This document will help you deploy the CartePlus infrastructure in your Azure environment. You’ll be using both GitHub actions and Azure CLI for this.

Preexisting Infrastructure

  • GitHub organization (team plan): Basically where this document and repo is hosted.

  • Azure tenant:
    • Tenant Name: CartePlus
    • Tenant ID: 35e456cf-43f9-4216-9daf-43af2c20d768

  • Five Azure subscriptions linked to the Azure tenant:

    Subscription Name Subscription ID Description
    CartePlus - E3D b7118059-bdf5-420d-b71f-26084a02ee2f Test environment for E3D.
    CartePlus - NRED 5d2ecec4-246e-4408-a3db-c74787b4483d Test environment for Node Red.
    CartePlus - Physical b86fb768-18ba-4c01-9be8-a15eb7898344 Test environment for physical devices.
    CartePlus - Test f424fd82-b452-49a6-8505-ffb79d698710 Test environment for automation.
    CartePlus - UAT 19937a29-75f8-46cb-8659-76d75f7080e0 Test environment for UI.
  • Domain:
    • Domain name: carteplus.io
    • Domain registrar: Google Domains
    • DNS management is delegated to Azure DNS using custom name servers.

Prepare the Azure Subscriptions

  • Log into Azure CLI with your Azure credentials: az login
    • If your organization has MFA enabled, then you’ll need to log into the Azure CLI as follows: az login --tenant 35e456cf-43f9-4216-9daf-43af2c20d768.
  • Ensure that the correct Azure subscription is selected: az account show
    • If not, select the correct subscription: az account set -s <AZURE-SUBSCRIPTION-ID>. Replace <AZURE-SUBSCRIPTION-ID> with the applicable Azure subscription ID.
  • Register some required resource providers in your Azure subscription:
    • az provider register -n Microsoft.OperationsManagement -c
    • az provider register -n Microsoft.Cdn -c
    • az provider register -n Microsoft.Network -c (note: required for creation of DNS record sets)
  • Create an Azure Service Principal and add it the Owner role in your Azure subscription:
    • az ad sp create-for-rbac -n 'CartePlus - <ENVIRONMENT> - ServicePrincipal' --role Owner --scopes /subscriptions/<AZURE-SUBSCRIPTION-ID> --sdk-auth.
      • Replace <AZURE-SUBSCRIPTION-ID> with your applicable Azure subscription ID.
      • Replace <ENVIRONMENT> with either Testing or Production as the case may be.
    • Please make a note of the JSON output from above step (especially the clientId, clientSecret, subscriptionId and tenantId properties). These will be required later.

Prepare the Azure Active Directory

  • Identify the Service Principal details created in the step above.

  • Add the above Service Principal into the the Application Administrator active directory role.

    1. Go to the Azure portal, and navigate to the Azure Active Directory blade. Then click on the Roles and Administrators tab on the left.
    2. Select the Application Administrator role, and click on the Add assignments button.
    3. Select the service principal that you created in the previous step. Click on the Add button.

    Application Administrator

    Notes:

    • Unfortunately, there is no AZ CLI, AZ PowerShell or Bicep template support to add a service principal to the Application Administrator role. You’ll have to do this manually through the Azure portal.
    • Note: In order for you to add the service principal to the Application Administrator role, you must yourself be a member of the Global Administrator role in Azure Active Directory.

Prepare your GitHub Account

  • First, create two github environments for deployment.
    • On this github repository’s page, go to the Settings tab > Environments > Click on New Environment button and create the following five environments:
      • e3d
      • nred
      • phy
      • test
      • uat
  • Set up the following service principal details as an environment secret in this github repository.

    • Go to the Settings tab > Environments > Click on an environment > Click on Add Secret button and add this:

      Secret Name Secret Value
      SERVICEPRINCIPAL See details below

    The value of the SERVICEPRINCIPAL secret above needs to have the below format.

    {
  "clientId": "zzzzzzzz-zzzz-zzzz-zzzz-zzzzzzzzzzzz",
  "clientSecret": "your-client-secret",
  "tenantId": "zzzzzzzz-zzzz-zzzz-zzzz-zzzzzzzzzzzz",
  "subscriptionId": "zzzzzzzz-zzzz-zzzz-zzzz-zzzzzzzzzzzz"
}

    The values of the properties needed can be found in the JSON output of the az ad sp create-for-rbac command in the previous section.

Deploy the Application

Deployments are automated via github workflow. But they can be manually invoked to as follows:

  • Go to this github repo’s Actions tab, select the deploy workflow, and click on the Run workflow button.

  • This github workflow will provision the necessary infrastructure to your Azure subscription as well as deploy the applications (APIs, UI) to the infrastructure. Note that the workflow might take about 15 mins to complete.

Verify the Deployment

  • Once the workflow completes, all UI and API endpoint URLs will be displayed in the github workflow run.

  • Clicking on these URLs will load the concerned application in a new browser tab. You can then verify that the application is indeed up and running.