
az aks get-credentials --resource-group my-aks-rg --name myakscluster
kubectl get all
これはあなたの最終的な結果である必要があります!
概要
比較的短い期間で、あなたはAzure devopsで新しいプロジェクトを作成しました.そのプロジェクトの中で、CI/CDパイプラインを設定しました.そのパイプラインはコンテナの内部にアプリケーションを構築し、コンテナをコンテナリポジトリにプッシュし、コンテナをAKSに展開しました.最後に、Kubernetesサービスを介してWebからAKで実行しているWebアプリケーションを表示することができます.あなたは素晴らしい、よく行われている!
重要:先頭に戻ってあなたのフォークレポに頭をチェックし、“azure pipeline . yml”ファイルをチェックしてください.あなたは、私たちがマスター支店に変更をするたびに意味する「トリガー:マスター」という行を見るべきです.マジック!
今、あなたは完全に作業アプリケーションをAKESに展開して、私はあなたが飛び込むとどのようにすべてのフードの下で動作するかを見るのを待つことができない賭け.私は、Kubernetesで働くために役に立つSpippetsとTipsがたくさんあるこのblog postを推薦します.
任意の質問は、タッチで取得
アンドリュー[ MVP ]
✨チェックリスト✨あなたはAzureのprodに行く準備ができていますか?調べるには、このチェックリストを使用します:azurechecklist.com呼び出してください!このリストをDEVOPSのリストに移動させる❤️
午前9時24分
Reference
この問題について(Azure devopsとAzureクラウドシェルを使用してAKにアプリケーションを配備する), 我々は、より多くの情報をここで見つけました https://dev.to/ghostinthewire5/deploying-an-app-to-aks-using-azure-devops-azure-cloud-shell-3ah7テキストは自由に共有またはコピーできます。ただし、このドキュメントのURLは参考URLとして残しておいてください。
Collection and Share based on the CC Protocol