SlideShare uma empresa Scribd logo

Azure Meetup Hamburg: Production-Ready Terraform Deployments on Azure

•
•
Nico Meisenzahl
Nico Meisenzahl

Nico Meisenzahl presented on production-ready Terraform deployments on Azure. The presentation introduced Infrastructure as Code (IaC) and Terraform, discussing why IaC is needed and how Terraform works. It provided an overview of Terraform concepts like providers, modules, workflows, and authentication on Azure. The presentation concluded with a demo of using Terraform to provision Azure resources like a service principal and storage container.

Tecnologia
1 de 33
Baixar para ler offline
Production-Ready Terraform Deployments on Azure Azure Meetup Hamburg, July 2021
Nico Meisenzahl • Senior Cloud & DevOps Consultant at white duck • Microsoft MVP, Docker Community Leader & GitLab Hero • Container, Kubernetes, Cloud-Native & DevOps © white duck GmbH 2021 Phone: +49 8031 230159 0 Email: nico.meisenzahl@whiteduck.de Twitter: @nmeisenzahl LinkedIn: https://www.linkedin.com/in/nicomeisenzahl Blog: https://meisenzahl.org
Agenda • What is Infrastructure as Code and why do we need it? • Get started with Terraform • Demo: Terraform on Azure © white duck GmbH 2021
What is Infrastructure as Code? Infrastructure as Code (IaC) is the management and provisioning of infrastructure through code rather than manual processes. Š white duck GmbH 2021
Infrastructure as Code is… • version controlled through Git • automated through CI/CD • reusable • self-documented • declarative © white duck GmbH 2021
Declarative vs imperative Š white duck GmbH 2021
Why do we need IaC? • to prevent configuration drift • to recover quickly (rollback, restore) • to reproduce errors & test our infrastructure • to reduce costs & time-to-market © white duck GmbH 2021
Infrastructure vs. configuration • infrastructure orchestration is used to provision & manage immutable infrastructure like Cloud resources • e.g. provisioning of a Resource Group containing a Function App • with Terraform, ARM Templates, Pulumi, AWS CloudFormation, … • configuration management can be used to configure/maintain mutable resources • e.g. installing or configuring something within a Virtual Machine • With Ansible, Chef, Puppet, Saltstack, … © white duck GmbH 2021
What is Terraform? Terraform is an Infrastructure as Code tool that provides a consistent CLI workflow to manage hundreds of cloud services. Terraform codifies cloud APIs into declarative configuration files. Š white duck GmbH 2021
What is Terraform? • contains of • a CLI • a domain specific language (DSL) • supports hundreds of cloud services • extendable and therefore flexible • is not a configuration tool • introduced and open-sourced by Hashicorp • is defacto the tool of choice © white duck GmbH 2021
Terraform Providers • Terraform relies on plugins called "providers" to interact with Cloud resources • Resource types are implemented by a provider • Terraform itself cannot manage any resources • are provided by • Hashicorp (official flag) • Cloud Providers and Third-Party (verified flag) • open-source community (community flag) • yourself J © white duck GmbH 2021
Terraform Modules • are “containers” for multiple resources that are used together • are the main way to package and reuse resource configurations • are stored locally (subfolder) or can be shared/published © white duck GmbH 2021
Terraform Registry Š white duck GmbH 2021
Hashicorp Configuration Language - HCL • a DSL (domain specific language) used to describe resources • there is also the Cloud Development Kit (CDK) • supports TypeScript, Python, Java, C#, Golang • early-stage project • https://github.com/hashicorp/terraform-cdk © white duck GmbH 2021
HCL sample Š white duck GmbH 2021
Terraform workflow Š white duck GmbH 2021
Terraform State • is used to map “real world” resources to your configuration • code à state ß real world • stores Terraform-managed resources • contains all infrastructure and metadata • incl. secrets! • local by default but should be stored remote backend • Terraform Cloud • Azure Storage Account • AWS, GCP, GitLab, … • … © white duck GmbH 2021
Terraform CLI Š white duck GmbH 2021
Terraform workflow Š white duck GmbH 2021
Production-ready workflow (PR) Š white duck GmbH 2021
Terraform sample project structure Š white duck GmbH 2021
Generic Providers • Template Provider • allows injecting variables into config files • https://registry.terraform.io/providers/hashicorp/template/latest • Random Provider • generates random strings, id, integer, passwords • https://registry.terraform.io/providers/hashicorp/random/latest • TLS Provider • used to generate keys and certificates • https://registry.terraform.io/providers/hashicorp/tls/latest • Null Provider • advanced - helps orchestrate tricky behavior or work arounds • https://registry.terraform.io/providers/hashicorp/null/latest © white duck GmbH 2021
Terraform providers for Azure • Azure RM provider • https://registry.terraform.io/providers/hashicorp/azurerm/latest • Azure AAD provider • https://registry.terraform.io/providers/hashicorp/azuread/latest • Azure Stack provider • https://registry.terraform.io/providers/hashicorp/azurestack/latest • Azure DevOps provider • https://registry.terraform.io/providers/microsoft/azuredevops/latest • GitHub provider • https://registry.terraform.io/providers/integrations/github/latest © white duck GmbH 2021
Generic resources • Data resource • used to retrieve meta data from unmanaged resources • Remote state resource • used to retrieve meta data from “other” projects • https://registry.terraform.io/providers/hashicorp/terraform/latest/ docs/data-sources/remote_state © white duck GmbH 2021
Variables • input variables • serves as parameters for a module or project • output variables • child module can use outputs to expose resource attributes • print certain values in the CLI for further usage • local variables • are a convenience feature for assigning a short name to any expression © white duck GmbH 2021
Meta arguments & functions • Terraform supports meta arguments like • count, for_each • depends_on, lifecycle • and a variety of functions like • numeric, string, encoding, hash, crypto, … • https://www.terraform.io/docs/language/functions/index.html © white duck GmbH 2021
Provisioners • should only be used as a last option • are not declarative! • Terraform supports • file • local_exec • remote_exec • https://www.terraform.io/docs/language/resources/provisioners/i ndex.html © white duck GmbH 2021
Environment stages in Terraform • build one project for all stages (DEV, QS/QA, PROD, …) • build it customizable via variables • repositories vs branches • state management via • Terraform “Workspaces” • uses one backend with multiple states • not supported by all backends • customizable backends • different Backend configurations • inject backend details via CLI/Shell © white duck GmbH 2021
Terraform vs ARM Templates • Terraform • extendable and therefore flexible • multi-cloud • requires some work to run it production-ready (CI/CD, state) • also supports ARM templates for advanced use-cases • ARM Templates • first-class support on Azure (but also limited to Azure) • “only” Azure resources, no Azure AAD, etc. • easy start with Bicep (https://github.com/Azure/bicep) © white duck GmbH 2021
Demo: Terraform on Azure • scaffold a first Terraform project • provision some Azure resources © white duck GmbH 2021
Authentication with Azure RM / Azure AD • local Azure CLI • Service Principal with a Client Certificate • Service Principal with a Client Secret • Managed Identity © white duck GmbH 2021
Terraform scaffold for Azure • provisions • a service principal used to run Terraform on behalf • a Storage Container used to store the Terraform state file • a Key Vault containing all secrets to allow easy and secure access • https://github.com/whiteducksoftware/terraform-scaffold- for-azure © white duck GmbH 2021
Questions? Slides: https://www.slideshare.net/nmeisenzahl Nico Meisenzahl (Senior Cloud & DevOps Consultant) Phone: +49 8031 230159 0 Email: nico.meisenzahl@whiteduck.de Twitter: @nmeisenzahl LinkedIn: https://www.linkedin.com/in/nicomeisenzahl Blog: https://meisenzahl.org Š white duck GmbH 2021

Recomendados

DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?
DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?
DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?
Nico Meisenzahl
 
Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021
Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021
Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021
Nico Meisenzahl
 
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
Nico Meisenzahl
 
Die Evolution von Container Image Builds
Die Evolution von Container Image BuildsDie Evolution von Container Image Builds
Die Evolution von Container Image Builds
Nico Meisenzahl
 
Azure Rosenheim Meetup: Azure Service Operator
Azure Rosenheim Meetup: Azure Service OperatorAzure Rosenheim Meetup: Azure Service Operator
Azure Rosenheim Meetup: Azure Service Operator
Nico Meisenzahl
 
Continuous Lifecycle: Hijack Kubernetes
Continuous Lifecycle: Hijack KubernetesContinuous Lifecycle: Hijack Kubernetes
Continuous Lifecycle: Hijack Kubernetes
Nico Meisenzahl
 
GitHub Actions 101
GitHub Actions 101GitHub Actions 101
GitHub Actions 101
Nico Meisenzahl
 
azdevcom - Hijack a Kubernetes Cluster
azdevcom - Hijack a Kubernetes Clusterazdevcom - Hijack a Kubernetes Cluster
azdevcom - Hijack a Kubernetes Cluster
Nico Meisenzahl
 

Recomendados

DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?
DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?
DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?
Nico Meisenzahl
 
Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021
Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021
Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021
Nico Meisenzahl
 
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
Nico Meisenzahl
 
Die Evolution von Container Image Builds
Die Evolution von Container Image BuildsDie Evolution von Container Image Builds
Die Evolution von Container Image Builds
Nico Meisenzahl
 
Azure Rosenheim Meetup: Azure Service Operator
Azure Rosenheim Meetup: Azure Service OperatorAzure Rosenheim Meetup: Azure Service Operator
Azure Rosenheim Meetup: Azure Service Operator
Nico Meisenzahl
 
Continuous Lifecycle: Hijack Kubernetes
Continuous Lifecycle: Hijack KubernetesContinuous Lifecycle: Hijack Kubernetes
Continuous Lifecycle: Hijack Kubernetes
Nico Meisenzahl
 
GitHub Actions 101
GitHub Actions 101GitHub Actions 101
GitHub Actions 101
Nico Meisenzahl
 
azdevcom - Hijack a Kubernetes Cluster
azdevcom - Hijack a Kubernetes Clusterazdevcom - Hijack a Kubernetes Cluster
azdevcom - Hijack a Kubernetes Cluster
Nico Meisenzahl
 
Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!
Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!
Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!
Nico Meisenzahl
 
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a WalkthroughHijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a Walkthrough
Nico Meisenzahl
 
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
Nico Meisenzahl
 
Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Y...
Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Y...Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Y...
Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Y...
Nico Meisenzahl
 
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CDGitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
Nico Meisenzahl
 
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Nico Meisenzahl
 
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a WalkthroughHijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a Walkthrough
Nico Meisenzahl
 
FestiveTechCalendar2021 - Have Yourself An​ Azure Container Registry
FestiveTechCalendar2021 - Have Yourself An​ Azure Container RegistryFestiveTechCalendar2021 - Have Yourself An​ Azure Container Registry
FestiveTechCalendar2021 - Have Yourself An​ Azure Container Registry
Philip Welz
 
Enhance Your Kubernetes CI/CD Pipelines With GitLab & Open Source
Enhance Your Kubernetes CI/CD Pipelines With GitLab & Open SourceEnhance Your Kubernetes CI/CD Pipelines With GitLab & Open Source
Enhance Your Kubernetes CI/CD Pipelines With GitLab & Open Source
Nico Meisenzahl
 
Policy & Governance fĂźr Kubernetes
Policy & Governance fĂźr KubernetesPolicy & Governance fĂźr Kubernetes
Policy & Governance fĂźr Kubernetes
Nico Meisenzahl
 
GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure ...
GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure ...GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure ...
GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure ...
Nico Meisenzahl
 
The Future of Workflow Automation Is Now - Hassle-Free ARM Template Deploymen...
The Future of Workflow Automation Is Now - Hassle-Free ARM Template Deploymen...The Future of Workflow Automation Is Now - Hassle-Free ARM Template Deploymen...
The Future of Workflow Automation Is Now - Hassle-Free ARM Template Deploymen...
Nico Meisenzahl
 
Was ist ein Service Mesh und wie funktioniert es?
Was ist ein Service Mesh und wie funktioniert es?Was ist ein Service Mesh und wie funktioniert es?
Was ist ein Service Mesh und wie funktioniert es?
Cloud Native Rosenheim Meetup
 
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
Nico Meisenzahl
 
Docker Rosenheim Meetup: Policy & Governance for Kubernetes
Docker Rosenheim Meetup: Policy & Governance for KubernetesDocker Rosenheim Meetup: Policy & Governance for Kubernetes
Docker Rosenheim Meetup: Policy & Governance for Kubernetes
Nico Meisenzahl
 
Virtual Azure Community Day: Azure Kubernetes Service Basics
Virtual Azure Community Day: Azure Kubernetes Service BasicsVirtual Azure Community Day: Azure Kubernetes Service Basics
Virtual Azure Community Day: Azure Kubernetes Service Basics
Nico Meisenzahl
 
DevOps Gathering - How Containerized Pipelines Can Boost Your CI/CD
DevOps Gathering - How Containerized Pipelines Can Boost Your CI/CDDevOps Gathering - How Containerized Pipelines Can Boost Your CI/CD
DevOps Gathering - How Containerized Pipelines Can Boost Your CI/CD
Nico Meisenzahl
 
Global Azure Bootcamp: Container, Docker & Kubernetes Basics
Global Azure Bootcamp: Container, Docker & Kubernetes BasicsGlobal Azure Bootcamp: Container, Docker & Kubernetes Basics
Global Azure Bootcamp: Container, Docker & Kubernetes Basics
Nico Meisenzahl
 
DevOpsCon London: How containerized Pipelines can boost your CI/CD
DevOpsCon London: How containerized Pipelines can boost your CI/CDDevOpsCon London: How containerized Pipelines can boost your CI/CD
DevOpsCon London: How containerized Pipelines can boost your CI/CD
Nico Meisenzahl
 
Monitor Traefik with Prometheus
Monitor Traefik with PrometheusMonitor Traefik with Prometheus
Monitor Traefik with Prometheus
Brian Christner
 
AzDevCom2021 - Bicep vs Terraform
AzDevCom2021 - Bicep vs TerraformAzDevCom2021 - Bicep vs Terraform
AzDevCom2021 - Bicep vs Terraform
Philip Welz
 
How to Prevent Your Kubernetes Cluster From Being Hacked
How to Prevent Your Kubernetes Cluster From Being HackedHow to Prevent Your Kubernetes Cluster From Being Hacked
How to Prevent Your Kubernetes Cluster From Being Hacked
Nico Meisenzahl
 

Mais conteĂşdo relacionado

Mais procurados

Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Y...
Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Y...Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Y...
Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Y...
Nico Meisenzahl
 
GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure ...
GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure ...GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure ...
GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure ...
Nico Meisenzahl
 
Was ist ein Service Mesh und wie funktioniert es?
Was ist ein Service Mesh und wie funktioniert es?Was ist ein Service Mesh und wie funktioniert es?
Was ist ein Service Mesh und wie funktioniert es?
Cloud Native Rosenheim Meetup
 
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
Nico Meisenzahl
 
DevOps Gathering - How Containerized Pipelines Can Boost Your CI/CD
DevOps Gathering - How Containerized Pipelines Can Boost Your CI/CDDevOps Gathering - How Containerized Pipelines Can Boost Your CI/CD
DevOps Gathering - How Containerized Pipelines Can Boost Your CI/CD
Nico Meisenzahl
 
DevOpsCon London: How containerized Pipelines can boost your CI/CD
DevOpsCon London: How containerized Pipelines can boost your CI/CDDevOpsCon London: How containerized Pipelines can boost your CI/CD
DevOpsCon London: How containerized Pipelines can boost your CI/CD
Nico Meisenzahl
 

Mais procurados (20)

Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!
Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!
Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!
 
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a WalkthroughHijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a Walkthrough
 
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
 
Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Y...
Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Y...Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Y...
Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Y...
 
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CDGitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
 
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
 
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a WalkthroughHijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a Walkthrough
 
FestiveTechCalendar2021 - Have Yourself An​ Azure Container Registry
FestiveTechCalendar2021 - Have Yourself An​ Azure Container RegistryFestiveTechCalendar2021 - Have Yourself An​ Azure Container Registry
FestiveTechCalendar2021 - Have Yourself An​ Azure Container Registry
 
Enhance Your Kubernetes CI/CD Pipelines With GitLab & Open Source
Enhance Your Kubernetes CI/CD Pipelines With GitLab & Open SourceEnhance Your Kubernetes CI/CD Pipelines With GitLab & Open Source
Enhance Your Kubernetes CI/CD Pipelines With GitLab & Open Source
 
Policy & Governance fĂźr Kubernetes
Policy & Governance fĂźr KubernetesPolicy & Governance fĂźr Kubernetes
Policy & Governance fĂźr Kubernetes
 
GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure ...
GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure ...GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure ...
GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure ...
 
The Future of Workflow Automation Is Now - Hassle-Free ARM Template Deploymen...
The Future of Workflow Automation Is Now - Hassle-Free ARM Template Deploymen...The Future of Workflow Automation Is Now - Hassle-Free ARM Template Deploymen...
The Future of Workflow Automation Is Now - Hassle-Free ARM Template Deploymen...
 
Was ist ein Service Mesh und wie funktioniert es?
Was ist ein Service Mesh und wie funktioniert es?Was ist ein Service Mesh und wie funktioniert es?
Was ist ein Service Mesh und wie funktioniert es?
 
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
 
Docker Rosenheim Meetup: Policy & Governance for Kubernetes
Docker Rosenheim Meetup: Policy & Governance for KubernetesDocker Rosenheim Meetup: Policy & Governance for Kubernetes
Docker Rosenheim Meetup: Policy & Governance for Kubernetes
 
Virtual Azure Community Day: Azure Kubernetes Service Basics
Virtual Azure Community Day: Azure Kubernetes Service BasicsVirtual Azure Community Day: Azure Kubernetes Service Basics
Virtual Azure Community Day: Azure Kubernetes Service Basics
 
DevOps Gathering - How Containerized Pipelines Can Boost Your CI/CD
DevOps Gathering - How Containerized Pipelines Can Boost Your CI/CDDevOps Gathering - How Containerized Pipelines Can Boost Your CI/CD
DevOps Gathering - How Containerized Pipelines Can Boost Your CI/CD
 
Global Azure Bootcamp: Container, Docker & Kubernetes Basics
Global Azure Bootcamp: Container, Docker & Kubernetes BasicsGlobal Azure Bootcamp: Container, Docker & Kubernetes Basics
Global Azure Bootcamp: Container, Docker & Kubernetes Basics
 
DevOpsCon London: How containerized Pipelines can boost your CI/CD
DevOpsCon London: How containerized Pipelines can boost your CI/CDDevOpsCon London: How containerized Pipelines can boost your CI/CD
DevOpsCon London: How containerized Pipelines can boost your CI/CD
 
Monitor Traefik with Prometheus
Monitor Traefik with PrometheusMonitor Traefik with Prometheus
Monitor Traefik with Prometheus
 

Semelhante a Azure Meetup Hamburg: Production-Ready Terraform Deployments on Azure

Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt das
Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt dasEffiziente CI/CD-Pipelines – mit den richtigen Tools klappt das
Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt das
Nico Meisenzahl
 
GitLab London Meetup: How Containerized Pipelines and Kubernetes Can Boost Yo...
GitLab London Meetup: How Containerized Pipelines and Kubernetes Can Boost Yo...GitLab London Meetup: How Containerized Pipelines and Kubernetes Can Boost Yo...
GitLab London Meetup: How Containerized Pipelines and Kubernetes Can Boost Yo...
Nico Meisenzahl
 
Continuous Deployment into the Unknown with Artifactory, Bintray, Docker and ...
Continuous Deployment into the Unknown with Artifactory, Bintray, Docker and ...Continuous Deployment into the Unknown with Artifactory, Bintray, Docker and ...
Continuous Deployment into the Unknown with Artifactory, Bintray, Docker and ...
Gilad Garon
 
Hitchhiker's guide to Cloud-Native Build Pipelines and Infrastructure as Code
Hitchhiker's guide to Cloud-Native Build Pipelines and Infrastructure as CodeHitchhiker's guide to Cloud-Native Build Pipelines and Infrastructure as Code
Hitchhiker's guide to Cloud-Native Build Pipelines and Infrastructure as Code
Robert van MĂślken
 

Semelhante a Azure Meetup Hamburg: Production-Ready Terraform Deployments on Azure (20)

AzDevCom2021 - Bicep vs Terraform
AzDevCom2021 - Bicep vs TerraformAzDevCom2021 - Bicep vs Terraform
AzDevCom2021 - Bicep vs Terraform
 
How to Prevent Your Kubernetes Cluster From Being Hacked
How to Prevent Your Kubernetes Cluster From Being HackedHow to Prevent Your Kubernetes Cluster From Being Hacked
How to Prevent Your Kubernetes Cluster From Being Hacked
 
KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being Hacked
KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being HackedKCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being Hacked
KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being Hacked
 
Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018
Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018
Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018
 
DevOps Training institute in Ameerpet
DevOps Training institute in AmeerpetDevOps Training institute in Ameerpet
DevOps Training institute in Ameerpet
 
Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt das
Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt dasEffiziente CI/CD-Pipelines – mit den richtigen Tools klappt das
Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt das
 
Container Days: Hijack a Kubernetes Cluster - a Walkthrough
Container Days: Hijack a Kubernetes Cluster - a WalkthroughContainer Days: Hijack a Kubernetes Cluster - a Walkthrough
Container Days: Hijack a Kubernetes Cluster - a Walkthrough
 
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a WalkthroughHijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a Walkthrough
 
20150425 experimenting with openstack sahara on docker
20150425 experimenting with openstack sahara on docker20150425 experimenting with openstack sahara on docker
20150425 experimenting with openstack sahara on docker
 
Head in the clouds
Head in the cloudsHead in the clouds
Head in the clouds
 
Terraform vs Pulumi
Terraform vs PulumiTerraform vs Pulumi
Terraform vs Pulumi
 
GitLab London Meetup: How Containerized Pipelines and Kubernetes Can Boost Yo...
GitLab London Meetup: How Containerized Pipelines and Kubernetes Can Boost Yo...GitLab London Meetup: How Containerized Pipelines and Kubernetes Can Boost Yo...
GitLab London Meetup: How Containerized Pipelines and Kubernetes Can Boost Yo...
 
Containers and Microservices for Realists
Containers and Microservices for RealistsContainers and Microservices for Realists
Containers and Microservices for Realists
 
Containers and microservices for realists
Containers and microservices for realistsContainers and microservices for realists
Containers and microservices for realists
 
Continuous Deployment into the Unknown with Artifactory, Bintray, Docker and ...
Continuous Deployment into the Unknown with Artifactory, Bintray, Docker and ...Continuous Deployment into the Unknown with Artifactory, Bintray, Docker and ...
Continuous Deployment into the Unknown with Artifactory, Bintray, Docker and ...
 
Hitchhiker's guide to Cloud-Native Build Pipelines and Infrastructure as Code
Hitchhiker's guide to Cloud-Native Build Pipelines and Infrastructure as CodeHitchhiker's guide to Cloud-Native Build Pipelines and Infrastructure as Code
Hitchhiker's guide to Cloud-Native Build Pipelines and Infrastructure as Code
 
habitat at docker bud
habitat at docker budhabitat at docker bud
habitat at docker bud
 
DevOpsDays 2018 - Migrating a Cloud Native App to k8s
DevOpsDays 2018 - Migrating a Cloud Native App to k8sDevOpsDays 2018 - Migrating a Cloud Native App to k8s
DevOpsDays 2018 - Migrating a Cloud Native App to k8s
 
DevOps for Databricks
DevOps for DatabricksDevOps for Databricks
DevOps for Databricks
 
DockerCon 15 Keynote - Day 2
DockerCon 15 Keynote - Day 2DockerCon 15 Keynote - Day 2
DockerCon 15 Keynote - Day 2
 

Mais de Nico Meisenzahl

Cloud-Native & Sustainability: How and Why to Build Sustainable Workloads
Cloud-Native & Sustainability: How and Why to Build Sustainable WorkloadsCloud-Native & Sustainability: How and Why to Build Sustainable Workloads
Cloud-Native & Sustainability: How and Why to Build Sustainable Workloads
Nico Meisenzahl
 
Festive Tech Calendar: Festive time with AKS networking
Festive Tech Calendar: Festive time with AKS networkingFestive Tech Calendar: Festive time with AKS networking
Festive Tech Calendar: Festive time with AKS networking
Nico Meisenzahl
 
ContainerConf 2022: Hijack Kubernetes
ContainerConf 2022: Hijack KubernetesContainerConf 2022: Hijack Kubernetes
ContainerConf 2022: Hijack Kubernetes
Nico Meisenzahl
 
ContainerConf 2022: Kubernetes is awesome - but...
ContainerConf 2022: Kubernetes is awesome - but...ContainerConf 2022: Kubernetes is awesome - but...
ContainerConf 2022: Kubernetes is awesome - but...
Nico Meisenzahl
 
Azure Service Operator - Provision Your Resources in a Cloud-Native Way
Azure Service Operator - Provision Your Resources in a Cloud-Native WayAzure Service Operator - Provision Your Resources in a Cloud-Native Way
Azure Service Operator - Provision Your Resources in a Cloud-Native Way
Nico Meisenzahl
 

Mais de Nico Meisenzahl (9)

Cloud-Native & Sustainability: How and Why to Build Sustainable Workloads
Cloud-Native & Sustainability: How and Why to Build Sustainable WorkloadsCloud-Native & Sustainability: How and Why to Build Sustainable Workloads
Cloud-Native & Sustainability: How and Why to Build Sustainable Workloads
 
Container Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked
Container Day Security: How to Prevent Your Kubernetes Cluster From Being HackedContainer Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked
Container Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked
 
Festive Tech Calendar: Festive time with AKS networking
Festive Tech Calendar: Festive time with AKS networkingFestive Tech Calendar: Festive time with AKS networking
Festive Tech Calendar: Festive time with AKS networking
 
ContainerConf 2022: Hijack Kubernetes
ContainerConf 2022: Hijack KubernetesContainerConf 2022: Hijack Kubernetes
ContainerConf 2022: Hijack Kubernetes
 
ContainerConf 2022: Kubernetes is awesome - but...
ContainerConf 2022: Kubernetes is awesome - but...ContainerConf 2022: Kubernetes is awesome - but...
ContainerConf 2022: Kubernetes is awesome - but...
 
KCD Munich 2022: Hijack a Kubernetes Cluster - a Walkthrough
KCD Munich 2022: Hijack a Kubernetes Cluster - a WalkthroughKCD Munich 2022: Hijack a Kubernetes Cluster - a Walkthrough
KCD Munich 2022: Hijack a Kubernetes Cluster - a Walkthrough
 
Cloud Love Conference: Kubernetes is awesome, but...
Cloud Love Conference: Kubernetes is awesome, but...Cloud Love Conference: Kubernetes is awesome, but...
Cloud Love Conference: Kubernetes is awesome, but...
 
Microsoft DevOps Forum 2021 – DevOps & Security
Microsoft DevOps Forum 2021 – DevOps & Security Microsoft DevOps Forum 2021 – DevOps & Security
Microsoft DevOps Forum 2021 – DevOps & Security
 
Azure Service Operator - Provision Your Resources in a Cloud-Native Way
Azure Service Operator - Provision Your Resources in a Cloud-Native WayAzure Service Operator - Provision Your Resources in a Cloud-Native Way
Azure Service Operator - Provision Your Resources in a Cloud-Native Way
 

Último

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
Christopher Logan Kennedy
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Último (20)

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 

Azure Meetup Hamburg: Production-Ready Terraform Deployments on Azure

  • 1. Production-Ready Terraform Deployments on Azure Azure Meetup Hamburg, July 2021
  • 2. Nico Meisenzahl • Senior Cloud & DevOps Consultant at white duck • Microsoft MVP, Docker Community Leader & GitLab Hero • Container, Kubernetes, Cloud-Native & DevOps Š white duck GmbH 2021 Phone: +49 8031 230159 0 Email: nico.meisenzahl@whiteduck.de Twitter: @nmeisenzahl LinkedIn: https://www.linkedin.com/in/nicomeisenzahl Blog: https://meisenzahl.org
  • 3. Agenda • What is Infrastructure as Code and why do we need it? • Get started with Terraform • Demo: Terraform on Azure Š white duck GmbH 2021
  • 4. What is Infrastructure as Code? Infrastructure as Code (IaC) is the management and provisioning of infrastructure through code rather than manual processes. Š white duck GmbH 2021
  • 5. Infrastructure as Code is… • version controlled through Git • automated through CI/CD • reusable • self-documented • declarative Š white duck GmbH 2021
  • 6. Declarative vs imperative Š white duck GmbH 2021
  • 7. Why do we need IaC? • to prevent configuration drift • to recover quickly (rollback, restore) • to reproduce errors & test our infrastructure • to reduce costs & time-to-market Š white duck GmbH 2021
  • 8. Infrastructure vs. configuration • infrastructure orchestration is used to provision & manage immutable infrastructure like Cloud resources • e.g. provisioning of a Resource Group containing a Function App • with Terraform, ARM Templates, Pulumi, AWS CloudFormation, … • configuration management can be used to configure/maintain mutable resources • e.g. installing or configuring something within a Virtual Machine • With Ansible, Chef, Puppet, Saltstack, … Š white duck GmbH 2021
  • 9. What is Terraform? Terraform is an Infrastructure as Code tool that provides a consistent CLI workflow to manage hundreds of cloud services. Terraform codifies cloud APIs into declarative configuration files. Š white duck GmbH 2021
  • 10. What is Terraform? • contains of • a CLI • a domain specific language (DSL) • supports hundreds of cloud services • extendable and therefore flexible • is not a configuration tool • introduced and open-sourced by Hashicorp • is defacto the tool of choice Š white duck GmbH 2021
  • 11. Terraform Providers • Terraform relies on plugins called "providers" to interact with Cloud resources • Resource types are implemented by a provider • Terraform itself cannot manage any resources • are provided by • Hashicorp (official flag) • Cloud Providers and Third-Party (verified flag) • open-source community (community flag) • yourself J Š white duck GmbH 2021
  • 12. Terraform Modules • are “containers” for multiple resources that are used together • are the main way to package and reuse resource configurations • are stored locally (subfolder) or can be shared/published Š white duck GmbH 2021
  • 14. Hashicorp Configuration Language - HCL • a DSL (domain specific language) used to describe resources • there is also the Cloud Development Kit (CDK) • supports TypeScript, Python, Java, C#, Golang • early-stage project • https://github.com/hashicorp/terraform-cdk Š white duck GmbH 2021
  • 15. HCL sample Š white duck GmbH 2021
  • 17. Terraform State • is used to map “real world” resources to your configuration • code Ă  state ß real world • stores Terraform-managed resources • contains all infrastructure and metadata • incl. secrets! • local by default but should be stored remote backend • Terraform Cloud • Azure Storage Account • AWS, GCP, GitLab, … • … Š white duck GmbH 2021
  • 18. Terraform CLI Š white duck GmbH 2021
  • 20. Production-ready workflow (PR) Š white duck GmbH 2021
  • 21. Terraform sample project structure Š white duck GmbH 2021
  • 22. Generic Providers • Template Provider • allows injecting variables into config files • https://registry.terraform.io/providers/hashicorp/template/latest • Random Provider • generates random strings, id, integer, passwords • https://registry.terraform.io/providers/hashicorp/random/latest • TLS Provider • used to generate keys and certificates • https://registry.terraform.io/providers/hashicorp/tls/latest • Null Provider • advanced - helps orchestrate tricky behavior or work arounds • https://registry.terraform.io/providers/hashicorp/null/latest Š white duck GmbH 2021
  • 23. Terraform providers for Azure • Azure RM provider • https://registry.terraform.io/providers/hashicorp/azurerm/latest • Azure AAD provider • https://registry.terraform.io/providers/hashicorp/azuread/latest • Azure Stack provider • https://registry.terraform.io/providers/hashicorp/azurestack/latest • Azure DevOps provider • https://registry.terraform.io/providers/microsoft/azuredevops/latest • GitHub provider • https://registry.terraform.io/providers/integrations/github/latest Š white duck GmbH 2021
  • 24. Generic resources • Data resource • used to retrieve meta data from unmanaged resources • Remote state resource • used to retrieve meta data from “other” projects • https://registry.terraform.io/providers/hashicorp/terraform/latest/ docs/data-sources/remote_state Š white duck GmbH 2021
  • 25. Variables • input variables • serves as parameters for a module or project • output variables • child module can use outputs to expose resource attributes • print certain values in the CLI for further usage • local variables • are a convenience feature for assigning a short name to any expression Š white duck GmbH 2021
  • 26. Meta arguments & functions • Terraform supports meta arguments like • count, for_each • depends_on, lifecycle • and a variety of functions like • numeric, string, encoding, hash, crypto, … • https://www.terraform.io/docs/language/functions/index.html Š white duck GmbH 2021
  • 27. Provisioners • should only be used as a last option • are not declarative! • Terraform supports • file • local_exec • remote_exec • https://www.terraform.io/docs/language/resources/provisioners/i ndex.html Š white duck GmbH 2021
  • 28. Environment stages in Terraform • build one project for all stages (DEV, QS/QA, PROD, …) • build it customizable via variables • repositories vs branches • state management via • Terraform “Workspaces” • uses one backend with multiple states • not supported by all backends • customizable backends • different Backend configurations • inject backend details via CLI/Shell Š white duck GmbH 2021
  • 29. Terraform vs ARM Templates • Terraform • extendable and therefore flexible • multi-cloud • requires some work to run it production-ready (CI/CD, state) • also supports ARM templates for advanced use-cases • ARM Templates • first-class support on Azure (but also limited to Azure) • “only” Azure resources, no Azure AAD, etc. • easy start with Bicep (https://github.com/Azure/bicep) Š white duck GmbH 2021
  • 30. Demo: Terraform on Azure • scaffold a first Terraform project • provision some Azure resources Š white duck GmbH 2021
  • 31. Authentication with Azure RM / Azure AD • local Azure CLI • Service Principal with a Client Certificate • Service Principal with a Client Secret • Managed Identity Š white duck GmbH 2021
  • 32. Terraform scaffold for Azure • provisions • a service principal used to run Terraform on behalf • a Storage Container used to store the Terraform state file • a Key Vault containing all secrets to allow easy and secure access • https://github.com/whiteducksoftware/terraform-scaffold- for-azure Š white duck GmbH 2021
  • 33. Questions? Slides: https://www.slideshare.net/nmeisenzahl Nico Meisenzahl (Senior Cloud & DevOps Consultant) Phone: +49 8031 230159 0 Email: nico.meisenzahl@whiteduck.de Twitter: @nmeisenzahl LinkedIn: https://www.linkedin.com/in/nicomeisenzahl Blog: https://meisenzahl.org Š white duck GmbH 2021