AzureBootcamp2022: Challenges with IaC and AppService by Matthias Junker & Christof Leuenberger

Transcript

1. Challenges with Infrastructure as Code and Azure App Service Azure

   Bootcamp – Bern Switzerland 10. May 2022 Matthias Junker & Christof Leuenberger

2. Christof Leuenberger Technology Architect & Product Owner Matthias Junker Software

   Architect & Developer

3. 8/8/2022 3 Our team is building a platform for Mobiliar's

   hundreds of frontend apps on Azure. The large scale, enterprise setting and zero-downtime requirement led us to some unique challenges that we would like to share with you!

4. 1. Context 2. Challenges & Solutions 3. Looking forward 4.

   Questions 08.08.2022 4

5. Standard Disclaimer • These slides are intended for educational purposes

   only and for the personal use of the audience. They are not intended for wider distribution outside the intended purpose without presenter approval. • The views and opinions expressed in this presentation are those of the authors and do not necessarily reflect the official policy or position of die Mobiliar. • The material is distributed on as "as is" basis without any warranty either expressed or implied. 08.08.2022 5

6. Context 08.08.2022 6

7. die Mobiliar • is Switzerland's oldest insurance company, founded in

   1826 • has over 6000 employees that serve over 2 mio. customers • develops most core insurance systems in-house • runs an extensive IT landscape on-premise and is making it's way into the Azure cloud 08.08.2022 7

8. RWC Stack • We apply the micro service approach to

   the frontend as well as the backend • We manage around 175 Single Page Apps • Applications are based on a technology stack, solving common problems and making development more efficient and secure • Since our move to the cloud, we have been building a platform on top of Gitlab and Azure to build, deploy and host Single Page Apps • Running in production for > 1 year. Around 25% of all Single Page Apps run in the cloud. Tech Stack & Toolchain 08.08.2022 8

9. Technology Stacks 08/08/2022 9

10. Stack Rollout 08/08/2022 10 app1/.gitlab-ci.yml

11. Runtime View 08/08/2022 11

12. Features – Conditional Access 08/08/2022 12

13. Features – Conditional Access 08/08/2022 13

14. Features – Zero Downtime (light) Deployments 08/08/2022 14

15. Challenges 08.08.2022 15

16. IaC with Terraform 08.08.2022 16

17. IaC with Terraform 08.08.2022 17

18. Terraform Example 08.08.2022 18

19. Initial Approach • Single Terraform State • Use Terraform for:

    − Provisioning − Deploy − Destroy 08.08.2022 19

20. Problems • Corrupted Terraform State: No way to recover −

    Terraform Provider upgrade − Cancelled deployment pipeline − Bugs in IaC library • Only destroy all-or-nothing possible • Downtime in case of problems • Teams cannot independently destroy/provision infrastructure • Manual process involved (Admin consent for App Registration) • External process for Certificates (DigiCert) • Pipeline duration 08.08.2022 20

21. Considerations • Availability • Provisioning/Deployment duration • Autonomy: Teams can

    independently destroy/provision infrastructure • Simplicity/Ease of use • Complexity (Maintenance) 08.08.2022 21

22. Challenges: IaC with Terraform 08.08.2022 22 • How can we

    recover from Terraform state corruption? • How can we ensure cleanup of resources when Terraform state is corrupt? • How can we improve handling of different lifecycles of resources?

23. Improved Approach • Two infrastructure layers: − Base Layer −

    App (Service) Layer • Resource Group per Layer • Destroy using Azure CLI − Scripted but can be made more robust • Layers can be provisioned/destroyed independently 08.08.2022 23

24. Terraform Layers 08/08/2022 24

25. Change Frequency 08/08/2022 25

26. Migration Constraints • Many SPAs already in Production • Destroy

    (Downtime) not an option • Automated (no manual steps) 08.08.2022 26

27. Migration Path 08.08.2022 27 X X X X

28. Migration Path 08.08.2022 28 X X X X Base Layer

29. Refactor Terraform State • Terraform stores module paths in state

    • Move blocks • Remove moved blocks once everyone migrated 08.08.2022 29

30. Looking ahead 08.08.2022 30

31. Separating Deployment by Layer 08.08.2022 31

32. Real Zero Downtime 08.08.2022 32

33. We're hiring! • Azure Cloud Engineer • System Engineer Cloud

    Basic Services • IT Architect • Cloud DB Specialist • Security Architect • System Engineer Monitoring • Java Developers and more: jobs.mobiliar.ch/Jobs/All 08.08.2022 33

34. Questions? 08.08.2022 34

35. None