Getting Started with DevOps

Learn how to get started with the DevOps service, and the prerequisites for using it.

Prerequisites

Learn what to do before you begin using the DevOps service including setting up policies.

Each service in Oracle Cloud Infrastructure integrates with Identity Access Management (IAM) for authentication and authorization, for all interfaces (the Console, SDK and CLI, and REST API). Before you begin using the DevOps service, you must meet the following prerequisites:

  • Create policies to control who has access to DevOps, and the type of access for each group of users. By default only users in the Administrators group have access to all DevOps resources. For new administrators, see Getting Started with Policies.
  • An administrator needs to set up groups , compartments , and policies  that control which users can access which services, which resources, and the type of access. For a complete list of policies, see Policy Reference. For details about writing policies for the DevOps service, see DevOps IAM Policies.

    For example, to allow users in the group devops-admins to create project, environment, add artifacts, create pipeline, and run pipeline in the compartment deploy-app:

    Allow group devops-admins to manage devops-family in compartment deploy-app

Accessing DevOps

To use the DevOps service, you must be granted the required type of access in a policy written by an administrator, whether you're using the Console, REST API, or SDK and CLI.

Instructions for all three methods are included throughout this guide.

  • To access the Oracle Cloud Console, you must have an Oracle Cloud Infrastructure (OCI) account (User, Password, and Tenant). You must use a supported browser. For information, see Security Credentials.
    Note

    Avoid entering confidential information when assigning descriptions, tags, or friendly names to your cloud resources through the Oracle Cloud Infrastructure Console, API, or CLI. This applies when creating or editing project resources such as environments and pipelines.
  • To use the OCI CLI or REST APIs, you can either set up your environment, or use Oracle Cloud Infrastructure Cloud Shell.
  • If you perform an action and get a message that you don’t have permission or are unauthorized, confirm with your administrator the type of access you were granted.

Accessing OCI Resources

To allow the pipeline resources in the DevOps service to access OCI resources for deployment, you need to create a dynamic group and several policies.

  1. Create a dynamic group for your DevOps pipelines. See Managing Dynamic Groups.
  2. Create an IAM policy to allow the newly created dynamic group to access the OCI resources. For more information, see Getting Started with Policies. For example:
    Allow dynamic-group <dynamic_group_name> to use all-resources in compartment <compartment_name>
  3. Create policies if you want to grant access to any specific resource such as artifacts. For example, allow users in the group DevOpsUsers to use repositories in the specified compartment:
    Allow group <user_group_name> to use repositories in compartment <compartment_name>
  4. Create policies to grant access to other OCI services such as Compute, Container Engine for Kubernetes, and Functions. For example, allow users in the group DevOpsUsers to use OCI services in the specified compartment:
    Allow group <user_group_name> to use functions-family in compartment <compartment-name>
    Allow group <user_group_name> to use cluster-family in compartment <compartment-name>
    Allow group <user_group_name> to use instances in compartment <compartment-name>

For a complete list of policies, see Policy Reference.

Accessing Artifact Registry

Oracle Cloud Infrastructure Artifact Registry is a repository service for storing, sharing, and managing software development packages.

You can access the artifacts that you store in Artifacts Registry directly from a DevOps deployment pipeline. To access Artifact Registry from the DevOps service, your administrator must grant the read all-artifacts permission to the deployment pipeline resources and the compute instance groups.

The read all-artifacts permission allows the DevOps service to get information and download the following resources:

  • Artifact Registry: artifact-repositories
  • Artifact Registry: generic-artifacts
  • Compute instances: instance-images
  • Container Registry: repos

To access the artifacts from the deployment pipeline, follow these steps:

  • Create dynamic groups for your deployment pipelines and instance groups. See Managing Dynamic Groups.
  • Create IAM policies to allow the newly created dynamic groups to access the artifacts from a specific compartment. For example:
    Allow dynamic-group <dynamic_group_name> to read all-artifacts in compartment <compartment_name>
    Example to access compute instance images:
    Allow dynamic-group <dynamic_group_name> to read instance-images in compartment <compartment_name>

    For more information, see Writing Policies for Dynamic Groups.

Resource Identifiers

DevOps resources, like most types of resources in Oracle Cloud Infrastructure, have a unique, Oracle-assigned identifier called an Oracle Cloud ID (OCID).

For information about the OCID format and other ways to identify your resources, see Resource Identifiers.

Service Limits

Know the DevOps service limits for your region.

Resource Limit Short Name Monthly or Annual Universal Credits Pay-as-You-Go Description
Projects devops-project-count 5000 1000 Maximum number of projects available in DevOps.
Pipelines deployment-pipeline-count 5000 1000 Maximum number of pipelines available in DevOps.
Pipelines deployment-stages-per-pipeline-count 500 100 Maximum number of stages per deployment pipeline available in DevOps.
Deployments concurrent-deployment-count 500 100 Maximum number of concurrent deployments available in DevOps.
Environments devops-environment-count 15000 3000 Maximum number of environments available in DevOps.
Artifacts devops-artifact-count 5000 1000 Maximum number of artifacts available in DevOps.

To check your limits for DevOps:

  1. In the Console, open the navigation menu, and click Governance & Administration. Under Governance, click Limits, Quotas, and Usage.
  2. Filter for the following values:
    1. Service: DevOps
    2. Scope: <your-region>
    3. Resource: Artifact Count, Concurrent Deployment Count, Environment Count, Max number of Deployment Pipelines, Max Stages in a Deployment Pipeline
    4. Compartment: <your-tenancy-namespace > (root)

To increase your service limits:

  1. In the Console, open the navigation menu, and click Governance & Administration. Under Governance, click Limits, Quotas, and Usage.
  2. Click the request a service limit increase link. Only administrators can make the request.

For more information, see Service Limits. For a list of regions where the OCI services are available, see Regions and Availability Domains.