This Azure DevOps ci/cd pipeline example builds and deploys a microservices application consisting of the following NodeJS microservices:
UIsingle page web app with Bootstrap html and CSS and VueJS scripting under /uiPricewith Autonomous Database access for the Price table and data under /priceOptionswith 23ai sidecar database container for the Options table and data under /options
The ci/cd pipeline will also:
- Create an ADB instance for the Price database and to get access for it using the database wallet (mutual TLS; thick driver) in the Price microservice under /adb. The prereq is that Oracle Database Operator for Kubernetes is installed in the OKE cluster which can be done as cluster add-on from OCI Console.
- Run a
Kubernetes jobto create Price schemas with example data under /adb-job This keeps trying (via restarts) until ADB is up and running the job can connect succesfully to it. - Create
Oracle 23ai database containerfor the Options database to be run as a sidecar for the Options microservice using it via local TLS (no wallet; thin driver) under /options. 23ai database sidecar will be created using deploymentinitContainersand /adb-job sidecar will create the schema and data to it. This keeps trying (via restarts) until 23ai sidecar is up and running the sidecar can connect succesfully to it. - Create
nginx-ingressto access the application from Internet under /ingress-nginx
In addition:
- Azure Devops can run on a
self-hosted agenton OCI deployed with OCI Resource Manager (terraform) from this repo: https://github.com/mikarinneoracle/Azure-DevOps-Agent-OCI-setup - Oracle Kubernetes Engine (OKE) cluster to host the application is created with
Azure Devops Terraform extensionfrom this repo: https://github.com/alcampag/oci-cn-quickstartI made a few changes to the repo and created a new one to run it on the self-hosted agent either with 1) Azure Devops Terraform extension (see the next bullet how to use it) or 2) with plain terraform in a pipeline script:
- In the extension Release Pipeline tasks set
-var tenancy_ocid="$(TENANCY)" -var compartment_ocid="$(COMPARTMENT)"as Terraform Additional command arguments and then configure your TENANCY and COMPARTMENT values as secrets to the release pipeline variables. - In the azure-pipelines.yaml pass the your TENANCY and COMPARTMENT vars to the terraform command on the script and then configure these values as secrets to the pipeline variables.
Also, add the Terraform statefile PAR to the pipeline variables as it is used to configure the remote statifile for the Terraform to run with sed for the provider.tf.
- In the extension Release Pipeline tasks set
- Blog how to setup the Azure DevOps Terraform extension is here: https://medium.com/@mika.rinne/azure-devops-terraform-extension-just-got-support-for-oci-cc931ca070ce
- An
instance-principal OCI Policyis needed for OKE to manage the ADB resources including the wallet secret volume (created by the database operator) that is created manually (at the moment not part of the Terraform above). More about using the wallet with the Oracle database operator in this blog: https://medium.com/@mika.rinne/easy-oracle-autonomous-db-access-for-nodejs-with-kubernetes-operator-cf02ea7fc59a - Azure DevOps
service connectionsfor OKE and OCI Container Registry (OCIR) are created manually using this example repo: https://github.com/oracle-devrel/technology-engineering/tree/main/app-dev/devops-and-containers/devops/azure-devops-oke
Please note that I found out that the default 50MB of disk is a bit on the low side for the deployments to run smoothly with the 23ai side car, so I recommend adjusting disk to 200MB on the worker nodes in oke.yaml
Application will look like this:
Multiple vars need to be set for the pipeline to run (with example values):
- COMPARTMENT: ocid1.compartment.oc1..aaaaaaaa...qgq
- K8S_CONNECTION_NAME: OKE cluster Azure pipelines service connection name
- CONTAINER_REGISTRY: OCI Registry (OCIR) Azure pipelines service connection name
- OCIR: OCIR registry name e.g. fra.ocir.io
- NAMESPACE: Tenancy namespace, to get it with oci cli do oci os ns get
- Setup instance-principal OCI policies for the Azure DevOps agent and OKE. Any
404 erroris an indication that a policy is missing. Agent runs asinstance-principal. - Create following OCIR repos in advance before running the pipeline under the target compartment, otherwise they will be created automatically under the tenancy root compartment which is not a good idea:
- azure-test-ui
- azure-test-price
- azure-test-options
- azure-test-adb-job
- Install Oracle Database Operator for Kubernetes to OKE cluster as cluster add-on from OCI Console.
- If issues creating the ingress, download the latest ingress YAML by following these instructions and replace nginx-ingress-1.12.1.yaml YAML with it.