Build Pipeline ARM Templates - TFS 2018

azure deployment team-foundation-server continuous-integration azure-arm-template

My client is using TFS 2018 as their CI/CD tool. I know you can use TFS to deploy ARM templates to Azure but I've never done it before. I usually just use the portal or powershell. I know I need to create a pipeline to perform the deployment but I've got a few other questions I'm confused on:

  1. Is a build and release pipeline (both) required with the ARM templates if the infrastructure is not changing (or hardly ever)? I was under the impression most people use the build pipeline to verify the template or their code and then the release is to deploy to azure or wherever.
  2. Can I use one single ARM template which contains all of my resources for the deployment, or do I have to deploy individual templates (ASP, then web app, then storage account, then Redis)?
  3. A resource group is required before I deploy anything. Can I include the resource group creation step in an ARM template with everything else (RG + all resources in one template), or would I need a template for the RG and then the other template(s)?
  4. If their are multiple environments (dev, test, prod) do I need multiple build/release pipelines for each environment or is it possible to configure one pipeline that points to each env? The resources in each env would have different naming conventions so im not sure how that would impact things other than having to update the values in the ARM templates.

I would appreciate any advice/suggestions in regards to my questions above, thanks!


Solution 1:

First thing, I would recommend you get familiar with using ARM templates and deploying them locally before you try and do it from Azure DevOps. This will help you understand what is happening and make sure your templates are working before you add the extra complication of Azure DevOps. You can deploy ARM templates from PowerShell or CLI.

To answer your questions:

  1. You can use either. There is no requirement to use build or release pipelines, ARM template deployments will work with either. The choice is usually down to your process and how you want your deployment to work. Build pipelines are usually creating resources for testing or as part of the build, whereas releases are usually for releasing applications and support stages, gates etc. All of that said, I would also recommend looking at the newer YAML based pipelines which do away with the distinction between build and release, as this is what the focus will be on in the future.

  2. You can do either. You can have a single large ARM template that does everything, just make sure your dependencies are setup in the template, or you can have multiple templates. If you have multiple templates you can run them one at a time as a step in Azure DevOps, or you can use nested templates to have your top level template call sub templates.

  3. You can create the resource group as part of your ARM template, however it does make it a bit more complicated. ARM templates have multiple scopes, most resources are created at the resource group scope (as in they are inside a resource group), but resource groups are created at the subscription scope (they sit inside a subscription). To create both in your template you need to run your deployment at the subscription scope and then use a nested template to deploy your resource scope items. I've got a detailed explanation of how to do this here.

  4. If you want to deploy to multiple environments in a single pipeline you can do this, you would need to use either a release pipeline (not a build) or the YAML pipeline. Both of these support the use of "stages" where each stage can be an environment. You can then deploy to each environment in the order you prefer. You can find details on this here for release pipelines and here for YAML.

Solution 2:

I would use release pipelines with a resource group deployment task. That is the easy way to use TFS for this purpose.

Related

I am trying to create a new VM in Azure and getting validation error as "Network interfaces should not have public IPs"
ERR_CERT_COMMON_NAME_INVALID on chrome based browsers
Powershell: "adsi" - look up user id given a full name? [closed]
Active Directory: What connects the KDC's principals to LDAP entries?
Forwarding from A Record's IP Address
Unable to export VM from Hyper-V
Docker MySQL - You must set environment variables but it is set already
Since VFRC feature in VMware is now end of lifed, what can I replace it with?
Ansible won't connect via SSH
Configure multiple search suffix domains in Unifi Security Gateway (dhcp option 119 domain search)
Why does my HP Proliant DL380 G6 only use 6 out of 12 physical cores when my HyperV VM is under load?
Apache Web Server Aliasing for multiple url giving 404