Create the ecosystem connections between Azure DevOps, AWS, and your repo first, and understand how every piece (Dockerfile, YAML, Kubernetes manifests, etc.) in terms of cloud infrastructure. Understand CI/CD, Cloud compute service EKS, and API Gateway for your microservice (NGINX)
Overall Cloud Architecture (Visual Overview)
π§ PART 1 β The Big Picture Flow (Visual Overview)
Hereβs the end-to-end relationship of files, pipelines, and services:
ββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Azure DevOps β
ββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β
β 1οΈβ£ Build Pipeline (azure-pipelines.yml) β
Developer Push β β β
Code βββββΆβ (uses Dockerfile + dotnet test + code coverage) β
β β β
β Builds Docker image & pushes to AWS ECR β
β β β
β Publishes artifacts (manifests/templates) β
β β
β 2οΈβ£ Release Pipeline / Deploy Stage β
β β β
β (takes templates β replaces variables β applies)β
β β β
β kubectl apply to AWS EKS (Kubernetes cluster) β
ββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
β Deploys Container Image
βΌ
βββββββββββββββββββββββββββββββββββββββββββββ
β AWS EKS Cluster β
βββββββββββββββββββββββββββββββββββββββββββββ
β Deployment.yaml β creates Pods β
β Service.yaml β creates ClusterIP/LoadBalancer β
β ConfigMap/Secrets β inject env vars β
β Ingress.yaml (NGINX) β exposes API β
βββββββββββββββββββββββββββββββββββββββββββββ
β
βΌ
π Accessible API via Ingress
Logs β Application Insights
𧩠PART 2 β How Files Connect (Step-by-Step Flow)
Letβs link each file and configuration together in order:
| Step | File / Component | Purpose | Consumes / Produces |
|---|---|---|---|
| 1 | Dockerfile | Defines how to build your .NET app into a container. | Consumed by build pipeline (docker build) |
| 2 | azure-pipelines.yml | Your CI/CD automation definition. It: - Builds app - Runs tests + coverage - Builds Docker image - Pushes image to AWS ECR - Deploys manifests to AWS EKS |
Consumes: Dockerfile, test project, manifests. Produces: Docker image in ECR, deployment in EKS |
| 3 | configmap.template.yaml / secrets.template.yaml | Define environment variables (non-sensitive in ConfigMap, sensitive in Secret). | Consumed by Deploy stage. Gets substituted and applied to Kubernetes. |
| 4 | deployment.yaml.template | Defines how many Pods to run, which image to use, and what ConfigMap/Secret to pull. | Consumed by Deploy stage. Gets image tag replaced and applied to EKS. |
| 5 | service.yaml | Exposes your app internally (ClusterIP / LoadBalancer). | Linked to Deployment via label selectors. |
| 6 | ingress.yaml | Exposes app to the public through NGINX Ingress Controller. | Linked to Service. Controls routing and domain mapping. |
| 7 | App Insights config (via environment variable) | Captures logs from the app and sends to Azure. | Linked via Secret/ConfigMap and Serilog in code. |
βοΈ PART 3 β What to Set Up First (Foundation Setup Order)
Hereβs the correct first-time setup order for Azure DevOps β AWS β Repo.
𧩠Step 1: Setup AWS Resources
| Resource | Action | Why |
|---|---|---|
| ECR (Elastic Container Registry) | Create a repo (e.g., myservice). |
Stores your Docker images built by Azure DevOps. |
| EKS (Elastic Kubernetes Service) | Create a cluster (via eksctl or AWS Console). |
This will host your deployed containers. |
| IAM User/Role for Azure DevOps | Create an IAM user with permissions for ECR (push/pull) and EKS (read/write). Generate Access Key + Secret Key. | Used by Azure DevOps to authenticate with AWS. |
β Tip: Attach AWS managed policies:
AmazonECRFullAccessAmazonEKSClusterPolicyAmazonEKSWorkerNodePolicyAmazonEKS_CNI_PolicyAmazonEC2ContainerRegistryPowerUser
𧩠Step 2: Setup Azure DevOps Project
- Go to dev.azure.com β create Project (e.g.,
MyServiceProject). - Create a Service Connection for AWS:
- Project Settings β Service connections β New β AWS.
- Enter Access Key, Secret Key from Step 1, Region.
-
Name it e.g.,
AWS-Prod-Connection.- Create Pipeline:
-
Go to Pipelines β New β Import
azure-pipelines.ymlfrom your repo root.- Create Environment Variables / Pipeline Variables:
-
APP_ENV,DB_CONN,FEATURE_FLAG_X, etc.- Create Variable Groups (optional) for environment-specific settings.
𧩠Step 3: Setup Repo and Link to Azure DevOps
- Push your repo (code + pipeline + k8s templates) to Azure DevOps Repos or GitHub.
- Ensure your pipeline YAML file is at repo root.
- In Azure DevOps β Pipeline β Create pipeline β Choose βExisting Azure Pipelines YAML fileβ.
𧩠Step 4: Setup Kubernetes Connectivity
Inside Azure DevOps pipeline, we run commands like:
aws eks update-kubeconfig --region <region> --name <EKS_CLUSTER_NAME>
π This works only if your AWS Service Connection user has EKS cluster permissions.
You can test connectivity manually on your local machine:
aws eks update-kubeconfig --region <region> --name <EKS_CLUSTER_NAME>
kubectl get nodes
If it works locally, itβll work inside the pipeline.
𧩠Step 5: Setup NGINX Ingress Controller
Once the EKS cluster is ready:
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm install ingress-nginx ingress-nginx/ingress-nginx \
--namespace ingress-nginx --create-namespace
Itβll deploy the NGINX ingress controller.
Then your ingress.yaml connects external traffic to your appβs service.yaml.
𧩠Step 6: Setup Application Insights (Azure Portal)
- In Azure Portal β Create a Log Analytics workspace + Application Insights.
- Copy its Connection String.
- Add that value as a Kubernetes Secret or pipeline variable (to inject during deployment):
APPINSIGHTS_CONNECTIONSTRING="InstrumentationKey=..."
- Your
.NETapp automatically starts sending logs once deployed.
𧩠Step 7: Run the Full Flow
β
Push code to main β Build pipeline triggers β
β
Docker image built + pushed to ECR β
β
Deploy stage runs β
β
kubectl apply updates EKS β
β
NGINX Ingress exposes service β
β
Application logs flow to AppInsights.
π Understanding Template Variables
Letβs clarify what to replace in your .template files:
| Placeholder | Replace With | Comes From |
|---|---|---|
__IMAGE__ |
<AWS_ACCOUNT_ID>.dkr.ecr.<region>.amazonaws.com/myservice:<Build.BuildId> |
Build pipeline |
__APP_ENV__ |
Production / Staging
|
Pipeline variable |
__FEATURE_FLAG_X__ |
true/false |
Pipeline variable |
__DB_CONN__ |
PostgreSQL connection string (from AWS RDS / Secrets Manager) | Pipeline variable / Secret |
__APPINSIGHTS_CONNECTIONSTRING__ |
Value from Azure Application Insights | Secret |
__EKS_CLUSTER_NAME__ |
Your EKS cluster name | AWS Console |
𧩠BONUS β Suggested First-Time Order of Execution
| Step | Action | Where |
|---|---|---|
| 1 | Create AWS ECR repo | AWS Console |
| 2 | Create AWS EKS cluster | AWS Console / eksctl |
| 3 | Setup IAM User with ECR/EKS permissions | AWS IAM |
| 4 | Setup Azure DevOps Project + AWS Service Connection | Azure DevOps |
| 5 | Push repo (code + Dockerfile + pipeline YAML + k8s templates) | Git |
| 6 | Create pipeline (YAML) and run once manually | Azure DevOps |
| 7 | Verify ECR image pushed | AWS Console |
| 8 | Verify EKS deployment created via kubectl get pods
|
Local or DevOps log |
| 9 | Install NGINX ingress, create ingress.yaml | AWS EKS |
| 10 | Add Application Insights connection string & verify logs | Azure Portal |
Top comments (0)