Yes, one can simply terraform their app to azure, easily
1. Yes.
One can simply “Terraform” their App to Azure.
Easily.
Omer Barel
DevOps Architect & Tech Lead
omerb@codevalue.net
@omerbarel
https://about.me/omerbarel
http://codevalue.net
2. Agenda
Challenges with Infrastructure Deployments
Application Overview
The Developer Inner Loop
CI / CD Process Deep Dive
Security & Governance
What the future holds
2
3. About Me
Omer Barel
Husband to Naama
Father of Leo & Theo
Love Whiskey & Travelling
(preferably together! )
K8s & Terraform Advocate
@omerbarel
3
4. The challanges
4
How to do infrastructure CI /
CD? Securly?
How to deploy to
subscriptions we can’t
access?
How to version the
infrastrcuture?
How to reduce cloud costs?
5. 5
How to handle our infrastrucutre
the same way we handle our applicaion?
Infrastructure as Code
6. Technology Stack
6
GitHub
• (4) Microservices Repository
• Infrastructure Repository
Azure Build
Pipelines
• CI Per Microservice
• Infrastructure CI
Azure Release
Pipelines
Single Deployment
Pipeline
AKS Application
Infrastructure
Helm Charts Application
Deployment
13. Takeaways
13
Infrastructure as Code allows us to deploy our infrastrucutre using the same processes
and practices we use to deploy our application
Terraform has built in logic to implement those processes and practices
Azure DevOps
• - Enables scaling to complex scenarios with multiple environments & subscriptions
• - Provides a common workplace to govern & collaborate (PR approvals, code review, build & release visualization, etc.)
Azure Key Vault integration helps us secure the process and interface with IT & security
personnel
What’s the motivation to use terraform with azure devops?
Why not use ARM templates?
What’s the CI CD Logic that terraform provides? Plan > plan.out > release
Explain a bit about Azure services – Azure DevOps, AKS, KeyVault
Validate PR
Done before deployment to developer’s environment
Basic testing and validation in the build phase
More testing in the release phase
Deploy application and optionally add application level testing
Destroy everything to validate CI end-to-end
Terraform workspace == per-environment .tfvars file
Optional gates between environments (manual approval, etc.)
Same build as before, only done from MASTER branch with source tagging
CI per environment with different .tfvars file