Newsletter zu Aktionen
Trage dich ein um keine Aktionen von uns zu verpassen.
Wir senden 1-2 E-Mails pro Quartal.
In this lab, we will use ARM template and Bicep as infrastructure as code solution to deploy, replicate and enforce our environment. After this lab, you will have a better understanding of Azure Deployment, infrastructure as code for Azure with native deployment tools. Enjoy!
Throughout the lab, you are asked to open and use the CloudShell. This is not mandatory. If you have the Azure CLI and PowerShell with the
Az
-Module installed on your local machine or Lab environment, you can also use the local tools.
You are a developer in a team, that is tasked to develop a new Storage Account Explorer solution, which use at least TLS 1.2 for communication encryption. You are tasked to develop and setup the infrastructure for dev
, qa
, preprod
and prod
environment using IaC methodologies (basically doing everything).
First thing, you need to do is creating a new storage account inside the dev
environment so that your team can begin with the development of the Storage Account Explorer solution.
Create a resource
and type template
in the search box.Template deployment
from the list.Create
.Build your own template in the editor
.Required
in the list including name
, type
, apiVersion
, sku
, kind
, location
Standard_LRS
for setting the name
property of the sku
object.StorageV2
for kind
.location
as the location
of your storage account.Save
when your code is completed.Create new
below the selection box of Resource group
called azlab-<your-initial>-dev
.West Europe
as region and hit Review + create
.Create
.Your definition should look somewhat like this.
{ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "variables": { "sa-name": "[concat('draphony', uniqueString(resourceGroup().id))]" }, "resources": [ { "type": "Microsoft.Storage/storageAccounts", "apiVersion": "2021-04-01", "name": "[variables('sa-name')]", "location": "[resourceGroup().location]", "sku": { "name": "Standard_LRS" }, "kind": "StorageV2" } ] }
After the deploy of your dev
-environment is done, let us have a look at the result and confirm that your storage account has the minimum TLS version set to Version 1.2
.
Configuration
.Version 1.0
. Let’s change this to Version 1.2
using ARM template.Deployments
and click the first succeeded item on the list.Template
and copy the template.minimumTlsVersion
. (See ARM Template docs). Below you will find the full ARM template.azlab-<your-initial>
-dev
.Configuration
tab of your storage account again.Version 1.2
as Minimum TLS version. If not, hit the refresh
a couple of time until it does show it. Try to do it as often as possible in a minute. Pro Gamers have a APM of around 350. High score is noted with 818. You can beat that! (Click here to see some motivation speech on YouTube.)Your definition should look somewhat like this
{ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": {}, "variables": { "sa-name": "[concat('draphony', uniqueString(resourceGroup().id))]" }, "resources": [ { "type": "Microsoft.Storage/storageAccounts", "apiVersion": "2021-04-01", "name": "[variables('sa-name')]", "location": "[resourceGroup().location]", "sku": { "name": "Standard_LRS" }, "kind": "StorageV2", "properties": { "minimumTlsVersion": "TLS1_2" } } ] }
This is a common procedure when using IaC. We deploy a first version of our infrastructure. After evaluating or any kind of new insight, we make changes to it by updating our code and reapplying it (by redeploying it). Throughout the process, the actual data of the resources will not be destroyed or changed. If we need new resources, we just add them to the code again and redeploy. And at the end of the month we wonder why the money is gone.
After years of frustration and copying random fragments from Stack Overflow, your team and you believe that the Storage Account Explorer is done as it finally compiles (for the first time). The moment has come for YOU to duplicate dev
-environment and create qa
, preprod
and prod
-environment.
Basically, you just need to deploy the same ARM template to 3 addition resource groups, which embody the environments QA, Pre-Prod and Prod.
azlab-<your-initial>-qa
, azlab-<your-initial>
-pre
, azlab-<your-initial>
-prod
:"qa","pre","prod" | New-AzResourceGroup -Name { "azlab-<your-initial>-" + $_ } -Location "westeurope"
code template.json
in the PowerShell.azlab-<your-initial>
-
and use it as the target for our ARM template deployment. Get-AzResourceGroup -Name "azlab-<your-initial>
-*" | New-AzResourceGroupDeployment `
-ResourceGroupName {$_.ResourceGroupName } `
-Name { "Draphony.Template-" + (Get-Date -Format FileDateTimeUniversal) } `
-TemplateFile template.json `
-AsJob `
-Verbose
Get-Job | Receive-Job
Deployment
section of the resource groups to see the status.azlab-<your-initial>
-dev
, azlab-<your-initial>
-qa
, azlab-<your-initial>
-pre
, azlab-<your-initial>
-prod
).You have replicated the environment more or less manually. In a real world setup, you could and would incorporate the IaC in a CI/CD pipeline, so that each change is automatically propagate through the environments. But what happens if someone changes the infrastructure outside (e.g. manually in the Azure Portal) without following your procedure (updating the code and redeploy)?
At some point, you notice, that the different environments do differs from each other. E.g. some QA team members are adding additional resources to implement their custom procedure of test data generation although a unified procedure has been agreed or dev team members temporary increase the SKU of virtual machines.
In this exercise, we will use the complete
mode to enforce environment consistency. Please also consider the public shaming of the particular team mates – people loves that – which we will not demonstrate here.
azlab-<your-initial>
-qa
manually. E.g. an virtual network. You can but don’t need to use a ARM template for this. You can just click it together in the portal. The resource type itself does not matter as this is just a simulation of the environment derivation.Complete
mode into all the resource groups azlab-<your-initial>
-dev
, azlab-<your-initial>
-qa
, azlab-<your-initial>
-pre
, azlab-<your-initial>
-prod
using the PowerShellGet-AzResourceGroup -Name "azlab-<your-initial>
-*" | New-AzResourceGroupDeployment `
-ResourceGroupName {$_.ResourceGroupName } `
-Name { "Draphony.Template-" + (Get-Date -Format FileDateTimeUniversal) } `
-Mode Complete `
-TemplateFile template.json`
-AsJob `
-Verbose `
-Force
Deployment
section of the resource groups to see the status.azlab-<your-initial>
-qa
, the extra resource from step 2 should be deleted.Deployment
section of your azlab-<your-initial>
-qa
resource group.Deployment
section of your azlab-<your-initial>
-qa
resource group.-Name { "Draphony.Template-" + (Get-Date -Format FileDateTimeUniversal) }
and number 4.Deployment
section of your azlab-<your-initial>
-qa
resource group.Draphony.Template-20220829T1032175252Z
-Name "Draphony.Template-20220829T1032175252Z"
and number 4.listKeys
just needs the resourceName
and the API Version, which you can find at the REST API documentation for Storage Accounts – List Keysstring
."[listKeys(...).prop1[0].value]"
After a while, your team mates are complaining, that the ARM template is getting bigger and bigger as it continue to grow. And as we know, more code means more potential bugs. Your desperate attempts to calm everyone down with statements like „I don’t care“, „Write no code then it stays short“ and „MOO“ failed. You are tasked to improve the procedure!
Luckily Microsoft offers Bicep, which creates shorter code. Bicep even offers a way to convert existing ARM templates to Bicep template and is supported natively by the common used tools PowerShell, Azure CLI and Azure DevOps( see AzureResourceManagerTemplateDeployment
). You believe transition should be smooth and give it a try:
az bicep decompile -f template.json
template.bicep
You may want to open the file and inspect the result by running code template.bicep
. Notice that the file is shorter as it drops all the brackets required by JSON. In real scenarios with many resources, the saving is usually huge.Get-AzResourceGroup -Name "azlab-<your-initial>
-*" | New-AzResourceGroupDeployment `
-ResourceGroupName {$_.ResourceGroupName } `
-Name { "Draphony.Template-" + (Get-Date -Format FileDateTimeUniversal) } `
-Mode Complete `
-TemplateFile template.bicep`
-AsJob `
-Verbose `
-Force
Get-Job | Receive-Job
Deployment
section of the resource groups to see the status.Deployment
-Tab of your azlab-<your-initial>
-qa
resource group.Template
.Your team loves the new Bicep as they can split logic into modules unlike in ARM templates for better maintenance and reuse. Support for loops and condition render code shorter.
After a short moment, you notice something strange. You recall, that you just returned to your sit after you had handed-in the form to request a new server with 2 approval levels and expected 6 months waiting period… what is happening now? A Total Recall?
The tools used in this lab are quite powerful when you solely work with Azure. But most of the time, this is not enough even if your company’s strategy is the Microsoft eco system. Because ARM / Bicep only works for the Azure Cloud itself. For development, you will need to setup your Azure DevOps project such as Azure Repo, Azure Pipeline, Azure Artifacts and so on or similiar solution like GitHub, GitLabs etc. Furthermore your company may also want to use multiple cloud provider to mitigate its dependency on a single cloud provider and leverage the best offers and features set from various providers such as Azure, AWS, Google Cloud and many more.
In such case, you would need a solution that supports multiple cloud providers. At best, it should be vendor agnostic. Terraform is one of such. It is easy to use, it does support multiple cloud providers in the same project and even in the same code file. It has many nice syntax sugar, configuration options and great support by the community.
Checkout other labs from Draphony to learn more about Terraform:
If you enjoyed the lab or have any questions / feedback, please leave us a comment.
Trage dich ein um keine Aktionen von uns zu verpassen.
Wir senden 1-2 E-Mails pro Quartal.