Infrastructure as code using ARM Templates and Azure DevOps Pipelines

Introduction

Infrastructure as Code is a modern approach for automating the provisioning and deployment of IT resources. The idea is to use simple configuration files to define what IT resources we want to set up, and have those resources created automatically based on that configuration. We can then commit that configuration file into a version control repo, test it, manage versions, and start treating the infrastructure like an ordinary source code.

ARM Templates

On Microsoft Azure, there is one primary building block that enables Infrastructure as Code – Azure Resource Manager (ARM). ARM lets you author templates in JSON format, specifying Azure services you want to run, and makes it possible to easily deploy those services according to the template.

ARM automatically orchestrates the deployment in the correct order respecting dependencies. The engine ensures idempotency. If a desired resource already exists with the same configuration, provisioning will be ignored.

The basic schema looks something like below:

{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "",
  "apiProfile": "",
  "parameters": {  },
  "variables": {  },
  "functions": [  ],
  "resources": [  ],
  "outputs": {  }
}

Provision Azure Infrastructure using Azure DevOps Pipeline

Azure DevOps provides the CI/CD pipeline, starting with a Git repository for managing the application source code and infrastructure code (ARM templates), a build system for producing packages and other build artifacts, and a Release Management system for setting up a pipeline to deploy the changes through dev, test, and production environments. The pipeline uses ARM templates to provision or update the infrastructure as necessary in each environment, and then deploys the updated build.

Process flow:

  1. Create a new feature branch from the main branch and checkout the branch locally to create ARM template files using an IDE (VS Code, Visual Studio, etc.)
  2. Validate the arm template files locally using arm template test toolkit and Chekov to detect any security vulnerabilities.
  3. Commit the arm template files to Azure Repos using git commands. Create a pull request to review and merge the source code to the main branch.
  4. Azure DevOps Pipeline Continuous integration (CI) triggers the build and validates the source code before publishing the artifact.
  5. Azure DevOps Pipeline Continuous deployment (CD) trigger orchestrates deployment of the artifacts with environment-specific parameters.
  6. Azure DevOps Pipeline Continuous deployment (CD) runs ARM employment task to deploy the ARM template to dev resource group.
  7. Once deployment to dev stage is successfully completed, run the release job to Test, Uat, PreProd and Production stages.



Categories: DevOps, Microsoft Azure

Tags: , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: