IaaS with ARM templates for Azure
•Transferir como PPTX, PDF•
1 gostou•254 visualizações
A talk on Infrastructure as Code using ARM templates for Azure. Examples are shown with Azure CLI
Recomendados
Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (20)
Semelhante a IaaS with ARM templates for Azure
Semelhante a IaaS with ARM templates for Azure (20)
Mais de Christoffer Noring
Mais de Christoffer Noring (20)
Último
Último (20)
IaaS with ARM templates for Azure
- 1. INFRASTRUCTURE AS CODE With ARM templates Senior Cloud Advocate at Microsoft Chris Noring @chris_noring
- 2. Why & What DevOps, Dev and Ops are on the same team, same processes How we iterate has changed, Iteration = Code change + Deployment Frequent & Accurate deploys, Need to deploy and redeploy often & accurately = we need our infrastructure to be code, so we know exactly what is deployed Benefit, Infra that is code can be stored in a Repo and versioned Anyone can deploy everything, Any team member can now deploy code & infrastructure @chris_noring
- 3. IaaS on Azure ARM, Azure Resoure Manager templates, first class citizen Terraform, open format that can be used cross cloud, a subset is supported on Azure @chris_noring
- 4. Why ARM Declarative syntax Repeatable results Orchestration Module files Create any Azure resource Extensibility Testing Preview changes Built-in validation Tracked deployments Policy as Code Deployment blueprints CI/CD integration Exportable code Authoring tools @chris_noring
- 5. An ARM template is JSON { "$schema": "https://schema.management.azure.com/schemas/2019-04- 01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "storageName": { "type": "string", "minLength": 3, "maxLength": 24 }, "storageSKU": { "type": "string", "defaultValue": "Standard_LRS", "allowedValues": [ "Standard_LRS", "Standard_GRS", "Standard_RAGRS", "Standard_ZRS", "Premium_LRS", "Premium_ZRS", "Standard_GZRS", "Standard_RAGZRS" ] } }, "resources": [ { "type": "Microsoft.Storage/storageAccounts", "apiVersion": "2019-04-01", "tags": { "displayName": "[utils.Company(parameters('storageName'))]" }, "name": "[parameters('storageName')]", "location": "eastus", "sku": { "name": "[parameters('storageSKU')]" }, "kind": "StorageV2", "properties": { "supportsHttpsTrafficOnly": true } } ], "functions": [ { "namespace": "utils", "members": { "Company": { "parameters": [ { "name": "in", "type": "string" } ], @chris_noring Send help!!
- 7. Anatomy of an ARM template • Parameters • Variables • User-defined functions • Resources • Outputs @chris_noring
- 8. Deployment • We deploy ARM template files using (choose one) • Powershell • Azure CLI @chris_noring
- 9. ARM – my first template { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "resources": [] } @chris_noring
- 10. Deploy the template templateFile="azuredeploy.json" az deployment group create --name blanktemplate --resource-group <resource group> --template-file $templateFile Translated to a REST call like so: PUT https://management.azure.com/subscriptions/{subscription Id}/resourceGroups/{resourceGroupName}/providers/Micr osoft.Storage/storageAccounts/mystorageaccount?api- version=2016-01-01 REQUEST BODY { "location": "westus", "sku": { "name": "Standard_LRS" }, "kind": "Storage", "properties": {} } This is not a match to the command Above ( as it creates a storage account) @chris_noring
- 11. What happens on the portal side? • portal.azure.com , go to the resource group @chris_noring
- 13. ARM – deploy a resource { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "resources": [ { "name": "storageaccount1", "type": "Microsoft.Storage/storageAccounts", "apiVersion": "2019-06-01", "tags": { "displayName": "storageaccount1" }, "location": "eastus", "kind": "StorageV2", "sku": { "name": "Premium_LRS", "tier": "Premium" }}] } @chris_noring
- 14. DEMO – add resource @chris_noring
- 16. Deploy the template templateFile="azure-storage-deploy.json" az deployment group create --name addstorage --resource-group <my resource group> --template-file $templateFile @chris_noring
- 17. ARM input parameters "parameters": { "storageName": { "type": "string", "defaultValue": "change-me", "metadata": { "description": "name for the storage account, should be called something like companyprefix- region-storage" } } } @chris_noring
- 18. ARM, input parameters, usage { "name": "[parameters('storageName')]", "type": "Microsoft.Storage/storageAccounts", "apiVersion": "2019-06-01", "tags": { "displayName": "[parameters('storageName')]" }, "location": "eastus", "kind": "StorageV2", "sku": { "name": "Premium_LRS", "tier": "Premium" } } @chris_noring
- 19. DEMO – add parameter @chris_noring
- 21. Deploy template az deployment group create --name addnameparameter --resource-group <resource group name> --template-file azure-parameter.json --parameters storageName=storageuniquename @chris_noring
- 22. ARM parameters, allowed values "storageSKU": { "type": "string", "defaultValue": "Standard_LRS", "allowedValues": [ "Standard_LRS", "Standard_GRS", "Standard_RAGRS", "Standard_ZRS", "Premium_LRS", "Premium_ZRS", "Standard_GZRS", "Standard_RAGZRS" ] } @chris_noring
- 23. ARM template functions "location": { "type": "string", "defaultValue": "[resourceGroup().location]" } https://docs.microsoft.com/en-us/azure/azure-resource- manager/templates/template-functions @chris_noring
- 24. DEMO – add template function @chris_noring
- 26. ARM variables "variables": { "uniqueStorageName": "[concat(parameters('storagePrefix'), uniqueString(resourceGroup().id))]” } concat parameters uniqueString resourceGroup - concat(), this takes `parameters(storagePrefix)`, this is referring to the input parameter `storagePrefix`. - uniqueString() Note how the `uniqueString()` method takes `resourceGroup().id` as input. `uniqueString()` creates a 13 character hash value.v "resources": [ { "name": "[variables('uniqueStorageName')]" @chris_noring
- 29. ARM variables - deploying az deployment group create --name addnamevariable --resource-group myResourceGroup --template-file $templateFile --parameters storagePrefix=store storageSKU=Standard_LRS @chris_noring
- 30. ARM outputs "outputs": { "storageEndpoint": { "type": "object", "value": "[reference(variables('uniqueStorageName')).primaryEndpoints]" } } reference() primaryEndpoints @chris_noring
- 33. ARM User defined function "functions": [ { "namespace": "utils", "members": { "Company": { "parameters": [ { "name": "in", "type": "string" }], "output": { "type": "string", "value": "[concat('My Company-', parameters('in'))]" } } } }] @chris_noring
- 34. DEMO – user defined function @chris_noring
- 36. ARM Template viewer extension It’s able to take a JSON file and show what we are about to deploy visually @chris_noring
- 37. ARM template viewer @chris_noring
- 39. Where do I start • Author templates using VS Code, extensions and snippets • Existing infra, Get the ARM templates of existing infra • Strategy, how do I want to deploy: Think about deployment strategy for example • Master template and linked templates • Deploy by “product” • Whatever strategy suits you company @chris_noring
- 40. Exported template JSON template that we can copy @chris_noring
- 41. Learn more • Introduction https://docs.microsoft.com/en-us/azure/azure-resource- manager/templates/ • Tutorial, https://docs.microsoft.com/en-us/azure/azure-resource- manager/templates/template-tutorial-create-first-template?tabs=azure-cli • Template functions, https://docs.microsoft.com/en-us/azure/azure- resource-manager/templates/template-functions • Linked templates, https://docs.microsoft.com/en-us/azure/azure-resource- manager/templates/linked-templates • Testing your template, https://github.com/Azure/arm-ttk • What-If, What if function • Policy as Code, https://docs.microsoft.com/en- us/azure/governance/policy/overview
- 42. Summary • We need to deploy infrastructure with our app code • IaaS, infrastructure as Code • ARM and Terraform are supported on Azure • You can deploy ARM templates with Powershell or Azure CLI • Author ARM templates with VS Code or VS, please use the extensions – it will make your life easier
- 43. Feedback – we want to hear from you • https://aka.ms/Reactor/Survey, event code is 7594"
Notas do Editor
- Declarative syntax, ARM templates allow you to create and deploy an entire Azure infrastructure declaratively. For example, you can deploy not only *virtual machines*, but also the *network infrastructure*, *storage systems* and any other resources you may need. In short you specify what you want and Azure provides it for you. Repeatable results, Repeatedly deploy your infrastructure throughout the *development lifecycle* and have confidence your resources are deployed in a consistent manner. Templates are *idempotent*, which means you can deploy the same template many times and get the same resource types in the same state. You can develop one template that represents the desired state, rather than developing lots of separate templates to represent updates. Orchestration, You don't have to worry about the complexities of ordering operations. Resource Manager *orchestrates* the deployment of interdependent resources so they're created in the correct order. When possible, Resource Manager deploys resources in *parallel* so your deployments finish faster than serial deployments. You deploy the template through *one command*, rather than through multiple imperative commands. Module files, You can break your templates into smaller, reusable components and *link* them together at deployment time. You can also nest one template inside another templates. Create any Azure resource, You can immediately use new Azure services and features in templates. As soon as a resource provider introduces new resources, you can deploy those resources through templates. You don't have to wait for tools or modules to be updated before using the new services. Extensibility, With *deployment scripts*, you can add PowerShell or Bash scripts to your templates. The deployment scripts extend your ability to set up resources during deployment. A script can be included in the template, or stored in an external source and referenced in the template. Deployment scripts give you the ability to complete your end-to-end environment setup in a single ARM template. Testing, You can make sure your template follows recommended guidelines by testing it with the ARM template tool kit (*arm-ttk*). This test kit is a PowerShell script that you can download from GitHub. The tool kit makes it easier for you to develop expertise using the template language. > https://github.com/Azure/arm-ttk Preview changes, You can use the *what-if* operation to get a preview of changes before deploying the template. With *what-if*, you see which resources will be created, updated, or deleted, and any resource properties that will change. The *what-if* operation checks the current state of your environment and eliminates the need to manage state.https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/template-deploy-what-if?tabs=azure-powershell Built-in validation, Your template is deployed only after passing validation. Resource Manager checks the template before starting the deployment to make sure the deployment will succeed. Your deployment is less likely to stop in a half-finished state. Tracked deployments, In the Azure portal, you can review the deployment history and get information about the template deployment. You can see the template that was deployed, the parameter values passed in, and any output values. Other infrastructure as code services aren't tracked through the portal. https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/media/overview/deployment-history.png - Policy as code, Azure Policy is a policy as code framework to automate governance. If you're using Azure policies, policy remediation is done on non-compliant resources when deployed through templates. https://docs.microsoft.com/en-us/azure/governance/policy/overview Deployment blueprints, You can take advantage of Blueprints provided by Microsoft to meet regulatory and compliance standards. These blueprints include pre-built templates for various architectures. CI/CD integration, You can integrate templates into your continuous integration and continuous deployment (CI/CD) tools, which can automate your release pipelines for fast and reliable application and infrastructure updates. By using Azure DevOps and Resource Manager template task, you can use Azure Pipelines to continuously build and deploy ARM template projects. To learn more, see VS project with pipelines and Tutorial: Continuous integration of Azure Resource Manager templates with Azure Pipelines. Exportable code, You can get a template for an existing resource group by either exporting the current state of the resource group, or viewing the template used for a particular deployment. Viewing the exported template is a helpful way to learn about the template syntax. Authoring tools, You can author templates with Visual Studio Code and the template tool extension. You get intellisense, syntax highlighting, in-line help, and many other language functions. In addition to Visual Studio code, you can also use Visual Studio.
- Lot’s and lots of JSON. It might look unreadable How can I ever write this by hand? Good news – you don’t have to there are great extensions for Visual Studio as well as VS Code that helps us with auto completion, syntax highlighting and snippets
- Azure CLI, what can it do Intellisense, Name files with extension .azcli Snippets Run command in terminal & side-by-side view Mouse over Documentation Status display at the bottom Azure Resource manager Template language completion Validation Error guidance Schema and API validation, Validation against schema and api version Template outline view, for easy overview of large schemas Expression Colorization, for expressions JSON analysis and syntax validation, Analyze and validate JSON syntax Snippets Commands, e.g Insert item in JSON and outline view, right-click on `resources`
- Parameters, is input variables, so you can flexible templates for different environments Variables, internal variables that can aid us User-defined functions, we can define our own custom functions, there are a lot of defined functions that can help us as well Resources, this is what we deploy, like storage accounts, virtual machines, web apps, databases and more Outputs, we can have our template return a result, we might want to return things like password, endpoint URLs so we don’t have to log in to our portal and find that info or write an extra command
- Both Powershell and Azure CLI are well supported to use to deploy your templates. I will use azure-cli throughout this presentation. Have a look at the links at the end of this presentation where I link to a tutorial using both Powershell and Azure-CLI, you want Powershell.
- Schema, All templates have a schema, schema might look different depending on what you are trying to accomplish Version, They also have a version Resources, this is where the resources should be declared
- Specify a variable pointing to the path of where our ARM template is located Perform our command `deployment group create` - deploy to a resource group 3. Your command is translated to a HTTP request with a BODY
- 1. Go to portal.azure.com 2. Click deployment link on the right, It has created the deployment on the resource group We can drill into details by clicking into the link.
- The detail of the deployment shows Inputs, if we have an parameter inputs Outputs, if we returned anything from the ARM template Template, this is the JSOn we just deployed
- Let’s add a resource this time by adding an entry to the the resources Locate the `resources` array Add an entry. The `type` says we have a storageAccount Set location `eastus`, set whatever location make sense to you SKU, set whatever SKU make sense, depending on your needs. We will look at different SKUs later
- - Start from a template with empty resources array
- We want to be able to provide parameters into the template to make it flexible. We might want to reuse a value all over the template. Great if you want to reuse the template for different environments. defaultValue will be used if no valus is provided
- We’ve covered how you can create a first parameter and call it as part of the deployment. We can do this even better if we specify a list of allowed values Allowed values is a list of values that the parameter can assume, anything else will lead to a validation error
- Imagine you have a case where you want all deployed resources end up on the same location by default, how would you solve that? Answer, use a built-in template function, `resourceGroup().location`. `resourceGroup()` returns the current resource group we are deploying to. There are a lot of functions, I’ve added a link at the end of the deck so you can explore what else is there. https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/template-functions
- Reuse Variables simplify your templates by enabling you to write an expression once and reuse it throughout the template Tired of guessing unique names Example case - The parameter for the storage account name is hard-to-use because you have to provide a unique name. You're probably tired of guessing a unique name.
- We can return values from a template reference(), this a function that given a value can look up an object during runtime and give us a property, for example `primaryEndpoints` primaryEndpoints, contains the URLs we can talk to
- This is a big topic, there are a lots and lots of helper functions for this. The idea is to create some utility functions that can take input and produce output to suit your needs Namespace, e.g `company` Company, the name of our function Parameters, our input parameters Output, our return section but `value` is where we write our function logic.