Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

0

Share

Download to read offline

Azure Meetup Hamburg: Production-Ready Terraform Deployments on Azure

Download to read offline

Infrastructure-as-code is key to keeping up with our rapidly changing world. In this talk, you will learn everything you need to get started with Terraform on Azure. Nico will show you all the fundamentals and best practices you need to know to use Terraform on Azure. Furthermore, you will learn how to scaffold a production-ready and secure Terraform project that you can use as a blueprint for your environments.
Join Nico and walk away with all the details you need to use Terraform in production!

Related Books

Free with a 30 day trial from Scribd

See all
  • Be the first to like this

Azure Meetup Hamburg: Production-Ready Terraform Deployments on Azure

  1. 1. Production-Ready Terraform Deployments on Azure Azure Meetup Hamburg, July 2021
  2. 2. Nico Meisenzahl • Senior Cloud & DevOps Consultant at white duck • Microsoft MVP, Docker Community Leader & GitLab Hero • Container, Kubernetes, Cloud-Native & DevOps © white duck GmbH 2021 Phone: +49 8031 230159 0 Email: nico.meisenzahl@whiteduck.de Twitter: @nmeisenzahl LinkedIn: https://www.linkedin.com/in/nicomeisenzahl Blog: https://meisenzahl.org
  3. 3. Agenda • What is Infrastructure as Code and why do we need it? • Get started with Terraform • Demo: Terraform on Azure © white duck GmbH 2021
  4. 4. What is Infrastructure as Code? Infrastructure as Code (IaC) is the management and provisioning of infrastructure through code rather than manual processes. © white duck GmbH 2021
  5. 5. Infrastructure as Code is… • version controlled through Git • automated through CI/CD • reusable • self-documented • declarative © white duck GmbH 2021
  6. 6. Declarative vs imperative © white duck GmbH 2021
  7. 7. Why do we need IaC? • to prevent configuration drift • to recover quickly (rollback, restore) • to reproduce errors & test our infrastructure • to reduce costs & time-to-market © white duck GmbH 2021
  8. 8. Infrastructure vs. configuration • infrastructure orchestration is used to provision & manage immutable infrastructure like Cloud resources • e.g. provisioning of a Resource Group containing a Function App • with Terraform, ARM Templates, Pulumi, AWS CloudFormation, … • configuration management can be used to configure/maintain mutable resources • e.g. installing or configuring something within a Virtual Machine • With Ansible, Chef, Puppet, Saltstack, … © white duck GmbH 2021
  9. 9. What is Terraform? Terraform is an Infrastructure as Code tool that provides a consistent CLI workflow to manage hundreds of cloud services. Terraform codifies cloud APIs into declarative configuration files. © white duck GmbH 2021
  10. 10. What is Terraform? • contains of • a CLI • a domain specific language (DSL) • supports hundreds of cloud services • extendable and therefore flexible • is not a configuration tool • introduced and open-sourced by Hashicorp • is defacto the tool of choice © white duck GmbH 2021
  11. 11. Terraform Providers • Terraform relies on plugins called "providers" to interact with Cloud resources • Resource types are implemented by a provider • Terraform itself cannot manage any resources • are provided by • Hashicorp (official flag) • Cloud Providers and Third-Party (verified flag) • open-source community (community flag) • yourself J © white duck GmbH 2021
  12. 12. Terraform Modules • are “containers” for multiple resources that are used together • are the main way to package and reuse resource configurations • are stored locally (subfolder) or can be shared/published © white duck GmbH 2021
  13. 13. Terraform Registry © white duck GmbH 2021
  14. 14. Hashicorp Configuration Language - HCL • a DSL (domain specific language) used to describe resources • there is also the Cloud Development Kit (CDK) • supports TypeScript, Python, Java, C#, Golang • early-stage project • https://github.com/hashicorp/terraform-cdk © white duck GmbH 2021
  15. 15. HCL sample © white duck GmbH 2021
  16. 16. Terraform workflow © white duck GmbH 2021
  17. 17. Terraform State • is used to map “real world” resources to your configuration • code à state ß real world • stores Terraform-managed resources • contains all infrastructure and metadata • incl. secrets! • local by default but should be stored remote backend • Terraform Cloud • Azure Storage Account • AWS, GCP, GitLab, … • … © white duck GmbH 2021
  18. 18. Terraform CLI © white duck GmbH 2021
  19. 19. Terraform workflow © white duck GmbH 2021
  20. 20. Production-ready workflow (PR) © white duck GmbH 2021
  21. 21. Terraform sample project structure © white duck GmbH 2021
  22. 22. Generic Providers • Template Provider • allows injecting variables into config files • https://registry.terraform.io/providers/hashicorp/template/latest • Random Provider • generates random strings, id, integer, passwords • https://registry.terraform.io/providers/hashicorp/random/latest • TLS Provider • used to generate keys and certificates • https://registry.terraform.io/providers/hashicorp/tls/latest • Null Provider • advanced - helps orchestrate tricky behavior or work arounds • https://registry.terraform.io/providers/hashicorp/null/latest © white duck GmbH 2021
  23. 23. Terraform providers for Azure • Azure RM provider • https://registry.terraform.io/providers/hashicorp/azurerm/latest • Azure AAD provider • https://registry.terraform.io/providers/hashicorp/azuread/latest • Azure Stack provider • https://registry.terraform.io/providers/hashicorp/azurestack/latest • Azure DevOps provider • https://registry.terraform.io/providers/microsoft/azuredevops/latest • GitHub provider • https://registry.terraform.io/providers/integrations/github/latest © white duck GmbH 2021
  24. 24. Generic resources • Data resource • used to retrieve meta data from unmanaged resources • Remote state resource • used to retrieve meta data from “other” projects • https://registry.terraform.io/providers/hashicorp/terraform/latest/ docs/data-sources/remote_state © white duck GmbH 2021
  25. 25. Variables • input variables • serves as parameters for a module or project • output variables • child module can use outputs to expose resource attributes • print certain values in the CLI for further usage • local variables • are a convenience feature for assigning a short name to any expression © white duck GmbH 2021
  26. 26. Meta arguments & functions • Terraform supports meta arguments like • count, for_each • depends_on, lifecycle • and a variety of functions like • numeric, string, encoding, hash, crypto, … • https://www.terraform.io/docs/language/functions/index.html © white duck GmbH 2021
  27. 27. Provisioners • should only be used as a last option • are not declarative! • Terraform supports • file • local_exec • remote_exec • https://www.terraform.io/docs/language/resources/provisioners/i ndex.html © white duck GmbH 2021
  28. 28. Environment stages in Terraform • build one project for all stages (DEV, QS/QA, PROD, …) • build it customizable via variables • repositories vs branches • state management via • Terraform “Workspaces” • uses one backend with multiple states • not supported by all backends • customizable backends • different Backend configurations • inject backend details via CLI/Shell © white duck GmbH 2021
  29. 29. Terraform vs ARM Templates • Terraform • extendable and therefore flexible • multi-cloud • requires some work to run it production-ready (CI/CD, state) • also supports ARM templates for advanced use-cases • ARM Templates • first-class support on Azure (but also limited to Azure) • “only” Azure resources, no Azure AAD, etc. • easy start with Bicep (https://github.com/Azure/bicep) © white duck GmbH 2021
  30. 30. Demo: Terraform on Azure • scaffold a first Terraform project • provision some Azure resources © white duck GmbH 2021
  31. 31. Authentication with Azure RM / Azure AD • local Azure CLI • Service Principal with a Client Certificate • Service Principal with a Client Secret • Managed Identity © white duck GmbH 2021
  32. 32. Terraform scaffold for Azure • provisions • a service principal used to run Terraform on behalf • a Storage Container used to store the Terraform state file • a Key Vault containing all secrets to allow easy and secure access • https://github.com/whiteducksoftware/terraform-scaffold- for-azure © white duck GmbH 2021
  33. 33. Questions? Slides: https://www.slideshare.net/nmeisenzahl Nico Meisenzahl (Senior Cloud & DevOps Consultant) Phone: +49 8031 230159 0 Email: nico.meisenzahl@whiteduck.de Twitter: @nmeisenzahl LinkedIn: https://www.linkedin.com/in/nicomeisenzahl Blog: https://meisenzahl.org © white duck GmbH 2021

Infrastructure-as-code is key to keeping up with our rapidly changing world. In this talk, you will learn everything you need to get started with Terraform on Azure. Nico will show you all the fundamentals and best practices you need to know to use Terraform on Azure. Furthermore, you will learn how to scaffold a production-ready and secure Terraform project that you can use as a blueprint for your environments. Join Nico and walk away with all the details you need to use Terraform in production!

Views

Total views

175

On Slideshare

0

From embeds

0

Number of embeds

13

Actions

Downloads

2

Shares

0

Comments

0

Likes

0

×