Nico Meisenzahl presented on production-ready Terraform deployments on Azure. The presentation introduced Infrastructure as Code (IaC) and Terraform, discussing why IaC is needed and how Terraform works. It provided an overview of Terraform concepts like providers, modules, workflows, and authentication on Azure. The presentation concluded with a demo of using Terraform to provision Azure resources like a service principal and storage container.
2. Nico Meisenzahl
⢠Senior Cloud & DevOps Consultant at white duck
⢠Microsoft MVP, Docker Community Leader &
GitLab Hero
⢠Container, Kubernetes, Cloud-Native & DevOps
Š white duck GmbH 2021
Phone: +49 8031 230159 0
Email: nico.meisenzahl@whiteduck.de
Twitter: @nmeisenzahl
LinkedIn: https://www.linkedin.com/in/nicomeisenzahl
Blog: https://meisenzahl.org
3. Agenda
⢠What is Infrastructure as Code and why do we need it?
⢠Get started with Terraform
⢠Demo: Terraform on Azure
Š white duck GmbH 2021
4. What is Infrastructure as Code?
Infrastructure as Code (IaC) is the management and
provisioning of infrastructure through code rather
than manual processes.
Š white duck GmbH 2021
5. Infrastructure as Code isâŚ
⢠version controlled through Git
⢠automated through CI/CD
⢠reusable
⢠self-documented
⢠declarative
Š white duck GmbH 2021
7. Why do we need IaC?
⢠to prevent configuration drift
⢠to recover quickly (rollback, restore)
⢠to reproduce errors & test our infrastructure
⢠to reduce costs & time-to-market
Š white duck GmbH 2021
8. Infrastructure vs. configuration
⢠infrastructure orchestration is used to provision & manage
immutable infrastructure like Cloud resources
⢠e.g. provisioning of a Resource Group containing a Function App
⢠with Terraform, ARM Templates, Pulumi, AWS CloudFormation, âŚ
⢠configuration management can be used to configure/maintain
mutable resources
⢠e.g. installing or configuring something within a Virtual Machine
⢠With Ansible, Chef, Puppet, Saltstack, âŚ
Š white duck GmbH 2021
9. What is Terraform?
Terraform is an Infrastructure as Code tool that
provides a consistent CLI workflow to manage
hundreds of cloud services.
Terraform codifies cloud APIs into declarative
configuration files.
Š white duck GmbH 2021
10. What is Terraform?
⢠contains of
⢠a CLI
⢠a domain specific language (DSL)
⢠supports hundreds of cloud services
⢠extendable and therefore flexible
⢠is not a configuration tool
⢠introduced and open-sourced by Hashicorp
⢠is defacto the tool of choice
Š white duck GmbH 2021
11. Terraform Providers
⢠Terraform relies on plugins called "providers" to interact
with Cloud resources
⢠Resource types are implemented by a provider
⢠Terraform itself cannot manage any resources
⢠are provided by
⢠Hashicorp (official flag)
⢠Cloud Providers and Third-Party (verified flag)
⢠open-source community (community flag)
⢠yourself J
Š white duck GmbH 2021
12. Terraform Modules
⢠are âcontainersâ for multiple resources that are used
together
⢠are the main way to package and reuse resource
configurations
⢠are stored locally (subfolder) or can be shared/published
Š white duck GmbH 2021
14. Hashicorp Configuration Language - HCL
⢠a DSL (domain specific language) used to describe
resources
⢠there is also the Cloud Development Kit (CDK)
⢠supports TypeScript, Python, Java, C#, Golang
⢠early-stage project
⢠https://github.com/hashicorp/terraform-cdk
Š white duck GmbH 2021
17. Terraform State
⢠is used to map âreal worldâ resources to your configuration
⢠code à state à real world
⢠stores Terraform-managed resources
⢠contains all infrastructure and metadata
⢠incl. secrets!
⢠local by default but should be stored remote backend
⢠Terraform Cloud
⢠Azure Storage Account
⢠AWS, GCP, GitLab, âŚ
⢠âŚ
Š white duck GmbH 2021
24. Generic resources
⢠Data resource
⢠used to retrieve meta data from unmanaged resources
⢠Remote state resource
⢠used to retrieve meta data from âotherâ projects
⢠https://registry.terraform.io/providers/hashicorp/terraform/latest/
docs/data-sources/remote_state
Š white duck GmbH 2021
25. Variables
⢠input variables
⢠serves as parameters for a module or project
⢠output variables
⢠child module can use outputs to expose resource attributes
⢠print certain values in the CLI for further usage
⢠local variables
⢠are a convenience feature for assigning a short name to any
expression
Š white duck GmbH 2021
26. Meta arguments & functions
⢠Terraform supports meta arguments like
⢠count, for_each
⢠depends_on, lifecycle
⢠and a variety of functions like
⢠numeric, string, encoding, hash, crypto, âŚ
⢠https://www.terraform.io/docs/language/functions/index.html
Š white duck GmbH 2021
27. Provisioners
⢠should only be used as a last option
⢠are not declarative!
⢠Terraform supports
⢠file
⢠local_exec
⢠remote_exec
⢠https://www.terraform.io/docs/language/resources/provisioners/i
ndex.html
Š white duck GmbH 2021
28. Environment stages in Terraform
⢠build one project for all stages (DEV, QS/QA, PROD, âŚ)
⢠build it customizable via variables
⢠repositories vs branches
⢠state management via
⢠Terraform âWorkspacesâ
⢠uses one backend with multiple states
⢠not supported by all backends
⢠customizable backends
⢠different Backend configurations
⢠inject backend details via CLI/Shell
Š white duck GmbH 2021
29. Terraform vs ARM Templates
⢠Terraform
⢠extendable and therefore flexible
⢠multi-cloud
⢠requires some work to run it production-ready (CI/CD, state)
⢠also supports ARM templates for advanced use-cases
⢠ARM Templates
⢠first-class support on Azure (but also limited to Azure)
⢠âonlyâ Azure resources, no Azure AAD, etc.
⢠easy start with Bicep (https://github.com/Azure/bicep)
Š white duck GmbH 2021
30. Demo: Terraform on Azure
⢠scaffold a first Terraform project
⢠provision some Azure resources
Š white duck GmbH 2021
31. Authentication with Azure RM / Azure AD
⢠local Azure CLI
⢠Service Principal with a Client Certificate
⢠Service Principal with a Client Secret
⢠Managed Identity
Š white duck GmbH 2021
32. Terraform scaffold for Azure
⢠provisions
⢠a service principal used to run Terraform on behalf
⢠a Storage Container used to store the Terraform state file
⢠a Key Vault containing all secrets to allow easy and secure
access
⢠https://github.com/whiteducksoftware/terraform-scaffold-
for-azure
Š white duck GmbH 2021