Azure Deployments with Bicep and Azure DevOps

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey everyone and welcome to another video on this channel this time we are going to take a look at bicep this is a getting started level video first of all what is bicep well it's a tool to automate the deployment of infrastructure on azure in this case so you can compare it with other tools like bloomy terraform farmer and of course other clouds and other environments have their own tooling as well if you have done some automation in the past with azure you probably have heard of azure resource manager so now we're going to use bicep does that mean it's bye bye as your resource manager well of course not azure resource manager is the system that makes everything work so to speak whenever you create a resource update a resource delete a resource as your resource manager and its apis are the the magic that makes that all happen so we're gonna use bicep but we're still gonna have azure resource manager in the background so no it's not bye bye as your resource manager so okay arm is not gone when we start creating bicep files but it surely is bye bye to these pesky arm templates we created in json well not entirely because when you create a bicep file it has to be compiled to an arm template and then it gets submitted to the azure resource manager apis now you can do this combination step manually or you can let the tooling do it for you in the background so in essence you should see bicep as an abstraction on top of these arm templates so they are not really gone yet now why would you even use something like bicep well reason number one for me is certainly the simplified authoring experience the bicep files are just simpler to write than these json arm templates that we had to write before especially when you start doing things with expressions it starts to become obvious that this is the way to go a second reason is that it's much easier to reuse code with modules in bicep it's really made for that as well somewhat similar to how terraform does it and you don't have to throw away everything you know about arm templates and the arm system in the back end because in the end the bicep file as already discussed just compiles to a standard arm template and by the way there's also a method to decompile an arm template into a bicep file your mileage may vary depending on the complexity of the arm template that you decompile but it surely is a great way to get started with some existing arm templates that you have lying around before we get started with an example what tools should you use well first of all and that's a no-brainer to author bicep files just use visual studio code with the bicep extension there's also the bicep cli which allows you to compile these bicep files to arm templates to then submit these arm templates to the azure resource manager but you don't really have to do that because the bicep cli is integrated within the azure cli 2.20.0 or later it's directly supported so in the dash dash template file parameter you can just specify a bicep file and the tooling for you will do the compilation step and then submit that to the azure resource manager in the end we look at a more complicated bicep deployment in the moment but for example if you want to deploy something like a storage account in azure it can be as simple as you see here on the screen you just create a file with the bicep extension and then you start with the resource keyword after resource you specify the symbolic name that's not the name for the resource in azure that's the name that you use to reference this resource within the bicep file for example to retrieve properties of this resource and use them somewhere else now of course you have to tell azure resource manager what kind of resource type you want to provide so here you see the resource provider first that is microsoft dot storage and then within that provider we deploy the resource type storage account now sadly there's no way today at least that i know of to specify that you want to use the latest api version at the time of deployment on the other hand it might benefit you to be precise so in this case you have to specify the precise api version that you want to deploy and that's it then you just use an equal sign and then between these curly braces you provide all the properties that a storage account expects that's all fine that you have to provide the properties that the storage account expects but where do you find that well of course in the microsoft documentation so if you go to azure templates you can go to all the different resources and resource types that you can deploy and as you can see here on the screen they now not only provide you with the json format for the json templates we used to create in the past but you also get the bicep format here so there you find everything that you need to deploy the resource enough talking i'd say let's get our hands dirty and let's deploy some bicep templates in this case using azure devops before we get started a big shout out to the microsoft cloud native global black belt team which had a session called configure your aks cluster with confidence and in that session they used bicep deployments to deploy aks and also have all the best practices included in those bicep files let's look first at what we are going to deploy here i'm inside a file called main.bicep as you see here and that's just a convention you can call the file anything you want after the declaring of some or the declaration of some parameters i have my actual resources that get deployed now just like the example you saw with the storage account we create a resource with the resource keyword give it a symbolic name and then of course refer to the microsoft resource provider and then the actual resource type so in this case microsoft network virtual networks remember the symbolic name has nothing to do with the actual name of the resource in azure that's where the name property comes in next to the v-net we also deploy an aks cluster now we don't directly deploy the cluster from a resource keyword we actually use a module we created before so we use a module here give it a symbolic name again aks and then we refer to the module here in this folder modules folder aks cluster.bicep a module is just a bicep file there's nothing special about it you don't have to use specific keywords and so on to make it a module any bicep file can be used as a module of course a module typically will have many parameters defined so you only have to supply the module with the parameters that your module expects to create in this case of course the aks cluster and if you know something about aks you probably see many properties here that are required or maybe recommended when you deploy such a cluster next to aks we also deploy azure container registry not with the module this time just directly with resource symbolic name and then in this case microsoft container registry slash registries in the end we also want to provide some access rights to the container registry what we do here with this resource is that we assign a role to an account in this case the managed identity of our aks cluster and we assign that account the acr pull role on the acr resource here you can see that by the way scope is acr we just reference the resource that we want to set our role on before we start deploying our bicep file let's look at parameters and of course you use parameters to make it flexible to deploy whatever you want now defining a parameter is very easy in bicep just use the param keyword the name of the parameter and then the data type you see a couple of data types here strings of course you can use arrays as well there's a bool type and there's also a in type for instance yeah and in some cases we initialize our parameter with a default value so if we don't supply the parameter when we do our deployment that default value will be used what you can also see here is that parameters have something which is called decorators so here for example you see the acr skew parameter which is a string with the default value of basic but i only want to allow three different values there so there we use the decorator called allowed so add allowed and then as a parameter to that allowed decorator we specify an array of allowed values note that in bicep here this array don't have commas between the different values there are other decorators as well such as min length and max length and of course check the documentation for other decorators that are supported now how do we use an actual parameter in our deployment for example how do we use this acr sku when we deploy acr as your container registry well very simple if you go to the bottom you'll see it of course our azure container registry has several properties as you can see here well there's a skew property which actually has a name property and there we use our parameter called acr skew it's as simple as that now of course we work with modules as well right so we deploy aks using a module that module is here in aks cluster bicep if you look closely at aks cluster bicep yeah there's nothing different about this it's not that different from main it's just a bicep file and the module of course also has several parameters defined typically in a module of course you want to be very granular you want to allow a lot of parameters because of course you want to reuse that module in many different situations and here for example you see also an example of a parameter of type object and here for example we use this for several of the aks settings that we will supply later on when we do the actual deployment of our aks resource and of course you've probably already seen that that in our main bicep for example we have a parameter like prefix and suffix well the value of that right so that probably you'll have to supply that at deployment time the value of this can be passed of course two parameters of our module you'll see that here when we call the module aks the module expects all types of parameters well the module parameter prefix we give that the value of the parameter of main called prefix in bicep it's also quite easy to use functions and especially in visual studio code with command line completion and so on that makes it really easy for example suppose that for the location of my v-net i want to use the location of my resource group and the resource group i'm deploying this bicep template to well of course i can do control space or i can think that it might have something to do with a resource group so i just type res and here i see indeed that we have the resource group function so we can click on resource group indeed it's say it's a function and then we can just specify a dot and then select what we need from that so in this case we want the location to be retrieved and that's all there is to it in this case with a very simple function to retrieve something dynamically in your template there are also quite some differences in how operators work things like and and or and and multiplication division and so on i'm not going to show that you can find that in the in the documentation but i do want to show you the ternary operator a bit here for example here for the name of our v-net we want to change that depending on whether a parameter is supplied so in this case if v-net name equals an empty string so that's how you test for equality right so two is signs well if it's an empty string then we are going to construct our name our string using the parameters prefix and suffix and then the word v-net here you also see an example of string interpolation in effect as well so inside a string with single quotes you can just use that dollar and curly braces to include your other parameters or variables for example to create a new string in case the v-net name was supplied we're going to use the v-net name as the name of our resource okay time to deploy the bicep file but we are going to use an azure devops pipeline for this i won't explain in detail how azure devops pipeline works suffice it to say that this pipeline defines some variables at the pipeline level so i have a variable group defined in azure devops this is where i get something which is called the ssh key and i need that because that is used to connect with ssh to my aks node so that ssh key is set at the azure devops level but for example the location of my resource group is just set in the pipeline and this connection is a reference to a service connection in azure devops that contains credentials to connect to my subscription in azure that was defined within azure devops you don't see that here but you should create it of course otherwise you can't connect to your subscription then at the job level i'm just going to have one job here at the job level i define the resource group i want to deploy to and also deploy define my parameters file now here it's important that you're using this add sign here so it's just a string that you use to refer to the file but you have to put an add sign in front of that so remember that now the actual steps that i want to run to do the deployment are defined in a template pipeline so that's a child pipeline so to speak in the common folder deploy aks so here in deploy aks you see the steps we have only two steps here a checkout step to check out the source code that of course contains all these files over here including my main.bicep and then yeah the preferred way of deploying a bicep template is to use for me at least to use an azure cli task the recent versions of the srcli will be used to deploy this template and they support bicep files directly i'm not going to go into all the detail but of course azure cli expects what kind of azure subscription do i run against and that was that variable that refers to my service connection within azure devops where we're just creating an inline bash script the bash script does the following three commands and that's all there is to it i'm not going to explain the acr role but i need that to get a role id and when i have that role id i can supply it as a parameter to my bicep file we create the resource group here and we use indeed the resource group parameter which is defined at the job level and the location parameter which is defined at the pipeline level then we do ask deployment group create we specify the resource group of course in this case because that's that's where our that's what our scope is we didn't set a subscription scope or something like that and as template file we refer to our main bicep directory of course relative to where my pipeline is which is deploy underscore def yeah it's not relative to the template that we are in at this point in time now to set the parameters i have to set two parameters individually because i i retrieve them in another way right so the parameter acr role of course i refer to the acr roll variable that i use here and the parameter admin public key is using the ssh key which is defined at the azure devops level but all the rest because we are deploying a cluster into our development environment i have specified indeed parameters file which refers to the development variables so for example if i go back to deploy def you see indeed that we refer to bicep parametersdev.json when i go to parametersdev.json you'll probably be surprised because indeed this is a json file this is the same file that we use the same type of file that we use to define our values of parameters with autumn templates that hasn't changed yet but here of course we specify all the parameters that my bicep script my bicep template expects like the kubernetes version prefix the suffix how many nodes i want in development i want one but maybe in production i want more v-net prefixes the subnets i want to create inside the the v-net and so forth and as you'll see in production indeed it's a little bit different there you see other another suffix and you also see that we only deploy or we deploy two nodes instead of one node right now let's try and deploy this in azure devops itself so here we are in azure devops i'm in a project called aks bicep and i'm in a repo called aks underscore bicep and of course these are the files that you have seen me working on in visual studio code if you go to the bicep folder you'll find the main.bicep file over there as you have seen as well if you're going to the root of the repo there's my deploy death.yaml so that's a pipeline i've shown you earlier it does use a somewhat different template this is an extra compile step as well what is this compile step well basically just for fun i added a build bicep template option here as a separate task that builds the bicep file and folks for example if there are issues or errors they will be seen there and the pipeline will stop at that level now okay of course this pipeline was defined as a pipeline at the azure devops level here in the pipelines yeah how do you do that it's quite simple you say new pipeline there's a wizard that's coming and then you refer to the yaml that contains your pipeline so in my case you can see that indeed the deploy dev pipeline was recently run and it was run successfully the other one apparently for some reason did not run successfully now this pipeline does not have an automatic trigger or something so it has its trigger is known so i have to run this myself manually let's run this and see what happens so i'm going to click on this on this pipeline all the different runs i had in the past i played a bit of pipeline bingo to get it right of course as we all do i expect and now we just click on run pipeline and then you use the run option so let's run this pipeline and see what happens so the rune starts it's only one job as you have seen inside the pipeline deploy aks death with bicep if i click on that we'll see indeed that we now get an agent an ubuntu latest one it's acquiring that from the cloud and now we start doing uh the actual uh the actual deployments so in this case he's doing a checkout he's now building the bicep template that is successful so that means that my bicep file was was correct and now of course the deployment starts now that will take a couple of minutes so we'll pause here and see what the result of that is and it took about four minutes to deploy our bicep template because let's give or take four or five minutes what it takes to deploy aks let's take a look what happened in the portal so here we are in the azure portal where we see our deployed kubernetes service if you go to the resource group we see all the resources that were deployed by the bicep template so five resources in total and to show that these are just arm deployments you can just go to the deployment section here and take a look at deployments and what they did so i have my main deployment that's coming from my main.bicep file i didn't specify a name for my deployment so the name of the template is being used in that case they click on main there you for example will see that we deployed our virtual network our container registry with a role assignment as well the other deployment is the deployment of the aks cluster that we did via the module so in the end regular azure resource manager behavior and deployments and this concludes the video about bicep if you have questions please do drop them in the comments thanks for watching bye
Info
Channel: Geert Baeke
Views: 1,518
Rating: undefined out of 5
Keywords:
Id: 0fw4UaY9Qd0
Channel Id: undefined
Length: 22min 53sec (1373 seconds)
Published: Tue Apr 27 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.