AzureBootcamp2022: Challenges with IaC and AppService by Matthias Junker & Christof Leuenberger

Transcript

1. Challenges with Infrastructure as Code and
   Azure App Service
   Azure Bootcamp – Bern Switzerland
   10. May 2022
   Matthias Junker & Christof Leuenberger
   

   View Slide

2. Christof Leuenberger
   Technology Architect & Product Owner
   Matthias Junker
   Software Architect & Developer
   

   View Slide

3. 8/8/2022 3
   Our team is building a platform for Mobiliar's
   hundreds of frontend apps on Azure. The large scale,
   enterprise setting and zero-downtime requirement led
   us to some unique challenges that we would like to
   share with you!
   

   View Slide

4. 1. Context
   2. Challenges & Solutions
   3. Looking forward
   4. Questions
   08.08.2022 4
   

   View Slide

5. Standard Disclaimer
   • These slides are intended for educational purposes only and for the personal use of the
   audience. They are not intended for wider distribution outside the intended purpose without
   presenter approval.
   • The views and opinions expressed in this presentation are those of the authors and do not
   necessarily reflect the official policy or position of die Mobiliar.
   • The material is distributed on as "as is" basis without any warranty either expressed or implied.
   08.08.2022 5
   

   View Slide

6. Context
   08.08.2022 6
   

   View Slide

7. die Mobiliar
   • is Switzerland's oldest insurance company, founded in
   1826
   • has over 6000 employees that serve over 2 mio.
   customers
   • develops most core insurance systems in-house
   • runs an extensive IT landscape on-premise and is making
   it's way into the Azure cloud
   08.08.2022 7
   

   View Slide

8. RWC Stack
   • We apply the micro service approach to the frontend as
   well as the backend
   • We manage around 175 Single Page Apps
   • Applications are based on a technology stack, solving
   common problems and making development more
   efficient and secure
   • Since our move to the cloud, we have been building a
   platform on top of Gitlab and Azure to build, deploy and
   host Single Page Apps
   • Running in production for > 1 year. Around 25% of all
   Single Page Apps run in the cloud.
   Tech Stack & Toolchain
   08.08.2022 8
   

   View Slide

9. Technology Stacks
   08/08/2022 9
   

   View Slide

10. Stack Rollout
    08/08/2022 10
    app1/.gitlab-ci.yml
    

    View Slide

11. Runtime View
    08/08/2022 11
    

    View Slide

12. Features – Conditional Access
    08/08/2022 12
    

    View Slide

13. Features – Conditional Access
    08/08/2022 13
    

    View Slide

14. Features – Zero Downtime (light) Deployments
    08/08/2022 14
    

    View Slide

15. Challenges
    08.08.2022 15
    

    View Slide

16. IaC with Terraform
    08.08.2022 16
    

    View Slide

17. IaC with Terraform
    08.08.2022 17
    

    View Slide

18. Terraform Example
    08.08.2022 18
    

    View Slide

19. Initial Approach
    • Single Terraform State
    • Use Terraform for:
    − Provisioning
    − Deploy
    − Destroy
    08.08.2022 19
    

    View Slide

20. Problems
    • Corrupted Terraform State: No way to recover
    − Terraform Provider upgrade
    − Cancelled deployment pipeline
    − Bugs in IaC library
    • Only destroy all-or-nothing possible
    • Downtime in case of problems
    • Teams cannot independently destroy/provision infrastructure
    • Manual process involved (Admin consent for App Registration)
    • External process for Certificates (DigiCert)
    • Pipeline duration
    08.08.2022 20
    

    View Slide

21. Considerations
    • Availability
    • Provisioning/Deployment duration
    • Autonomy: Teams can independently destroy/provision infrastructure
    • Simplicity/Ease of use
    • Complexity (Maintenance)
    08.08.2022 21
    

    View Slide

22. Challenges: IaC with Terraform
    08.08.2022 22
    • How can we recover from Terraform state corruption?
    • How can we ensure cleanup of resources when Terraform state is corrupt?
    • How can we improve handling of different lifecycles of resources?
    

    View Slide

23. Improved Approach
    • Two infrastructure layers:
    − Base Layer
    − App (Service) Layer
    • Resource Group per Layer
    • Destroy using Azure CLI
    − Scripted but can be made more robust
    • Layers can be provisioned/destroyed independently
    08.08.2022 23
    

    View Slide

24. Terraform Layers
    08/08/2022 24
    

    View Slide

25. Change Frequency
    08/08/2022 25
    

    View Slide

26. Migration Constraints
    • Many SPAs already in Production
    • Destroy (Downtime) not an option
    • Automated (no manual steps)
    08.08.2022 26
    

    View Slide

27. Migration Path
    08.08.2022 27
    X
    X
    X
    X
    

    View Slide

28. Migration Path
    08.08.2022 28
    X
    X
    X
    X
    Base Layer
    

    View Slide

29. Refactor Terraform State
    • Terraform stores module paths in state
    • Move blocks
    • Remove moved blocks once everyone migrated
    08.08.2022 29
    

    View Slide

30. Looking ahead
    08.08.2022 30
    

    View Slide

31. Separating Deployment by Layer
    08.08.2022 31
    

    View Slide

32. Real Zero Downtime
    08.08.2022 32
    

    View Slide

33. We're hiring!
    • Azure Cloud Engineer
    • System Engineer Cloud Basic Services
    • IT Architect
    • Cloud DB Specialist
    • Security Architect
    • System Engineer Monitoring
    • Java Developers
    and more: jobs.mobiliar.ch/Jobs/All
    08.08.2022 33
    

    View Slide

34. Questions?
    08.08.2022 34
    

    View Slide

35. View Slide