It seems that the service connection for Kubectl task is retrieved at compile time before the task being executed.
I created a testing variable on the release pipeline Variables section, and i changed the testing variable value in a script task using echo "##vso[task.setvariable..
. I saw in the task log that the original value for the testing variable was always picked.
See this similar issue here.
However, you can use the rest api as workaround. See below steps:
1, Add a second stage in your release pipeline. Select the trigger as Manual Only
. Move the Kubectl task and related tasks in the second stage(ie. Kubetcl
stage in below screenshot)
2, Define a variable ServiceCon
in the Variables
section. Select the variable Scope
to the Second stage(ie.Kubetcl
). Check Settable at release time
3, Add a script task to call update release environment rest api in the first stage (ie. SetServiceCon
stage). See below inline powershell script: The variable SC
is assigned the service connection name in the previous task.
$url = "https://vsrm.dev.azure.com/Org/Project/_apis/Release/releases/$(Release.ReleaseId)/environments/$($(Release.EnvironmentId)+1)?api-version=6.1-preview.7"
#override the variable ServiceCon by referencing to variable $(SC) from your previous task
$body = @{
status= "inProgress";
variables= @{ ServiceCon= @{value= $(SC)}}
}
Invoke-RestMethod -Uri $url -Headers @{Authorization = "Bearer $(System.AccessToken)"} -Method patch -Body (ConvertTo-Json $body) -ContentType "application/json"
Above script will trigger the second stage (ie. kubetcl stage) with the updated service connection name
4, In order the token $(System.AccessToken)
can be accessed in above step, you need to go to the edit page of first stage and check the option Allow scripts to access the OAuth token
See below screenshot.
5, You also need to allow
the Manage deployments
and edit release stage
permission for the build service account. See below screenshot.
In your release pipeline edit page. Click the 3 dots on the top right corner. And select Security
.
Allow
the Manage deployments
and edit release stage
permission for the (ProjectName)build service (OrgName)
account.
After complete above steps, and when your release pieline is triggerred, the first stage will be executed first and the script task will call the update release environment rest api. Then the second stage will be triggered with the updated service connection name
SC
it's the service name or id? – Shayki Abramczyk$(SC)
is the name of the variable I set in the field for service connection. That means that I have assigned a variableSC
to it in a Bash task after App Configuration task with the name of the service connection and beforekubectl
-login task which uses $(SC). – Sven Malvik