Create and configure a dev center for Azure Deployment Environments by using the Azure CLI

This quickstart shows you how to create and configure a dev center in Azure Deployment Environments.

A platform engineering team typically sets up a dev center, attaches external catalogs to the dev center, creates projects, and provides access to development teams. Development teams create environments by using environment definitions, connect to individual resources, and deploy applications.

Prerequisites

• An Azure account with an active subscription. Create an account for free.
• Azure role-based access control role with permissions to create and manage resources in the subscription, such as Contributor or Owner.
• Install the Azure CLI.
• Install dev center CLI extension
• A GitHub Account and a Personal Access Token with Repo Access.

Create a dev center

To create and configure a Dev center in Azure Deployment Environments by using the Azure portal:

1. Sign in to the Azure CLI:

   az login
   

2. Install the Azure Dev Center extension for the CLI.

   az extension add --name devcenter --upgrade
   

3. Configure the default subscription as the subscription in which you want to create the dev center:

   az account set --subscription <name>
   

4. Configure the default location as the location in which you want to create the dev center. Make sure to choose an available regions for Azure Deployment Environments:

   az configure --defaults location=eastus
   

5. Create the resource group in which you want to create the dev center:

   az group create -n <group name>
   

6. Configure the default resource group as the resource group you created:

   az config set defaults.group=<group name>
   

7. Create the dev center:

   az devcenter admin devcenter create -n <devcenter name>
   

   After a few minutes, you'll get an output that it's created:

   {
      "devCenterUri": "https://...",
      "id": "/subscriptions/.../<devcenter name>",
      "location": "eastus",
      "name": "<devcenter name>",
      "provisioningState": "Succeeded",
      "resourceGroup": "<group name>",
      "systemData": {
         "createdAt": "...",
         "createdBy": "...",
         ...
      },
      "type": "microsoft.devcenter/devcenters"
   }
   

Note

You can use --help to view more details about any command, accepted arguments, and examples. For example, use az devcenter admin devcenter create --help to view more details about creating a dev center.

Adding personal access token to Key Vault

You need an Azure Key Vault to store the GitHub personal access token (PAT) that is used to grant Azure access to your GitHub repository.

1. Create a Key Vault:

   # Change the name to something Globally unique
   az keyvault create -n <kv name>
   

   Note

   You may get the following Error: Code: VaultAlreadyExists Message: The vault name 'kv-devcenter-unique' is already in use. Vault names are globally unique so it is possible that the name is already taken. You must use a globally unique key vault name.

2. Add GitHub personal access token (PAT) to Key Vault as a secret:

   az keyvault secret set --vault-name <kv name> --name GHPAT --value <PAT> 
   

Attach an identity to the dev center

After you create a dev center, attach an identity to the dev center. You can attach either a system-assigned managed identity or a user-assigned managed identity. Learn about the two types of identities.

In this quickstart, you configure a system-assigned managed identity for your dev center.

Attach a system-assigned managed identity

To attach a system-assigned managed identity to your dev center:

az devcenter admin devcenter update -n <devcenter name> --identity-type SystemAssigned

Assign the system-assigned managed identity access to the key vault secret

Make sure that the identity has access to the key vault secret that contains the personal access token to access your repository. Key Vaults support two methods of access; Azure role-based access control or Vault access policy. In this quickstart, you use a vault access policy.

1. Retrieve Object ID of your dev center's identity:

   OID=$(az ad sp list --display-name <devcenter name> --query [].id -o tsv)
   echo $OID
   

2. Add a Key Vault Policy to allow dev center to get secrets from Key Vault:

   az keyvault set-policy -n <kv name> --secret-permissions get --object-id $OID
   

Add a catalog to the dev center

Azure Deployment Environments supports attaching Azure DevOps repositories and GitHub repositories. You can store a set of curated IaC templates in a repository. Attaching the repository to a dev center as a catalog gives your development teams access to the templates and enables them to quickly create consistent environments.

In this quickstart, you attach a GitHub repository that contains samples created and maintained by the Azure Deployment Environments team.

To add a catalog to your dev center, you first need to gather some information.

Gather GitHub repo information

To add a catalog, you must specify the GitHub repo URL, the branch, and the folder that contains your environment definitions. You can gather this information before you begin the process of adding the catalog to the dev center.

Tip

If you are attaching an Azure DevOps repository, use these steps: Get the clone URL of an Azure DevOps repository.

1. On your GitHub account page, select <> Code, and then select copy.

2. Take a note of the branch that you're working in.

3. Take a note of the folder that contains your environment definitions.

   

Add a catalog to your dev center

1. Retrieve the secret identifier:

   SECRETID=$(az keyvault secret show --vault-name <kv name> --name GHPAT --query id -o tsv)
   echo $SECRETID
   

2. Add Catalog:

   # Sample Catalog example
   REPO_URL="https://github.com/Azure/deployment-environments.git"
   az devcenter admin catalog create --git-hub path="/Environments" branch="main" secret-identifier=$SECRETID uri=$REPO_URL -n <catalog name> -d <devcenter name>
   

3. Confirm that the catalog is successfully added and synced:

   az devcenter admin catalog list -d <devcenter name> -o table
   

Create an environment type

Use an environment type to help you define the different types of environments your development teams can deploy. You can apply different settings for each environment type.

1. Create an Environment Type:

   az devcenter admin environment-type create -d <devcenter name> -n <environment type name> 
   

2. Confirm that the Environment type is created:

   az devcenter admin environment-type list -d <devcenter name> -o table 
   

Next steps

In this quickstart, you created a dev center and configured it with an identity, a catalog, and an environment type. To learn how to create and configure a project, advance to the next quickstart.

Create and configure a project with Azure CLI