INFRASTRUCTURE AS CODE WITH BICEP A Developer‘s Perspective

AGENDA ▪ Why should developers care about infrastructure? ▪ What is Infrastructure-as-Code? ▪ Infrastructure-as-Code with Bicep ▪ Demos – Let’s build a web app infrastructure and a vnet

ABOUT ME Daniel Lindemann Enthusiastic .NET developer and consultant with a strange love for optimising, automating and containerising applications. What I do: ▪ Microsoft Azure ▪ Cloud-native & Serverless architectures ▪ Container technologies ▪ DevOps - Dev at night, Ops by day E-Mail: [email protected] Web: https://www.dlindemann.de LinkedIn: https://linkedin.com/in/daniel-lindemann

Why should developers care about infrastructure?

WHY SHOULD DEVELOPERS CARE ABOUT INFRA? Application requirements ▪ Developers know best about the application requirements ▪ CPU, Memory, IOPS ▪ Prerequisites ▪ The infrastructure has a direct impact on an application ▪ Reliability ▪ Scalability ▪ User experience ▪ Developers can gain a broader understanding of the entire technology stack ▪ Enhance skills ▪ Contribute to a more collaborative and effective development environment

WHY SHOULD DEVELOPERS CARE ABOUT INFRA? Run an application Wall of Confusion Development ▪ Solve customer problems ▪ Quickly release new features ▪ Innovate new products ▪ Deploy frequently ▪ Roll out changes fast Operations ▪ Maximize uptime ▪ Minimize failures ▪ Meet compliance obligations ▪ Maintain security Focus: Speed & Change Focus: Stability

WHY SHOULD DEVELOPERS CARE ABOUT INFRA? DevOps Operations Development Who is responsible for the application infrastructure?

WHY SHOULD DEVELOPERS CARE ABOUT INFRA? The cloud changed everything ▪ Modern cloud applications are more complex ▪ Programming directly against the cloud ▪ It’s easy to set up a SQL Database for testing and development ▪ Serverless simplifies the process of building and deploying applications in the cloud ▪ Cloud-native is an application architecture goal nowadays ▪ Fault-tolerant and resilient ▪ Metrics and monitoring built in ▪ Scales elastically according to requirements ▪ Dynamic migration without service downtime or degradation

INFRASTRUCTURE Minimal Infrastructure for Web App designed by a developer App Service Plan App Service Key Vault Storage Account SQL Server SQL Database Log Analytics Workspace Application Insights

INFRASTRUCTURE Secure App Infrastructure – Ops Proof App Service Plan App Service Key Vault Storage Account SQL Server SQL Database Log Analytics Workspace Application Insights Private DNS Zone privatelink.vaultcore.azure.net Private DNS Zone privatelink.blob.core.windows.net Private DNS Zone privatelink.database.windows.net Network Security Group Private Endpoint Virtual Network Application Network - Spoke

INFRASTRUCTURE Integrated Secure App Infrastructure – Ops Proof App Service Plan App Service Key Vault Storage Account SQL Server SQL Database Log Analytics Workspace Application Insights Private DNS Zone privatelink.vaultcore.azure.net Private DNS Zone privatelink.blob.core.windows.net Private DNS Zone privatelink.database.windows.net Network Security Group Private Endpoint Virtual Network Virtual Network Application Network - Spoke Hub Network Azure Bastion Virtual Network Gateway VNET Peering VPN

What is Infrastructure-as-Code?

INFRASTRUCTURE-AS-CODE What is Infrastructure-as-Code? Infrastructure-as-code (IaC) is the practice of managing and provisioning computing infrastructure using machine-readable configuration files and scripts instead of manual processes.

INFRASTRUCTURE-AS-CODE Describe an infrastructure with code Imperative Approach Declarative Approach We need a new thing Orchestration Tool Scripts Target Platform Entities API 10’s to 100’s of API calls We need a new thing Orchestration Tool Target Platform Entities Target Platform takes care API “1” API call Data Payload with desired state instructions

INFRASTRUCTURE-AS-CODE Versioned and Transparent ▪ Code should be stored in VCS ▪ Allows Code Reviews ▪ Allows Pull Request ▪ Tracking changes of infrastructure configuration over time ▪ Allows collaboration ▪ Allows rollbacks in case of issues (depends on infrastucture changes) ▪ Ensuring consistency and reproducibility of infrastructure deployments

INFRASTRUCTURE-AS-CODE Documented ▪ Provides a clear and standardized way of communicating infrastructure configurations ▪ Enables stakeholders to understand the infrastructure and deployment process ▪ Allows to make informed decisions based on documented infrastructure ▪ Many tools allow to create diagrams out of declarative IaC configuration ▪ Easy onboarding for new team members ▪ Improve collaboration

INFRASTRUCTURE-AS-CODE Testable ▪ Allows teams to test the infrastructure ▪ Test for errors ▪ Test for changes to be made ▪ Tests can be automated ▪ Using CI/CD ▪ Integration Tests ▪ Ensures infrastructure is deployed and managed correctly ▪ Reduce errors and increase reliability and repeatability

INFRASTRUCTURE-AS-CODE Apply configuration ▪ Code can be executed multiple times ▪ Developers can create their own environments ▪ Easily test new parts within the full environment ▪ Execute automatically ▪ Using CI/CD pipelines ▪ During rollout process

INFRASTRUCTURE-AS-CODE Key Principles ▪ Idempotence ▪ Output environment has always the same state ▪ Running deployments more than once should not change anything ▪ Immutability ▪ Replacing infrastructure instead of manually changing it ▪ Prevents configuration drift

INFRASTRUCTURE-AS-CODE Problems solved by IaC ▪ Configuration Drift ▪ No difference between all deployed environments ▪ Healing and reducing of manual misconfiguration ▪ Reduction of human errors ▪ No requirement for big installation instructions ▪ No Infrastructure-by-clicking ▪ Experts can leave without loss of deployment knowledge

INFRASTRUCTURE-AS-CODE The cloud changed everything ▪ Scalability ▪ Provision and manage resources automatically is easy in the cloud ▪ Reduce the time and effort required to scale infrastructure ▪ Automation ▪ Cloud providers offer a rich set of APIs and tools for infrastructure automation that can be used by IaC to provision resources automatically ▪ Reducing the risk of errors and increase efficiency ▪ Consistency ▪ The cloud offers a consistent and standardized set of infrastructure resources ▪ Consistent infrastructure configurations across multiple environments

Infrastructure-as-Code with Bicep

INFRASTRUCTURE-AS-CODE IN AZURE ARM Templates ▪ JSON files ▪ Not type safe ▪ Referencing variables, parameters and resources as inline text ▪ ARM function calls as inline text ▪ Used by the Azure Resource Manager (ARM) to deploy and manage resources within Microsoft Azure

BICEP What is Bicep? ▪ Next generation of ARM templates ▪ DSL (Domain Specific Language) to deploy Azure resources ▪ Compiles to ARM templates & Decompiles ARM templates to Bicep ▪ Tooling via CLI ▪ Bicep CLI ▪ Integrated in Azure CLI and Azure PowerShell ▪ Simplifies authoring ▪ Cleaner syntax, easy to read, understand and write ▪ Improved type safety ▪ Better support for modularity and code re-use ▪ Looks like JSON with superpowers

BICEP Resource declaration Resource identifier Azure resource type with api version Main resource properties Resource type specific properties

BICEP Bicep vs ARM https://aka.ms/bicepdemo 60 Lines

Azure Resource Manager BICEP Create Azure resources Bicep Language ARM templates Compute Storage Network Database … bicep build az deployment create

Azure Resource Manager BICEP Create Azure resources Bicep Language Compute Storage Network Database … az deployment create

BICEP How to install bicep ▪ Use Azure CLI Integrated Bicep (recommended) ▪ Run az bicep ▪ Binaries and instructions for every environment ▪ Windows - Install the Azure CLI for Windows | Microsoft Learn ▪ Mac - Install the Azure CLI on macOS | Microsoft Learn ▪ Linux - Install the Azure CLI on Linux | Microsoft Learn ▪ Download the binary from Github - Azure/bicep: Bicep is a declarative language for describing and deploying Azure resources (github.com)

BICEP Development Experience ▪ Use Visual Studio Code or Visual Studio for development ▪ Extension for ▪ Visual Studio Code ▪ Visual Studio 2022 ▪ Intelli Sense / Autocomplete ▪ Validation

Deploy an app service with key vault and storage

BICEP Modules ▪ Split up resources into individual files ▪ Allows to re-use of deployment configurations ▪ Modules are referenced via file names ▪ Modules are sub-deployments and will be shown as individual deployment in Azure

BICEP Module Registry ▪ Modules can be stored in a module registry ▪ Allows to store enterprise-wide modules ▪ Stored modules can be referenced without copying modules to a new project ▪ Think of it like a nuget registry or container registry ▪ A module registry is based on an Azure Container Registry ▪ Modules can be tagged ▪ Container registry must be accessible during execution

Create VNETs via modules and bicep repository

BICEP Best practices ▪ Use camel case for naming parameters, variables and resources ▪ Use naming conventions for resources ▪ See Define your naming convention - Cloud Adoption Framework | Microsoft Learn ▪ Code structure ▪ Parameters ▪ Variables ▪ Resources ▪ Outputs ▪ Do not store credentials or other sensitive data in configuration files Learn best practices when developing Bicep files - Azure Resource Manager | Microsoft Learn

BICEP Roadmap Bicep is still evolving: ▪ Breaking changes can come with every new version ▪ Custom Types ▪ Kubernetes Provider (Bicep extensibility Kubernetes provider - Azure Resource Manager | Microsoft Learn) ▪ TDD ▪ Graph Integration (Azure AD) ▪ Deployment Stacks

QUESTIONS?

RESOURCES Links ▪ daniellindemann/entwickler.de-azure-day-2023-bicep: Bicep samples of the talk about Infrastructure-as- code at the entwickler.de Azure Day 2023 (github.com) ▪ Bicep documentation | Microsoft Learn ▪ Fundamentals of Bicep - Training | Microsoft Learn ▪ Bicep Playground

Nehmen Sie Kontakt mit uns auf. www.abtis.de +49 7231 4431 - 100 [email protected] abtis GmbH • Wilhelm-Becker-Straße 11b • 75179 Pforzheim © 2023 Alle Rechte vorbehalten. Dieses Dokument ist urheberrechtlich geschützt. Sämtliche Inhalte dienen der Dokumentation. Jede andere Nutzung, insbesondere die Weitergabe an Dritte, die Verbreitung oder die Bearbeitung, auch in Teilen, ist ohne schriftliche Einwilligung der abtis GmbH untersagt. Die verwendeten Firmen-, Marken- und Produktnamen und Warenzeichen sind eingetragene Markenzeichen oder Warenzeichen der jeweiligen Inhaber und werden hiermit anerkannt. Die abtis GmbH verfügt über mehr als 20 Jahre Erfahrung in der Planung und dem Betrieb von Microsoft Infrastrukturen und betreut bereits mehr als 100.000 Anwender:innen der Cloudplattformen Microsoft 365 und Azure. Ausgezeichnet als Microsoft Solutions Partner und MXDR Verified Partner mit 12 Advanced Specializations sind wir einer der wichtigsten Fokuspartner von Microsoft für den Mittelstand in Deutschland. Damit setzen wir ein starkes Zeichen als verlässlicher Partner und Vorreiter in der IT-Branche. Die abtis GmbH ist Teil der abtis Gruppe, die mit vier Tochterunternehmen und über 170 Mitarbeitenden ein fester Bestandteil der IT-Welt ist. Das Portfolio der abtis Gruppe umfasst die Kernthemen einer zukunftsorientierten IT: von Modern Workplace, über Datacenter, Security, Power Platform, Application Development, Industrial IoT, Adoption & Change Management bis hin zu Data & AI.