Skip to main content

Installing Invictus Framework

1
Prerequisites
2
Build pipeline
3
Release pipeline
obtain access Shared

To access the resources stored on Azure Storage and Azure Container Registry you have to request an SAS-token and ACR Password from coditproducts@codit.eu.

Include VNET support Shared

Invictus includes functionality which allows all its resources to run within an Azure Virtual Network (VNET).

Required deployment

  • An Azure Virtual Network

    • Including two subnets, one each for:
      • Private Endpoints
      • Container App Environment
    • The subnets must have the following services enabled
      • Microsoft.AzureCosmosDB
      • Microsoft.EventHub
      • Microsoft.KeyVault
      • Microsoft.ServiceBus
      • Microsoft.Storage
    • The Container App subnet must also have the delegation Microsoft.App/environments

  • Private DNS Zones (Bicep template)

    • privatelink.azurecr.io
    • privatelink.blob.core.windows.net
    • privatelink.file.core.windows.net
    • privatelink.mongo.cosmos.azure.com
    • privatelink.queue.core.windows.net
    • privatelink.servicebus.windows.net
    • privatelink.table.core.windows.net
    • privatelink.table.cosmos.azure.com
    • privatelink.vaultcore.azure.net
    • privatelink.{regionName}.azurecontainerapps.io

  • To be able to deploy the app code from an Azure DevOps pipeline you will need a self hosted agent running on the same VNET with the following software installed:

    • Powershell
    • Azure Powershell
    • Bicep CLI

Required role assignment

If the Invictus resources and the VNET are on different resource groups, then the Invictus resource group will need to be assigned the role of Network Contributor onto the VNET resource group.

Migrating older pipelines to v2.4+

Migrate to Framework v2.4+

Build pipeline

Nothing changes for the build pipeline.

The difference lies in the artifacts that the build produces, everything needed for the release is now included in the build (scripts, resources, etc..), which greatly simplifies the release pipeline.

Release pipeline

The task group is now replaced by a single Azure Powershell task included in the build artifacts. Please refer to the Framework release pipeline installation step for more information.

The following task group parameters should be used as the PowerShell's arguments:

  • ArtifactsPath: -ArtifactsPath
  • ResourcePrefix: -ResourcePrefix
  • AzureResourceGroup: -ResourceGroupName
  • Location: -ResourceGroupLocation

The AdditionalTemplateParameters can simply be copied and added to the Script Arguments.

If you are using the Azure PowerShell task to retrieve the access policies from key vault, then this task should also be removed from the release pipeline as it is now also included in the deployment script.

You can copy the -keyvaultName argument to the new PowerShell arguments.