Use this tool to set up an Azure DevOps Environment. An Environment is a collection of resources that can be targeted by deployments from a pipeline.
To run this tool, you need:
- Azure DevOps account
- Azure DevOps PAT with the following permissions:
- Environment (Read & manage)
- Service Connections (Read, query, & manage)
- For Kubernetes resources:
- Kubernetes Cluster
- RBAC access with the following permissions:
- get, create and patch namespaces
- get and create serviceaccounts
- get and create secrets
For Kubernetes resources these are the resources that can be configured:
| Resource | Type | Can use existent | Notes |
|---|---|---|---|
| Environment | Azure DevOps | Yes | - |
| Environment Resource | Azure DevOps | No | it must be deleted before creating a new one |
| Service Connection | Azure DevOps | Yes | - |
| Namespace | Kubernetes | Yes | - |
| Service Account | Kubernetes | Yes | you have to create role/clusterrole and bind to service account your own |
| Secret | Kubernetes | Yes | - |
NOTE: In some cases, cli will try to use existent resource before create a new one.
To create and get some resources, cli will need some permissions. See an example of ClusterRole below:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: azenv
rules:
- apiGroups:
- ""
resources:
- namespaces
- serviceaccounts
- secret
verbs:
- get
- create
- apiGroups:
- ""
resources:
- namespaces
verbs:
- patchSee above an example, the fields are self-explanatory. Replace by your own values.
./azenv \
create kubernetes \
--pat <generate-azure-devops-pat> \
--project <organization-name>/<project-name> \
--name <environment-name> \
--service-account <namespace>/<service-account-name> \
--service-connection <service-connection-name> \
--namespace-label label1=value1 \
--namespace-label label2=value2 \
--show-kubeconfig=false