Advertisements

Introduction to Azure Image Builder

Azure Image Builder (AIB) is a managed service that simplifies the process of creating, customizing, and distributing virtual machine (VM) images across Azure.

It leverages Azure Resource Manager (ARM) templates or Bicep to automate the image-building process, ensuring consistency and security across deployments.

Why Use Azure Image Builder?

Traditional VM image creation requires manual setup, installation, and configuration, which is time-consuming and error-prone. Azure Image Builder automates this process, offering:

• Consistency — Ensures every image is built with the same configuration.
• Security — Allows pre-installation of security patches, compliance tools, and monitoring agents.
• Efficiency — Reduces manual effort and automates image lifecycle management.
• Multi-cloud & Hybrid Support — Supports deployment across Azure, on-premises, and even other clouds.

Key Features of Azure Image Builder

• Custom Image Definitions — Define VM images with required OS, software, and configurations.
• Image Templates — Specify the source, distribution method, and customization steps.
• Integration with DevOps Pipelines — Automate image building using CI/CD workflows.
• Shared Image Gallery Support — Store and manage images centrally for reuse.
• Support for Windows and Linux Images — Build images for different OS environments.

Prerequisites for Running This Project

1. Configure a self-hosted agent.
2. Create a new or use an existing virtual network (az-uks-np01-aib-lan-vnet)
3. Create a new or use an existing Managed Identity and assign the required RBAC role.
4. Ensure existing resource groups are available:
   az-uks-np01-gallery-rg
az-uks-np01-network-rg
az-uks-np01-win-2019-aib-rg

Repository Structure for Image Builder Automation

Here’s the directory structure of our Azure Image Builder automation project:

infrastructure.platform.AIB  
│── infra  
│   ├── images  
│   │   ├── placeholder.json  
│   │   ├── ubuntu-pro-2204.bicep  
│   │   ├── win-2019.bicep  
│   ├── modules  
│   │   ├── imageDefinition.bicep  
│   │   ├── imageTemplate.bicep  
│── pipeline  
│   ├── azure-pipeline-images.yml  
│── README.md

Breakdown of Repository Components

• infra/images/ – Contains Bicep templates for defining images (Windows 2019, Ubuntu Pro 22.04).
• infra/modules/ – Reusable Bicep modules for defining Image Definition and Image Template.
• pipeline/azure-pipeline-images.yml – Azure DevOps pipeline script that automates image creation.
• README.md – Documentation for setup and usage.

Understanding Image Definition & Image Template

Image Definition (imageDefinition.bicep)

Defines the image structure within an Azure Shared Image Gallery, including:

• OS type (Windows/Linux).
• Publisher and offer details.
• Shared Image Gallery location.

Image Template (imageTemplate.bicep)

Specifies the actual image customization process, including:

• Base OS Image (e.g., Windows Server 2019).
• Custom scripts (installing software, security updates).
• Distribution method (Shared Image Gallery, Managed Image).

Automating Image Builds Using Azure DevOps Pipelines

Now, let’s dive into the CI/CD pipeline that automates the Azure Image Builder process.

Pipeline Configuration (azure-pipeline-images.yml)

Triggering & Scheduling

• Runs manually or on a monthly schedule (8 AM UTC on the 14th of each month).

schedules:
  - cron: "0 8 14 * *"
    displayName: Monthly build
    branches:
     include:
     - main
    always: true

Pipeline Parameters

• Supports Windows 2019 and Ubuntu Pro 22.04 as build options.
• Allows selecting between beta and stable environments.

parameters:
- name: mode
  type: string
  default: stable
  values:
    - beta
    - stable
- name: image
  type: string
  default: win-2019
  values:
    - win-2019
    - ubuntu-pro-2204

Pipeline Variables

• Sets environment-specific values for resource groups, subscriptions, and service connections.

variables:
  - name: imageTemplateName
    value: <image template name>
  - name: fileToRun
    value: infrastructure.platform.AIB/infra/images/${{ parameters.image }}.bicep
  - name: version
    value: '$(Build.BuildNumber)'

Pipeline Stages

1. Build Stage — Compile Bicep Files

• Checks out the repository.
• Lists files in the source directory.
• Builds the Bicep templates before deployment.

stages:
  - stage: Build
    displayName: 'Build Bicep'
    pool: $(agentPool)
    jobs:
      - job: BuildBicep
        steps:
          - checkout: self 
          - script: |
              echo "Listing files in $(Build.SourcesDirectory):"
              dir $(Build.SourcesDirectory)
            displayName: 'List Files in Sources Directory'
          - task: AzureCLI@2
            inputs:
              azureSubscription: $(serviceConnection)
              scriptType: "ps"
              scriptLocation: "inlineScript"
              inlineScript: |
                az bicep build --file $(fileToRun)

2. Deploy Stage — Deploy Image Builder Components

• Deploys Image Definition and Image Template to Azure.

- stage: Deploy
    displayName: 'Deploy Bicep'
    pool: $(agentPool)
    jobs:
      - job: DeployBicep
        steps:
          - task: AzureCLI@2
            inputs:
              azureSubscription: $(serviceConnection)
              scriptType: "ps"
              scriptLocation: "inlineScript"
              inlineScript: |
                az deployment group create --name Image_$(Build.BuildId) \
                  --resource-group 'az-uks-${{ variables.environment }}-gallery-rg' \
                  --template-file $(fileToRun) \
                  --parameters infrastructure.platform.AIB/infra/images/placeholder.json \
                  version=$(version) environment=$(environment) name=${{ parameters.image }}

3. Build Image Stage — Execute Image Builder Process

• Triggers Azure Image Builder to create the VM image.
• Waits for image build completion.

- stage: BuildImage
    displayName: 'Build Image'
    dependsOn: Deploy
    pool: $(agentPool)
    jobs:
      - job: BuildImage
        timeoutInMinutes: 120
        steps:
          - task: AzureCLI@2
            inputs:
              azureSubscription: $(serviceConnection)
              scriptType: "ps"
              scriptLocation: "inlineScript"
              inlineScript: |
                az image builder run --name ${{ variables.imageTemplateName }} \
                  --resource-group 'az-uks-${{ variables.environment }}-gallery-rg' --no-wait
                az image builder wait --name ${{ variables.imageTemplateName }} \
                  --resource-group 'az-uks-${{ variables.environment }}-gallery-rg' \
                  --custom "lastRunStatus.runState!='Running'"

Key Benefits of This Approach:

• Eliminates manual VM configuration.
• Ensures compliance with security policies.
• Reduces operational overhead.
• Enables version-controlled image updates.

Code to the project repository can be found in the link: https://dev.azure.com/pauludomi0161/MiniLab/_git/infrastructure.platform.AIB

OUTPUT OF PIPELINE RUN IN AZURE PORTAL

Azure Compute Gallery RG:

*Paul Udomi, an IT Cloud Engineer is on LinkedIn.