2. Why & What
DevOps, Dev and Ops are on the same team, same processes
How we iterate has changed, Iteration = Code change + Deployment
Frequent & Accurate deploys, Need to deploy and redeploy often & accurately = we
need our infrastructure to be code, so we know exactly what is deployed
Benefit, Infra that is code can be stored in a Repo and versioned
Anyone can deploy everything, Any team member can now deploy code &
infrastructure
@chris_noring
3. IaaS on Azure
ARM, Azure
Resoure Manager
templates, first
class citizen
Terraform, open
format that can be
used cross cloud, a
subset is supported
on Azure
@chris_noring
7. Anatomy of an ARM template
• Parameters
• Variables
• User-defined functions
• Resources
• Outputs
@chris_noring
8. Deployment
• We deploy ARM template files using (choose one)
• Powershell
• Azure CLI
@chris_noring
9. ARM – my first template
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
@chris_noring
10. Deploy the template
templateFile="azuredeploy.json"
az deployment group create
--name blanktemplate
--resource-group <resource group>
--template-file $templateFile
Translated to a REST call like so:
PUT
https://management.azure.com/subscriptions/{subscription
Id}/resourceGroups/{resourceGroupName}/providers/Micr
osoft.Storage/storageAccounts/mystorageaccount?api-
version=2016-01-01
REQUEST BODY
{
"location": "westus",
"sku": {
"name": "Standard_LRS"
},
"kind": "Storage",
"properties": {}
}
This is not a match to the command
Above ( as it creates a storage account)
@chris_noring
11. What happens on the portal side?
• portal.azure.com , go to the resource group
@chris_noring
17. ARM input parameters
"parameters": {
"storageName": {
"type": "string",
"defaultValue": "change-me",
"metadata": {
"description": "name for the storage account, should be called something like companyprefix-
region-storage"
}
}
}
@chris_noring
39. Where do I start
• Author templates using VS Code, extensions and snippets
• Existing infra, Get the ARM templates of existing infra
• Strategy, how do I want to deploy: Think about deployment
strategy for example
• Master template and linked templates
• Deploy by “product”
• Whatever strategy suits you company
@chris_noring
41. Learn more
• Introduction https://docs.microsoft.com/en-us/azure/azure-resource-
manager/templates/
• Tutorial, https://docs.microsoft.com/en-us/azure/azure-resource-
manager/templates/template-tutorial-create-first-template?tabs=azure-cli
• Template functions, https://docs.microsoft.com/en-us/azure/azure-
resource-manager/templates/template-functions
• Linked templates, https://docs.microsoft.com/en-us/azure/azure-resource-
manager/templates/linked-templates
• Testing your template, https://github.com/Azure/arm-ttk
• What-If, What if function
• Policy as Code, https://docs.microsoft.com/en-
us/azure/governance/policy/overview
42. Summary
• We need to deploy infrastructure with our app code
• IaaS, infrastructure as Code
• ARM and Terraform are supported on Azure
• You can deploy ARM templates with Powershell or Azure CLI
• Author ARM templates with VS Code or VS, please use the
extensions – it will make your life easier
43. Feedback – we want to hear from you
• https://aka.ms/Reactor/Survey, event code is 7594"
Notas do Editor
Declarative syntax, ARM templates allow you to create and deploy an entire Azure infrastructure declaratively. For example, you can deploy not only *virtual machines*, but also the *network infrastructure*, *storage systems* and any other resources you may need. In short you specify what you want and Azure provides it for you.
Repeatable results, Repeatedly deploy your infrastructure throughout the *development lifecycle* and have confidence your resources are deployed in a consistent manner. Templates are *idempotent*, which means you can deploy the same template many times and get the same resource types in the same state. You can develop one template that represents the desired state, rather than developing lots of separate templates to represent updates.
Orchestration, You don't have to worry about the complexities of ordering operations. Resource Manager *orchestrates* the deployment of interdependent resources so they're created in the correct order. When possible, Resource Manager deploys resources in *parallel* so your deployments finish faster than serial deployments. You deploy the template through *one command*, rather than through multiple imperative commands.
Module files, You can break your templates into smaller, reusable components and *link* them together at deployment time. You can also nest one template inside another templates.
Create any Azure resource, You can immediately use new Azure services and features in templates. As soon as a resource provider introduces new resources, you can deploy those resources through templates. You don't have to wait for tools or modules to be updated before using the new services.
Extensibility, With *deployment scripts*, you can add PowerShell or Bash scripts to your templates. The deployment scripts extend your ability to set up resources during deployment. A script can be included in the template, or stored in an external source and referenced in the template. Deployment scripts give you the ability to complete your end-to-end environment setup in a single ARM template.
Testing, You can make sure your template follows recommended guidelines by testing it with the ARM template tool kit (*arm-ttk*). This test kit is a PowerShell script that you can download from GitHub. The tool kit makes it easier for you to develop expertise using the template language. > https://github.com/Azure/arm-ttk
Preview changes, You can use the *what-if* operation to get a preview of changes before deploying the template. With *what-if*, you see which resources will be created, updated, or deleted, and any resource properties that will change. The *what-if* operation checks the current state of your environment and eliminates the need to manage state.https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/template-deploy-what-if?tabs=azure-powershell
Built-in validation, Your template is deployed only after passing validation. Resource Manager checks the template before starting the deployment to make sure the deployment will succeed. Your deployment is less likely to stop in a half-finished state.
Tracked deployments, In the Azure portal, you can review the deployment history and get information about the template deployment. You can see the template that was deployed, the parameter values passed in, and any output values. Other infrastructure as code services aren't tracked through the portal. https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/media/overview/deployment-history.png
- Policy as code, Azure Policy is a policy as code framework to automate governance. If you're using Azure policies, policy remediation is done on non-compliant resources when deployed through templates.
https://docs.microsoft.com/en-us/azure/governance/policy/overview
Deployment blueprints, You can take advantage of Blueprints provided by Microsoft to meet regulatory and compliance standards. These blueprints include pre-built templates for various architectures.
CI/CD integration, You can integrate templates into your continuous integration and continuous deployment (CI/CD) tools, which can automate your release pipelines for fast and reliable application and infrastructure updates. By using Azure DevOps and Resource Manager template task, you can use Azure Pipelines to continuously build and deploy ARM template projects. To learn more, see VS project with pipelines and Tutorial: Continuous integration of Azure Resource Manager templates with Azure Pipelines.
Exportable code, You can get a template for an existing resource group by either exporting the current state of the resource group, or viewing the template used for a particular deployment. Viewing the exported template is a helpful way to learn about the template syntax.
Authoring tools, You can author templates with Visual Studio Code and the template tool extension. You get intellisense, syntax highlighting, in-line help, and many other language functions. In addition to Visual Studio code, you can also use Visual Studio.
Lot’s and lots of JSON.
It might look unreadable
How can I ever write this by hand?
Good news – you don’t have to
there are great extensions for Visual Studio as well as VS Code that helps us with auto completion, syntax highlighting and snippets
Azure CLI, what can it do
Intellisense, Name files with extension .azcli
Snippets
Run command in terminal & side-by-side view
Mouse over Documentation
Status display at the bottom
Azure Resource manager
Template language completion
Validation
Error guidance
Schema and API validation, Validation against schema and api version
Template outline view, for easy overview of large schemas
Expression Colorization, for expressions
JSON analysis and syntax validation, Analyze and validate JSON syntax
Snippets
Commands, e.g Insert item in JSON and outline view, right-click on `resources`
Parameters, is input variables, so you can flexible templates for different environments
Variables, internal variables that can aid us
User-defined functions, we can define our own custom functions, there are a lot of defined functions that can help us as well
Resources, this is what we deploy, like storage accounts, virtual machines, web apps, databases and more
Outputs, we can have our template return a result, we might want to return things like password, endpoint URLs so we don’t have to log in to our portal and find that info or write an extra command
Both Powershell and Azure CLI are well supported to use to deploy your templates.
I will use azure-cli throughout this presentation.
Have a look at the links at the end of this presentation where I link to a tutorial using both Powershell and Azure-CLI, you want Powershell.
Schema, All templates have a schema, schema might look different depending on what you are trying to accomplish
Version, They also have a version
Resources, this is where the resources should be declared
Specify a variable pointing to the path of where our ARM template is located
Perform our command `deployment group create` - deploy to a resource group
3. Your command is translated to a HTTP request with a BODY
1. Go to portal.azure.com
2. Click deployment link on the right, It has created the deployment on the resource group
We can drill into details by clicking into the link.
The detail of the deployment shows
Inputs, if we have an parameter inputs
Outputs, if we returned anything from the ARM template
Template, this is the JSOn we just deployed
Let’s add a resource this time by adding an entry to the the resources
Locate the `resources` array
Add an entry. The `type` says we have a storageAccount
Set location `eastus`, set whatever location make sense to you
SKU, set whatever SKU make sense, depending on your needs. We will look at different SKUs later
- Start from a template with empty resources array
We want to be able to provide parameters into the template to make it flexible.
We might want to reuse a value all over the template.
Great if you want to reuse the template for different environments.
defaultValue will be used if no valus is provided
We’ve covered how you can create a first parameter and call it as part of the deployment.
We can do this even better if we specify a list of allowed values
Allowed values is a list of values that the parameter can assume, anything else will lead to a validation error
Imagine you have a case where you want all deployed resources end up on the same location by default, how would you solve that?
Answer, use a built-in template function, `resourceGroup().location`. `resourceGroup()` returns the current resource group we are deploying to.
There are a lot of functions, I’ve added a link at the end of the deck so you can explore what else is there.
https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/template-functions
Reuse
Variables simplify your templates by enabling you to write an expression once and reuse it throughout the template
Tired of guessing unique namesExample case - The parameter for the storage account name is hard-to-use because you have to provide a unique name. You're probably tired of guessing a unique name.
We can return values from a template
reference(), this a function that given a value can look up an object during runtime and give us a property, for example `primaryEndpoints`
primaryEndpoints, contains the URLs we can talk to
This is a big topic, there are a lots and lots of helper functions for this. The idea is to create some utility functions that can take input and produce output to suit your needs
Namespace, e.g `company`
Company, the name of our function
Parameters, our input parameters
Output, our return section but `value` is where we write our function logic.