Infrastructure-as-Code with Bicep - A Developer's Perspective - Basta Spring 2024

Transcript

1. INFRASTRUCTURE AS CODE WITH BICEP A Developer‘s Perspective

2. AGENDA ▪ Why should developers care about infrastructure? ▪ What

   is Infrastructure-as-Code? ▪ Infrastructure-as-Code with Bicep ▪ Demos – Let’s build a web app infrastructure and a vnet

3. ABOUT ME Daniel Lindemann Enthusiastic .NET developer and consultant with

   a strange love for optimising, automating and containerising applications. What I do: ▪ Microsoft Azure ▪ Cloud-native & Serverless architectures ▪ Container technologies ▪ DevOps - Dev at night, Ops by day E-Mail: [email protected] Web: https://www.dlindemann.de LinkedIn: https://linkedin.com/in/daniel-lindemann

4. Why should developers care about infrastructure?

5. WHY SHOULD DEVELOPERS CARE ABOUT INFRA? Application requirements ▪ Developers

   know best about the application requirements ▪ CPU, Memory, IOPS ▪ Prerequisites ▪ The infrastructure has a direct impact on an application ▪ Reliability ▪ Scalability ▪ User experience ▪ Developers can gain a broader understanding of the entire technology stack ▪ Enhance skills ▪ Contribute to a more collaborative and effective development environment

6. WHY SHOULD DEVELOPERS CARE ABOUT INFRA? Run an application Wall

   of Confusion Development ▪ Solve customer problems ▪ Quickly release new features ▪ Innovate new products ▪ Deploy frequently ▪ Roll out changes fast Operations ▪ Maximize uptime ▪ Minimize failures ▪ Meet compliance obligations ▪ Maintain security Focus: Speed & Change Focus: Stability

7. WHY SHOULD DEVELOPERS CARE ABOUT INFRA? DevOps Operations Development Who

   is responsible for the application infrastructure?

8. WHY SHOULD DEVELOPERS CARE ABOUT INFRA? The cloud changed everything

   ▪ Modern cloud applications are more complex ▪ Programming directly against the cloud ▪ It’s easy to set up a SQL Database for testing and development ▪ Serverless simplifies the process of building and deploying applications in the cloud ▪ Cloud-native is an application architecture goal nowadays ▪ Fault-tolerant and resilient ▪ Metrics and monitoring built in ▪ Scales elastically according to requirements ▪ Dynamic migration without service downtime or degradation

9. INFRASTRUCTURE Minimal Infrastructure for Web App designed by a developer

   App Service Plan App Service Key Vault Storage Account SQL Server SQL Database Log Analytics Workspace Application Insights

10. INFRASTRUCTURE Secure App Infrastructure – Ops Proof App Service Plan

    App Service Key Vault Storage Account SQL Server SQL Database Log Analytics Workspace Application Insights Private DNS Zone privatelink.vaultcore.azure.net Private DNS Zone privatelink.blob.core.windows.net Private DNS Zone privatelink.database.windows.net Network Security Group Private Endpoint Virtual Network Application Network - Spoke

11. INFRASTRUCTURE Integrated Secure App Infrastructure – Ops Proof App Service

    Plan App Service Key Vault Storage Account SQL Server SQL Database Log Analytics Workspace Application Insights Private DNS Zone privatelink.vaultcore.azure.net Private DNS Zone privatelink.blob.core.windows.net Private DNS Zone privatelink.database.windows.net Network Security Group Private Endpoint Virtual Network Virtual Network Application Network - Spoke Hub Network Azure Bastion Virtual Network Gateway VNET Peering VPN

12. What is Infrastructure-as-Code?

13. INFRASTRUCTURE-AS-CODE What is Infrastructure-as-Code? Infrastructure-as-code (IaC) is the practice of

    managing and provisioning computing infrastructure using machine-readable configuration files and scripts instead of manual processes.

14. INFRASTRUCTURE-AS-CODE Describe an infrastructure with code Imperative Approach Declarative Approach

    We need a new thing Orchestration Tool Scripts Target Platform Entities API 10’s to 100’s of API calls We need a new thing Orchestration Tool Target Platform Entities Target Platform takes care API “1” API call Data Payload with desired state instructions

15. INFRASTRUCTURE-AS-CODE Versioned and Transparent ▪ Code should be stored in

    VCS ▪ Allows Code Reviews ▪ Allows Pull Request ▪ Tracking changes of infrastructure configuration over time ▪ Allows collaboration ▪ Allows rollbacks in case of issues (depends on infrastucture changes) ▪ Ensuring consistency and reproducibility of infrastructure deployments

16. INFRASTRUCTURE-AS-CODE Documented ▪ Provides a clear and standardized way of

    communicating infrastructure configurations ▪ Enables stakeholders to understand the infrastructure and deployment process ▪ Allows to make informed decisions based on documented infrastructure ▪ Many tools allow to create diagrams out of declarative IaC configuration ▪ Easy onboarding for new team members ▪ Improve collaboration

17. INFRASTRUCTURE-AS-CODE Testable ▪ Allows teams to test the infrastructure ▪

    Test for errors ▪ Test for changes to be made ▪ Tests can be automated ▪ Using CI/CD ▪ Integration Tests ▪ Ensures infrastructure is deployed and managed correctly ▪ Reduce errors and increase reliability and repeatability

18. INFRASTRUCTURE-AS-CODE Apply configuration ▪ Code can be executed multiple times

    ▪ Developers can create their own environments ▪ Easily test new parts within the full environment ▪ Execute automatically ▪ Using CI/CD pipelines ▪ During rollout process

19. INFRASTRUCTURE-AS-CODE Key Principles ▪ Idempotence ▪ Output environment has always

    the same state ▪ Running deployments more than once should not change anything ▪ Immutability ▪ Replacing infrastructure instead of manually changing it ▪ Prevents configuration drift

20. INFRASTRUCTURE-AS-CODE Problems solved by IaC ▪ Configuration Drift ▪ No

    difference between all deployed environments ▪ Healing and reducing of manual misconfiguration ▪ Reduction of human errors ▪ No requirement for big installation instructions ▪ No Infrastructure-by-clicking ▪ Experts can leave without loss of deployment knowledge

21. INFRASTRUCTURE-AS-CODE The cloud changed everything ▪ Scalability ▪ Provision and

    manage resources automatically is easy in the cloud ▪ Reduce the time and effort required to scale infrastructure ▪ Automation ▪ Cloud providers offer a rich set of APIs and tools for infrastructure automation that can be used by IaC to provision resources automatically ▪ Reducing the risk of errors and increase efficiency ▪ Consistency ▪ The cloud offers a consistent and standardized set of infrastructure resources ▪ Consistent infrastructure configurations across multiple environments

22. Infrastructure-as-Code with Bicep

23. INFRASTRUCTURE-AS-CODE IN AZURE ARM Templates ▪ JSON files ▪ Not

    type safe ▪ Referencing variables, parameters and resources as inline text ▪ ARM function calls as inline text ▪ Used by the Azure Resource Manager (ARM) to deploy and manage resources within Microsoft Azure

24. BICEP What is Bicep? ▪ Next generation of ARM templates

    ▪ DSL (Domain Specific Language) to deploy Azure resources ▪ Compiles to ARM templates & Decompiles ARM templates to Bicep ▪ Tooling via CLI ▪ Bicep CLI ▪ Integrated in Azure CLI and Azure PowerShell ▪ Simplifies authoring ▪ Cleaner syntax, easy to read, understand and write ▪ Improved type safety ▪ Better support for modularity and code re-use ▪ Looks like JSON with superpowers

25. BICEP Resource declaration Resource identifier Azure resource type with api

    version Main resource properties Resource type specific properties

26. BICEP Bicep vs ARM https://aka.ms/bicepdemo 60 Lines

27. Azure Resource Manager BICEP Create Azure resources Bicep Language ARM

    templates Compute Storage Network Database … bicep build az deployment create

28. Azure Resource Manager BICEP Create Azure resources Bicep Language Compute

    Storage Network Database … az deployment create

29. BICEP How to install bicep ▪ Use Azure CLI Integrated

    Bicep (recommended) ▪ Run az bicep ▪ Binaries and instructions for every environment ▪ Windows - Install the Azure CLI for Windows | Microsoft Learn ▪ Mac - Install the Azure CLI on macOS | Microsoft Learn ▪ Linux - Install the Azure CLI on Linux | Microsoft Learn ▪ Download the binary from Github - Azure/bicep: Bicep is a declarative language for describing and deploying Azure resources (github.com)

30. BICEP Development Experience ▪ Use Visual Studio Code or Visual

    Studio for development ▪ Extension for ▪ Visual Studio Code ▪ Visual Studio 2022 ▪ Intelli Sense / Autocomplete ▪ Validation

31. Deploy an app service with key vault and storage

32. BICEP Modules ▪ Split up resources into individual files ▪

    Allows to re-use of deployment configurations ▪ Modules are referenced via file names ▪ Modules are sub-deployments and will be shown as individual deployment in Azure

33. BICEP Module Registry ▪ Modules can be stored in a

    module registry ▪ Allows to store enterprise-wide modules ▪ Stored modules can be referenced without copying modules to a new project ▪ Think of it like a nuget registry or container registry ▪ A module registry is based on an Azure Container Registry ▪ Modules can be tagged ▪ Container registry must be accessible during execution

34. Create VNETs via modules and bicep repository

35. BICEP Best practices ▪ Use camel case for naming parameters,

    variables and resources ▪ Use naming conventions for resources ▪ See Define your naming convention - Cloud Adoption Framework | Microsoft Learn ▪ Code structure ▪ Parameters ▪ Variables ▪ Resources ▪ Outputs ▪ Do not store credentials or other sensitive data in configuration files Learn best practices when developing Bicep files - Azure Resource Manager | Microsoft Learn

36. BICEP Roadmap Bicep is still evolving: ▪ Breaking changes can

    come with every new version ▪ Custom Types ▪ Kubernetes Provider (Bicep extensibility Kubernetes provider - Azure Resource Manager | Microsoft Learn) ▪ TDD ▪ Graph Integration (Azure AD) ▪ Deployment Stacks

37. QUESTIONS?

38. RESOURCES Links ▪ daniellindemann/entwickler.de-azure-day-2023-bicep: Bicep samples of the talk about

    Infrastructure-as- code at the entwickler.de Azure Day 2023 (github.com) ▪ Bicep documentation | Microsoft Learn ▪ Fundamentals of Bicep - Training | Microsoft Learn ▪ Bicep Playground

39. Nehmen Sie Kontakt mit uns auf. www.abtis.de +49 7231 4431

    - 100 [email protected] abtis GmbH • Wilhelm-Becker-Straße 11b • 75179 Pforzheim © 2023 Alle Rechte vorbehalten. Dieses Dokument ist urheberrechtlich geschützt. Sämtliche Inhalte dienen der Dokumentation. Jede andere Nutzung, insbesondere die Weitergabe an Dritte, die Verbreitung oder die Bearbeitung, auch in Teilen, ist ohne schriftliche Einwilligung der abtis GmbH untersagt. Die verwendeten Firmen-, Marken- und Produktnamen und Warenzeichen sind eingetragene Markenzeichen oder Warenzeichen der jeweiligen Inhaber und werden hiermit anerkannt. Die abtis GmbH verfügt über mehr als 20 Jahre Erfahrung in der Planung und dem Betrieb von Microsoft Infrastrukturen und betreut bereits mehr als 100.000 Anwender:innen der Cloudplattformen Microsoft 365 und Azure. Ausgezeichnet als Microsoft Solutions Partner und MXDR Verified Partner mit 12 Advanced Specializations sind wir einer der wichtigsten Fokuspartner von Microsoft für den Mittelstand in Deutschland. Damit setzen wir ein starkes Zeichen als verlässlicher Partner und Vorreiter in der IT-Branche. Die abtis GmbH ist Teil der abtis Gruppe, die mit vier Tochterunternehmen und über 170 Mitarbeitenden ein fester Bestandteil der IT-Welt ist. Das Portfolio der abtis Gruppe umfasst die Kernthemen einer zukunftsorientierten IT: von Modern Workplace, über Datacenter, Security, Power Platform, Application Development, Industrial IoT, Adoption & Change Management bis hin zu Data & AI.