Microsoft Azure Master Class Part 11 - Infrastructure as Code, GIT and DevOps

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Love your videos, John!

That said, I do think you should go with Terraform, Pulumi, or some type of CDK for IaC. They are fantastic compared to duct taping scripts and JSON together.

👍︎︎ 2 👤︎︎ u/quantastical 📅︎︎ Nov 17 2020 🗫︎ replies

Another class I thought was going to cover Azure DevOps and not DevOps in Azure! Fooled again!

That being said, the entire Master Class is the best comprehensive Azure class I’ve ever seen. I’ve watched hundreds of hours of other content and nothing compares to John’s lessons.

👍︎︎ 1 👤︎︎ u/skadann 📅︎︎ Nov 17 2020 🗫︎ replies

FYI Bicep has a VSCode extension: https://marketplace.visualstudio.com/items?itemName=ms-azuretools.vscode-bicep

👍︎︎ 1 👤︎︎ u/VehicleKey9365 📅︎︎ Nov 18 2020 🗫︎ replies

Captions

hi everyone welcome to part 11 and for now the final part of the azure master class and this is all about infrastructures code thinking about using get for version change control and then actually devops in this case using github and github actions as always if this is useful please go ahead and give this video a like go ahead and comment uh subscribe and share so first off we have the azure portal we have powershell we have the azcli so why are we bothering with infrastructure as code at all because they are great options and actually i think i want to kind of stress at the point we're going to cover a lot of stuff in this video i've put more than usual in the repo for this so you can kind of follow along so as i talk about things like powershell and cli that's not infrastructures code that's not my focus for this at all so i'm going to spend literally seconds on it but in the github repo i've got some commands you can kind of look at and work out a little bit more kind of what's going on just for your own kind of learning so we have the portal and the portal is great i mean if i jump over for a second if we go and look at the azure portal it's super intuitive i can easily go and see well hey what's for example is the configuration of a storage account i can select it i can see basic information i can look at the detailed configuration i can see the options we even have things like storage explorer integrated in to go and evaluate hey if i'm trying to experiment with a new resource well i can go ahead and create a resource i'm sure i'll create a windows server 2016. i can see all the types of options available to me it's super intuitive it's super friendly it's kind of slow if you think about going through every single page of this wizard to create the resource but it is really kind of friendly i can go in and see the state it's useful from that perspective but it doesn't scale like trying to create a lot of resources is super super slow but to go and learn to see what's possible and create great dashboards what was good for that from a visualization perspective we have powershell we actually have an az module which is kind of a meta module made up of lots of smaller modules that really works through the rest api for arm azure resource manager just like the portal there's also the azcli and both of these i can install locally on my machine gives me a huge range of capabilities so if again we quickly kind of jump over this time we're going to look at vs code so in here in vs code what i'm actually going to do is let's take a second and this is the repo for this course and so i've got this kind of local copy of everything in here i'm going to open this demo script so in here i walk through well how i can actually install the az module so this is the powershell now remember even the powershell and the cli they're cross-platform windows linux mac os so this is a way to install it for all users i can check the version i have available for example here we can see at the bottom well my az module it's version 5. and you can also see it's kind of cross platform by that ps edition it supports core and desktop so now it's going to be available across platforms so i can install um powershell 7 for example it used to be called powershell kind of core in six but now it's just powershell it's all kind of come together so i can have powershell seven i can install the az module we have things like contexts over both powershell and cli so i might have multiple subscriptions under my identity i can easily switch between them again not going into that in this course i'm about to record a video on powershell for azure i did one years ago it's a little bit out to date now so i'm going to update it and i'll go through all of this stuff but i can do things like well i could look at all of my resource groups i could look at all of my virtual machines where for example the state is not running you can see me running these commands at the bottom i can look at secrets extensions look all the different images that are available create virtual machines deploy templates huge amounts of things then we get to the azcli now i have that installed on this same box i can do the same types of thing if at this time i'm just going to say well let's look at all of the locations this will show me all of the locations available in the environment i could look at all the virtual machine sizes available in east us too i can output to a table to make it easier for me to read and i can do the same types of things i can do with powershell hey show me all the ones that are running with an az command notice i'm changing some of the output to just show me kind of four columns and i'm naming one giving it a friendly name of region instead of the base location attribute name so i can modify all of these things and this is great and it's super powerful and definitely if i think about hey i want to do some maybe management actions using the powershell using the cli is phenomenal for that in fact we even have yes i can install it on my machine the azure module the azure cli i can run those locally again windows linux mac os but in the portal it actually has something called cloud shell and i can even that's basically a container i could run it integrated with a virtual network to get to other resources in azure i can even kind of run that locally but a really easy way to get to that the cloud show is actually integrated with the portal so if i ever find myself somewhere where hey look i don't have my machine handy up here in the top you can kind of see this shell icon window if i click that what it's actually going to do is use an azure storage account it's going to create a file share in there where it's going to store my profile now i can run this as both a powershell version and bash so i can pick i can flip between them depending on what i want but again powershell and the azcli is cross-platform so i can use them in either one it really comes down to what types of scripts might i want to run and behind the scenes what azure is actually doing is creating a container to host this session um also what might drive me for powershell actually has a azure drive a provider that makes me see my azure content actually just directly like it was a file system from here i could go and look at resources i could look at maybe my resource groups uh list output table again it's cross-platform so i can run both az and the powershell i can also instead of running it from within kind of the main portal.azure.com i can actually go to shell.azure.com i would select the tenant i actually want to run this as my saviletek and now i just have a full shell window and i could again do all the same types of things i can pick between powershell and cli even things like the local azure app i can utilize this with and actually go and get a shell so super easy to quickly get access to things so great we have these options why do i need anything else so they're all imperative um yes they're all cross-platform but it's that imperative nature that makes it problematic from a resource provisioning creating resources what i mean by that is it's hard to check what's already deployed yes i can write a great powershell script or cli script to create resources if it fails halfway through how does it know what's been created already and how to maybe go and check also what if i change it what if i want to change a configuration well in my script i now have to write a bunch of different commands to modify rather than create because i'm telling it how to do something imperative is all about how to do something i can kind of think about it if i was driving somewhere imperatively i would say will you go 100 yards then turn left then drive 300 yards then turn right etc now if i started at different place those instructions wouldn't work anymore i'd have to change that whereas another option would be that hey i just want to be at this location you deal with that and as i mentioned we have the cloud chill so the other option is declarative and this is all about jean-luc picard make it so number one and when jean-luc picard would say i want to be a gamma gamma gamma quadrant two make it so he didn't worry about well take the ship out of neutral and then warm up the engine and hey um turn left a little bit and then at the second moon of blue go right 45 degrees he didn't do any of that he was just like number one make it so and then the rest of the crew of the enterprise their job was to work out how to make the captain's desired end state being a whatever i just said gamma gamma blah blah blah how do they make that reality so would work out what are the steps they have to perform to translate the desired end state into reality so the ship's crew kind of was that engine when i think about computer systems we stay only the desired end state so if i think about provisioning resources i would just say why want a storage account i want it in central us i want it to be lrs of type storage general purpose v2 that's it i'm not worrying about if it already exists but it's a different configuration i'm not worrying about if it doesn't exist i want it to be this way go and work out how to make that so so that's the point of a declarative technology i never have to worry about current state i just say i want it to look like this and now i can have one file with my desired state in it and whether it's i'm changing that folder slight configuration tweak or it's brand new nothing changes on my side this is my desired state i might change my desired state not my problem how to make that reality it's a technology's problem how to make it reality you have a great thing about using a declarative technology is if i think about it often we have requirements that say well is that still the configuration has there been drift are you still meeting the policy required so if i state a desired end state of declarative well it's easy to check i have written down what my desired end state should be i have what's deployed do they match or is there drift if there's drift what's the drift so it's a huge benefit with declarative technologies so it's easy to modify i can just change my desired end state it's easy to track what has kind of changed with these and it's completely prescriptive i can take this desired end state and i can say do the desired end state to dev to user acceptance tests to production it's completely declarative in that it's always going to be the same it's never going to change anything about that so it's an absolute if i try and create things from the portal well i it's super slow but how do i know i did the same steps between dev and user acceptance test and production it's almost impossible to do that so i get drift now with powershell and cli i have a script it should be the same there shouldn't be drift but with powershell and cli can i say well what's deployed matches the script the script said hey create vm then add this extension then run these commands and do how can i tell i've kind of walked through what would this have done and it's very hard to detect drift with an imperative technology saying they're saying how to do something same as jean-luc picard if jean-luc picard was saying imperatively well i want you to go five light years that way and then turn 50 degrees and then go two light years how would he know those steps were followed he'd have to try and work out where did i start and okay if i track that way and then turn that way would i be here whereas with his declarative technology i want to be at gamma gamma blur to see if there's drift he says well am i at gamma gamma blur that's it doesn't doesn't matter how he got there my desired state was this am i at my desired state so it's easy to detect drift with that type of technology i have full version control i mean it's a desired end state it's as a document type in this case with azure json other technologies might use different formats yaml yet another markup language um it can vary but it's readable and i can easily source control that now i can do that with a powershell script or cli as well i can track those things in version control and absolutely i should but the great thing about these kind of declarative technologies it's super easy in that source control because it's desired state so that attributes changed my desired end state changed between these things now i can use declarative technologies to provision the azure resource manager resource create storage account create a vm and there there is azure's native technology azure resource manager templates which we're going to focus on but there's third-party ones this thing's like terraform terraform is super powerful the benefit terraform has there's a number of benefits terraform is nicer to look at and author one of the pain points with arm is very verbose it's not that friendly to look at terraform also has providers yes for azure but for aws for google cloud for kubernetes for vmware it can deploy across different environments in a very consistent fashion through these providers it has now the only downside with terraform from that perspective is because it supports all these different types of clouds for it to work out well is the end state matching it has its own state store and that's what it uses to compare against so i do a plan which works out my desired state versus what's there according to this state and then i can apply we have to be careful with that state if i change something outside of terraform the state file is out of date and doesn't know about it then it gets very confused if i have multiple people deploying to the same environment they need a shared state file i have to put it somewhere which i can do with putting blob storage for example i have to put it somewhere they can all get to so there are third parties i can then think about solutions inside the resource so sure i could use arm to deploy the azure resource but maybe i then want a declarative technology to configure the internal resource maybe it's my kubernetes deployment of pods they have the deployment yaml files for example maybe it's configuration of a virtual machine operating system then there's things like powershell design state configuration this thing's like chef puppet ansible and more so there's all these different technologies my focus here this is the azure master class so i'm going to focus on azure resource manager templates but be aware there are other things if i multi-cloud you're probably going to be a better fit like terraform and terraform is really tightly integrated with azure it's actually the tool set is part of things like the azure cloud shell it's just there for me so under the covers everything in azure is actually json um when i provision something from the portal there's often an option to export i can look at existing resources and export so let's take a quick look at that so if we jump over to the portal and here well let's start with looking at a resource if i look at an existing resource the storage account if i scroll down all the way to the bottom we can see there's this option export template and if i look at that it's showing me the json to create the storage account it shows me things like well there's a certain parameter that i can pass in in this case it's the name this is the name of the storage account likewise if i create something brand new i'll stick with storage accounts because they're very simple i'm going to use storage account for a lot of this demo i say hey let's review and i'll give it a resource group doesn't matter give it a name doesn't matter review and create what we see down the bottom here well look download template for automation if i go and look at that once again it's going to show me the json now you'll notice there's this option up here add to library there is a concept in the portal of a library where i can store these json templates it's been in preview forever i mean years it's been in preview i'm not even convinced it's going to go anywhere it's very limited in what it can do and what it can access um personally we're going to talk about using a true repository like github or azure devops i wouldn't really use it i don't see the benefit of it there are much much better options however if you just kind of got a couple of templates and you kind of experimented sure there's this preview library capability that you can kind of play around with but the key point is under the covers you can go to resources.azure.com in fact let me show you that quick that's kind of cool if we jump over so actually under the covers everything here so if i just go home for a second if i just change and go to resources.azure.com this is kind of peeking under the covers of azure and i could go and look through my subscriptions remember in azure everything is built from resource providers so i can look at a certain resource group and we'll pick my south central us i can see it's using providers from things like storage then under there hey storage accounts and i've got various storage accounts and i can see the json that's actually kind of the configuration of what it's doing with this resource i can see hey look the sku the name the tier all of the data underneath the covers azure is storing as json and so the most logical way for me to actually create resources is to use json now there is a huge library of starter templates can i create them from scratch yes i can do i want to no i don't they're really not very friendly now i'm going to walk through a bit more detail of one in a second go through what makes it up but the easiest way to actually do this is to go and look at the quick start templates so the quick start templates there's a huge number of these you'll see that 101 these are the most simple then they're like 201s 301s they get more and more complex but what i would try and do is find a template that's similar to what i want to do so i could see for example here with all these 101s data factory express route private peering there's huge huge numbers anything you can think about you want to do there's a template and so i would take that template and start with that now i might need to customize it a little bit but i can definitely start there so here there's like a 101 vm simple windows if i select that well i can see well there's the actual main json file that defines the actual resources so if we look at that can see all the different parts and then it's actually going to create things like well it has a storage account probably using the storage account for its diagnostics then well in this case it has a public ip address so i can get to it from the internet terrible idea but whatever then it creates an nsg okay so it's going to lock it down a little bit then this one actually creates a virtual network with a subnet as well then it goes and creates a nick so a nic is a separate resource and we can see here well there are dependencies the nic requires the virtual network to exist and the public ip so it's going to wait for those things before it creates now that will cause some parallelism challenges so we only want to do depends on if we really really need it which it does in this case and then finally we kind of create the virtual machine and that is going to utilize those other resources you can see the vm depends on the storage account for its diagnostics and the nic and then we kind of configure those various things the os disk the data disk and there's that diagnostics profile that i was kind of guessing at that uses the storage account so there are examples of pretty much anything you want to do so my recommendation is to go and find one that's close you can combine things together there's a parameters file so we separate things that might change into a parameters file in this case it's the admin username the admin password and the dns label prefix we're going to add to that public ip address now they get more complicated if we go down like the 201s and the trio ones it starts getting to multi-tiered services my point is there's huge numbers of these and there's probably going to be something that matches what you're trying to do now you'll notice there was the parameters file and the reason they have the parameters file is the whole point of what we're trying to do here is have this absolute prescriptive declarative configuration that i don't want to change the whole point of this is i want to kind of create this json configuration file that deploys whatever this resource or this application spec is and what i want to be able to do is if i think about it well i might have different environments i can think there might be kind of a dev just for simplicity there might be a prod now what i definitely don't want to do is i want to be able to source control these things and i would say well this is template and this resource and this is kind of the v1 what i want to be able to do is deploy that so i want to be able to deploy that without any changes to dev once that's been proven well i will then change it deploy it to prod now i just said change it i don't want to change it i should make zero changes to the file this is the json file but there are probably going to be differences between dev and prod in terms of maybe urls maybe it talks to a sql database maybe the ip scheme of a v-net is different so there are going to be some things that are different so what we do the things that might vary between maybe different environments or maybe different instances this template might stand up a core set of resources i want in 20 different applications so what we also have kind of separately is we have a parameter file now this is still a json file but this is my parameters and this could be my pram for dev and then i can have a different pram file for prod and when i do the deployment i can say well which parameter file to use so now the actual configuration the on file doesn't change between environments or instances the things that might vary between environments between instances i have their own version of a parameter file that i would pass to it as part of the deployment so that's why we separate out a parameter file so i can have the things that will change isolated away from the main configuration i want to be absolute i do not want that changing if i as soon as i start making edits to that well now i might have broken something it's no longer consistent so i separate into a parameter file the things that will actually change so let's have a little look at a arm file so this was my kind of demo script for powershell and cli and you're not actually noticing these for both of these examples i had again this is really for your learning to have a look at i have examples of actually deploying a template i always use storage accounts it's easy to understand and see and i have that here as well for arm so i can absolutely deploy these arm templates using cli using powershell i'm going to close that and now i'm going to jump over to my arm templates folder so again you can clone this repo and you can kind of follow along so i'm going to look at my storage account json file now it's made up of a schema definition that's really describing what the valid resources are what the attributes are because one of the great things is you'll notice i'm using vs code vs code actually has extensions so if i go and look at my extensions there's actually an azure resource manager on tools extension you can go and search for this if you just search for arm and it will find it you can then install it and it will help you as you create your various types of resources and there are huge numbers of extensions for vs code i also have ones for bicep which i'll talk about there's ones for terraform there's help for powershell um all sorts of different things so definitely recommend you kind of take a look and that one actually should have uninstalled because that's the old one but for right now i'm just going to look at my storage account so we can see firstly we have parameters so those parameters are things we are going to pass in when we call the template so we can see here in my example well i can pass in the storage account type and i'm limiting it to a list of allowed values los grs zrs now i also pick a default so i don't actually have to pass this parameter if i don't it will just use the default then i have a location now once again i'm setting a default now my default i'm just reading where is the resource group i'll use that so technically i don't have to pass anything to this template i can just run the template and it will install then i can have variables variables are things that maybe i'm generating i can have some functions we can see it's actually a function i've got the square bracket so i'm evaluating these commands to generate a value so what i'm really doing is looking at the resource group name i'm making it lower case because storage accounts has to be lower case i'm removing any dashes because that's not a valid character again in a storage account and then i'm adding in standard essay to the end of it so this is just creating a variable called storage account name that i can then use so we have two sections so far parameters things that i'm passing in now i can pass those in either through a parameters.json file so here i've got just one of them defined and i can override one or both or none or i could actually pass it as part of actually calling the template i can tell it the parameters i want to use but this again if i was actually doing this between environments i don't want it part the command line i would have a parameters file for dev for use acceptance for production and then i have my variables now i want to create stuff so i have a resources section and in this case it's all based around the arm i'm saying well it's from the microsoft dot storage resource provider and it's a resource of type storage accounts then there are various attributes so i'm going to set the name to use the variable storage account name that i defined above right here the location or the location i'm going to use the parameter that we have up here and then i have an api version i have a skew the sku name is going to be again the parameter that gets passed in order as the default value i'm hard coding the kind to storage v2 i have no other properties and then i can have an output this thing is going to spit out at the end well my output is going to be storage account name so that's a template i mean it really is kind of that simple i can think about well i have parameters i pass in i have variables which are things i'm going to calculate and then use then i have resources i want to create and then i can spit out an output another useful output might be something that only gets assigned at creation time imagine a public ip address that doesn't exist until i create it so an output might be hey here's your public ip address so that was a super super simple example but we saw that simple windows vm from earlier which had multiple resources and i can create those depends on relationships that will guide the order in which it actually creates things so the point is i want to use these to create now yes it's not the prettiest thing in the world but it's actually pretty simple and let's actually look at a simple windows vm so what i'm actually doing up here is this is creating a virtual machine now again i always have the same parameters then there's a lot more of them because i'm passing in things like well a location a name for the vm a virtual machine admin name which i'm kind of hard coding then i'm setting a a default kind of password i'm actually passing in from my parameter file and that's terrible now i'm doing it for this one because i don't care this is a local thing i'm never going to create it really shouldn't be doing that you'll notice one of the cool things is these extensions i have is actually going and looking at the parameter file and telling me what the value is this is not part of this file that's why it's kind of in this gray normal is this it's reading it from what it knows is the associated parameter file where it has all these values and it's just actually associating it over for me so we have all these different things now the way we should have secrets and i do do it later on in here is i can think about or maybe i'm going to join a domain so one of the things i have if i can find it here we go i have an admin password now for this one you can see it's actually a key vault reference so my parameter file what i'm actually doing is i am referencing a keyboard secret and the actual secret name is sav admin pass this is how we should have secrets i never put a secret in a parameter file uh i check it in somewhere now everyone knows it you say like keyboard key vault is where i can put my secrets that i really care about and then i can reference them from within the file that's the kind of the right way to do that now just if we look at that key vault i have so if we scroll to internet explorer and if we look up key vault in fact there's the vault there's savile vault there's a couple of things you do have to do in the access policy for my key vault i have to turn on allow azure resource manager templates for deployment if i don't do that an arm template cannot get to the secret now i still have to have permissions i still have an access policy i'm running the template as me and we can see well john has rights to the secrets this is not an rbac version this is just using policy i have another vault that is at a secret level but even for that i still have to turn on allow templates to access the secret so the secret is now just stored as a secret and then the template is referencing that secret so that's the right way to have things that we actually care about and obviously i've just got sub you have to put your subscription id in here don't put them in your code put them in something else then if we carry on so i have all these parameters and again they can be references to other things then we have a bunch of variables i'm working out and again notice i can reference other things so i'm actually looking at my virtual networks and finding the vnet id for my virtual network that already exists so there's some cool stuff i can actually do in my templates i don't have to create the virtual network here i'm referencing an existing one and then i go and create the resources again i go and create a storage account it's going to be my diagnostics i create a network interface connected to the subnet it's just a private ip then i go and create the virtual machine virtual machine relies on the storage account the network interface i have an os profile where i use kind of those admin names then i have an extension my extension here joins the domain and that's where i go and use a protected so it won't get put in any kind of log files what that domain admin password is there's a lot here i'm not expecting kind of anyone to process all of that and just start using it but the point is ultimately it's just chunks it's just resources and they're attributes that's really all this is and then i deploy it so i can think about well let's see one of these things so i'm going to go back i'm not going to deploy this we'll start with just the storage account now again in the repo i know i keep saying this remember the whole point of this is all of this is published as my azure master class now i've not put part um 11 up here yet i need to kind of push this up i've got to do 10 as well so there'll be a part 11. oh there's 10 there we go so 11 will be here which is going to be all this code once i actually finish recording this and you'll see everything i'm doing so you can use all these files yourself now for right now what we're going to do is i created a resource group and i think i named it something fairly random people keep stealing the names i publish out my code then people create things with that name in it so it means i can't use it anymore so i created rgsav00724 and it's completely empty so again we have this storage account and then if you look in the file there's a armdemo.ps1 file this is actually going to run through and actually create these things now i do want to check so i set the base location so if you pull this down you're testing this yourself make sure it's in the same location so if i go and look to where my local copy is of this so i've got my projects my git there's my actual master class and i'm kind of doing this part 11 and right now i'll do my arm templates if i copy this i just want to make sure i'm in the right place so i'll put in this value because i switch between different machines and it was the same so it was built okay so i'm going to run that just to define my base kind of location and then the first thing i'm going to do is i can actually deploy that template now i'll move to the folder so i'm going to do cd part 11 down the bottom slash arm templates and i can see all these various templates i'm in that folder so i'm going to use the new az resource group deployment again i've already installed the az module you have to do that first i'm going to tell it the template file and i'm passing it parameters file as well i'm going to run it now i'm doing what if so one of the really cool things here is it does support what if so if i just run this command it's complaining straight away and that resource group could not be found so what i suspect is happening if i do get a z context i'm looking at my prod which is the wrong one so i'm going to do select a z context i'll pretend this was deliberate savile tech dev so i have three different contexts my pride my dev and my lab now in that other source code actually show you how you can set up these friendly names to make it easy to switch between them so again in this file when i go through so many folders this demoscript.ps1 i actually talk about how you can get a list of all the contexts dump them to a variable and then you can look at them quick and then rename it to whichever name makes this sense for you and then i can jump around anyway now let's try and deploy it now i'm in the right subscription so what it's doing now is it's actually looking what is the current reality what is the desired state so it's saying hey you've got this and this i'm going to look at you specified a resource group so i specified a certain resource group by default it's doing something called incremental what that means is in that json file we'll just say hey i said i want storage account one so right now it's looking the storage account one exists if it does does it match the various attributes i have if it doesn't it's gonna make it so it will go and create storage account one now if there was other stuff in here already let's say there was a sql database or a vm it will leave them alone incremental only says hey the stuff i define make sure the stuff i define is exactly meeting that spec in the target there's other stuff in there i don't care i i don't see it i don't know okay so let's see what our vs code is doing so what if he's telling us hey if you run this then it's going to create one resource that sounds good to me so i'm just going to now execute without the little dash at the end and the what if to actually go ahead and create it now there's always a lag between the portal and the actual resources that exist so right now you can see this resource group is empty that's kind of the key point once this finishes it would have created the storage account based on this configuration so it's the name of the resource group with sddsa at the end of it standard sa now the default value was standard lrs my parameters file was also standard lrs so it should have created a locally redundant storage account if we come and look and again it's going to be a delay so it's not there yet normally within 30 seconds um it should show up but there's always a little bit of delay between them i could go and look in powershell or cli i'd see it but if we keep hitting refresh okay now it's there so if i actually go and look at this thing i can see hey look it's locally redundant great now let's test our theory maybe i want it to be grs instead i made a mistake it should be grs okay so now we're gonna go back to the code and this time what we'll do is we can do one or two things we could change the parameter file or i can just override it by specifying the storage account type so i'm actually overriding the parameter so i'm going to do that so account is lrs now i'm not going to change the file i'm not saying well now you have to do a modify i'm saying my desired end state is now it should be grs now once again remember i could actually run for what if so before i do anything tell me what you would do and if i run that it's once again it's going to go and look at well what's there right now and what do i need to do to make that the reality of your world my great master john and what it's going to basically work out is well the storage account type has changed and you see that it's telling me hey look okay i'm going to have to change the sku name from lrs to grs okay i'll take the what if out and go and do it so now we'll run these commands f8 go run so now it's actually going to go and say okay i'm looking at reality again currently i'm lrs i've been told the desired state is now grs it's it's job to go and work it out now again this applies to any type of resource now there are some things maybe you can't just change it depends on the resource but if it's possible to modify the attribute and the type um it's going to do that i can have things like other containers created i can do all of those things for my declarative configuration i can even do things like assign roles i can assign policies the things i might use blueprints for i can actually do with arm templates i can have all of that stuff defined so if we go and look so it's finished and again it would have told me in here kind of the value so it's now got the standard grs is actually listed in there but in the portal if i just hit refresh hopefully now it says grs you can actually see that grs so it did it i just changed what my desired state was and it kind of did it for me now in the repository here i've got just other examples of things so if you actually walk through i've got things like i create a virtual network then i create a version with multiple subnets and actually i guess i'll run this one just for a bit of fun so what i've got here is a template file that deploys one subnet so if i actually looked at this it's just a single subnet so it's defining a virtual network and then under the virtual network it defines a subnet nothing fancy now remember this template remember only defines the virtual network not the storage account but if we run this i don't need a parameter file it's just going to run defaults doesn't really matter so now what it's doing if we actually jump back to the portal for a second and if we go back to the resource group so the storage account exists but right now i'm defining another resource in a different template remember so now let's say it's a completely different template and this is now network with that resource and i'm deploying it to the same resource group if i'm going to change the colors just so we can kind of see the difference between which is which so now i'm also going to have net one show up now it doesn't affect the storage account because this is an incremental deployment it's only looking at what's defined in this template make sure what's defined in here matches in that target resource group now i should say you can actually deploy templates to subscriptions and management groups as well it's more common that we deploy to a resource group it's absolutely possible and incremental to actually target subscriptions and management groups as well they can actually go and create resource groups go and create subscriptions if i target a management group so it's going off and now it's finished so that finished so now if we go back to our portal what's happened to this resource group oh sorry their storage account it's still there it didn't mess with it and if we look at our virtual network well what we're going to see is it has one subnet because that's what we defined in the template now what i'm going to do is i have another file same name but this one has two subnets defined but it's the same virtual network object but it defines a second subnet so my desired state even though it's different file doesn't matter it's the same resource name it's going to update the same resource but now my desired state is where has two subnets there's also a complete mode i'm going to run this incomplete now complete is dangerous what complete is going to say is hey look i want the resource group to look exactly so ordinarily we're deploying incremental just make sure the resource i have in the template matches the resource in that resource group if i say complete it says make the resource group exactly match the template so if there are resources in here that are not in that template i'm going to delete them so it's a it's a dangerous operation to actually do and i believe it's actually going to warn me so if we can actually go and look at this so if i run this and this time remember i've got this mode complete added to the end so if we run this it's saying are you sure you want to run a complete deployment it's basically saying hey look you really can cause a lot of damage with this thing it's down the bottom so i'm going to say yes so yes go ahead go so what my expectation is now because i'm doing that complete mode and again you want to be super careful with this i'm actually going to expect this to delete now i could have done the what if that should have been cool to show that quick but it would have shown hey i'm going to kill this thing off i'm going to delete this so once this completes we should see two things happening i should now see a second subnet on the virtual networks my desired end state for that v-net is now two subnets and i should see the storage account gone it's just gonna kill that thing off so that's running through and again it's always a lag again it would hit refresh and it's still there right now it's still running it's going through but that's what's going to happen so when i do that complete mode this is going to kill off now obviously i could reapply this in incremental again and it will recreate it but with that complete turned on it's actually going to go and wipe that out to make it exactly match what i have in that script so it's still running it's taking its time again because i'm modifying the v-net and i'm destroying something um it's just taking a little bit longer okay so i'll jump to the i'll come back to that in a sec so the whole point is yes we have that great arm uh extension for vs code use it and again i can offer these and what the arm extension is actually going to do is as i'm typing things it will help me i guess i could show that so while this is running oh it's actually finished so we jump over so it did finish it will tell me can scroll up so okay so that succeeded i now have a virtual network if i look if i look at my v-net my subnets i have two now it's made that my reality if i refresh my resource group my storage account's gone it killed it so that's the challenge with complete you really do want to be careful with that and i'm actually going to delete that v-net as well now obviously i could delete the v-net by re-deploying the storage account in complete mode but i'm just going to go and kill that off anyway but with vs code if i was to look at my json file let's for example i'm going to take out let's look at something let's take out kind just to show something because it knows what i what i should have i'm going to take that out so now as i start typing it's showing me well these are the valid coins storage v2 storage file storage etc okay if i take out the quote completely it shows me if i just type k it up there's kind is available and it's required and then i could say okay then it shows me what i can do so it helps me actually create it and populate all those various things for me there's also again i can export it from the portal and vs visual studio has a full kind of creation but honestly 99 of the time uh you're just going to go and use one of the github templates and start with that it's really just kind of the better option okay so we have the whole incremental versus complete and i can do other things i can link i can nest imagine i had certain components i create a lot rather than cutting and pasting it into the same file over and over again i could store it and link to it from other templates and in the repo i have examples of both nesting and linking again i'm not going to go into the detail it's starting to get a bit too involved there's gonna be digest so much stuff but if you actually i'm just gonna i'm not gonna save that but no don't save but i actually have examples down here of if we look for example there's a storage account linked and what i can do here is i can deploy a resource deployment that's the type of resource i'm deploying and i can just link to a template so this for example would be for example a shared access signature to a file in blob or i can actually nest it so here i've once again i'm creating of type resource deployment but here i am cutting and pasting it but then i'm actually doing the resource as part of that actual resource there so different ways i can reuse pieces of code again that's more advanced but i've got the code in here if you wanted to kind of look um just in case you're curious and just one last thing to kind of show that json so one of the things with an arm template i have a keyboard test now i don't actually have to create a resource i have a parameter here that's just a password and then what i'm going to output is the parameter both as a secure string and a regular string and then my parameter is the lookup to the volt so if i jump over for a second if i go back to my volt and if i go and look at the properties of my vault i can actually get its resource id and what we can do is i can paste it into the id of my vault here there we go and save it so now if i just run the template to actually look at a secret just to kind of demonstrate this thing because that vault had that arm option turned on so it's allowed to interact with arm templates you can actually see hey look it went and got the secret password super secure um awesome but it's absolutely there i can do that so this is how i'm gonna put secrets do not put secrets actually in your code itself make sure you go ahead and have them in a vault and then reference it from the vault okay those arm templates are not the friendliest things in the world currently in early early previous on a version 0.2 this thing called bicep now arm can be intimidating so what bicep is an alternate language if you've used terraform it looks a lot more like terraform than arm templates now it compiles to json it's just a different language i can use to create kind of the files the clarity files but it then compiles two json and it's the json i would then actually deploy but it's far easier to create and understand now the time of recording is in point two it doesn't match arm functionality completely yet there's no concept kind of loops for example and conditions they just added module concepts in point two once it hits point three i'm going to do a deep dive video so if point three is out i'll have a link to it um in the github repo for other videos and i'll go into detail on it for right now just to give you an idea though is if we jump over if i actually again i've got the file in my repo so we can kind of see this so i'll close this down and i actually don't even remember what i changed but we'll say no i have a bicep folder and you can see i have a bicep file i'm going to delete this storage account json file i don't want that and we can see why i have parameters i have a location parameter and i have a name parameter then i have variables and then i'm creating a resource of type microsoft dot storage storage accounts with a particular api version then i have the attributes well name is using the name from the parameters and notice i've got the bicep extension installed so it knows well hey this name here is the parameter up here the location is that parameter there the kind storage is of name storage sku which is up here and then output the storage id that's it that's a bicep file and once again because i have kind of that bicep extension installed we'll pick on kind again i can just start typing and it knows hey you need kind and then here are the options you can do so it gives me those capabilities now remember this is just an authoring language that's far more friendly to use than arm but it compiles down to arm so what i would then do now there's a whole thing to install it go to the documentation i have an installed bicep which is what i did but this really comes from the microsoft docs so i wouldn't particularly follow this um i would follow the microsoft docs but basically it installs the bicep um compilation the language itself it puts it in the environment path and then i fetch the latest vs code extension and install it that's all the install does to actually use it i just do a build again i don't apply bicep i can pile a json file so right now there is no json file and let me actually quickly move out of arm templates and move into my bicep folder let's clear away and if i look right now it's there's no json file so i'm going to do a build and now there is a json file oh wrong tab now there is a json file and remember what we had in the bicep two parameters a variable a resource and an output the json file was created has two parameters a variable storage account and then an output and look at all of the json that came so here's the bicep file here's the json file so you can see why bicep is more attractive in terms of kind of authoring experience it's just much nicer to use again it's version .2 at time of recording once it hits point 3 it should be arm matching all of the features of arm should be in bicep also what they're working on is things like well i can decompile json to a bicep file but remember bicep there's no state file it's not like terraform terraform has to have a state folks it works against all these different resource providers so it has to kind of map its state somewhere else it can actually be problematic it doesn't need it it's just azure so there's no state file still it's just a nicer language but fundamentally if we go back to our other picture here you could now almost think about what we're now having is well now i can have a nice bicep file to define my resources which i then compile or transpile depends on what word you use the white things it's not really compelling to actually to a json it's the json i can do what if and deploys with so it's kind of that relationship so this is just a much nicer kind of authoring experience it's far more intuitive than doing that kind of clunky json file so that's the infrastructure's code part that's me thinking about i'm designing and deploying my resources with declarative technologies now once i've done that now i've got these declarative files and i remember when i started off i would write configurations i would change it so then i would create kind of a underscore v1 underscore v2 i'd rename the old one and so you end up with all these different files for my different versions of the thing and and you change something you're trying to work out what's different it's like oh no i've lost a bit of code and you'd be kicking yourself so the whole point of a version control system and git is an example of one of these and it's kind of the popular one i can now have different versions of my project stored i can have snapshots of point in time views of where exactly i am and i can make changes of v1 v2 v3 i can see exactly the various history of what i've done to those files and so get is that version we're going to focus on again there are others but again git is kind of the standard git is integrated by default with things like vs code github azure devops are all get compatible so i think about git is a methodology for the storing and tracking by these kind of commit hashes that get generated i can store those in remote repositories as well but that's later on we don't have to worry about anything remote we can just use this locally but i can have concepts like branches and we'll go through this but the idea is i basically have these snapshots which are point in time views of all of the code that makes up my project well i might have different people working on this at the same time but they've got they're doing different aspects so i can branch out the code so they can have their own views and then merge them back together once maybe that piece of work is complete so they can work in isolation they're not tripping over each other and then once they're complete we can merge them back in get the benefit of everyone's work now this is used by as i said most of the online repositories but we can start locally and one of the key things with gear is even if i have a remote repository i always have a full local version so i could be on a plane i could be completely offline i still have the full history it creates a full local copy of this on my machine now to get started you have to download get so i can go to get scm.com and as we can kind of see here what we have is kind of this is the version control it's completely free and i can go and download for windows but it's available completely cross-platform there's all different versions that's available but i would go and download this and add it to my path so now i can just run get commands and one of the things i would say is from a documentation perspective this book this pro get is phenomenal it's completely free you can actually download it as a pdf file so some of the things i'm going to be talking about it's really all based off this book this book has if you're trying to understand anything i talk about this is far better and has great examples it has on many of the things like pictures to show through exactly how this works branches in a nutshell i think is one so it shows you how those branches can work of things how i can have um they're actually coming back together this is what you should go and look at so i'm going to cover some of this fairly quickly i no way i can do this justice but you can look at this online you can download it as a pdf file or something else it's absolutely phenomenal but the first thing you have to do is go and download get now once you've downloaded it you then would kind of go and integrate it with your actual environment so i've downloaded git i've installed it on my machine i have all of this kind of uh running already don't need any get templates there so then in my environment i can actually use it so if i think about okay just go back here so that's kind of the download for it so i've got the book i've installed it what what do we do now so the first thing i would have now i'm really just going to jump over to demos of this so the first thing we'll actually do is for the demo i'm actually going to create a a new area because to really show this and without getting it all confusing obviously i'm running off of a kind of repo already this whole project is a git repository and you can actually see i've got things like the the source control there's all history in here this would kind of get messy if i was going to try and use this so i'm actually going to kind of take this out the way and instead what we're going to work on is we'll just create a new one so if i think about for a second if we open up explorer what i'm going to do is create a brand new folder i'm going to use that so on my pc i have a scratch folder and i create a folder called storage repo and all i've done is copied in the storage account json file now what i'm actually want to do is rather than it being in that folder i'm going to create a folder called arm templates and we'll put the storage account in there so i just have this what i'm going to do is now is open code in that folder so this is what we're actually going to work on so if i bring this over here this should look familiar it's the same file now right now we're not using get this is just my my local machine um if i look ls i just got kind of arm templates there's nothing else available so what i want to actually do is start using the actual get to start change managing this now the first thing i need to do if i want to integrate for example vs code vs code has source control built in now right now it's saying this is not a get repository it's offering me the option to do the init for me to enable it to do those things to understand get if i go to the command palette and open the settings json i have to do a few things the biggest one is i have to tell it where get is so i've downloaded git go and find it you have to do double slashes tell it where git is i've got things like auto fetch turned on um confirm sync is off i'm enable smart commits turned on ignore missing some of these obviously i've changed to powershell seven instead of the windows powershell so in your vs code you can go and do a bunch of different things i'm using the powershell ise color scheme because i'm old um but you have to go and kind of light it up so it understands actually what it can do as part of the all up capability set so right now if i just go and look if we go down i can do get and i'm going to do f2 so i've got this ps read line extension turned on if i do f2 it makes it inline but i can do get dash dash version because it's kind of linux based you'll see double dashes so this is the get version 2.29.2 windows i'm all good the first thing i have to do is set up some git config and there's kind of a global username and a global email now i've already done that so if i do get config dash global i can do local to do it at a particular project but you notice i've set up my username and my user email now everything i'm going to do i've got in the repo so if i quickly drag this back over just you don't start panicking everything i'm going to run through if you go to the script under get demo i have every command i'm going to run as part of this so i wrote it i practiced it all cause i'm not that good um this is everything we're gonna do today so you can follow along and do this yourself but i just wanted to show this in action so we can kind of track it so what we're going to do is actually the first thing is i have to create this as a repo so right now i can just do get over here get git init now this is the same thing that i could click this initialize repository hit enter and it's done and notice straight away vs coders notice it's like oh you're a repo now but you've got some changes that are not quite ready yet you've not committed this stuff yet we're not going to worry about that for right now but i now have a repository if i go back and do an ls it i can't see anything right now because it's hidden but if i actually go into here we can see there's a dot get folder that's completely hidden that's where it's storing everything there's a whole structure and there's documentation that goes through exactly what that is but i now have kind of that repo let's close my settings file so now we can actually think about doing things so i have this file now when i think about what git is going to do is essentially now three places i can think there's my local file system so my local file system is kind of the working area basically i check out a certain branch of the repo so by default it's master now obviously the world we're living in today that's not a good term so there's actually things right now to change that to maine or you can you can actually name it anything you want but ma i'm keeping master for now just for consistency if you're doing seeing other things that term is going away it will become main or something you pick so that's my local file system so this is kind of my folder my local machine that i'm creating deleting editing stuff in that's my folder i see then i can think about there's kind of a staging area so the staging area is where i put things i'm going to want to put and commit to my actual repo so then we obviously have as well the actual repository now you can kind of think about is this is the actual my long-standing repo this is my history because when i do commit i a committee's nothing more than a snapshot a commit is a point in time snapshot of everything in my project that that's what a commit is so i'm going to work on files in my working area so we can really think about it as really for me i just have my json file and it's the blue version so right now i've created a repo so i have a staging area there's nothing in staging there's nothing in the repo all i have is in my working area i have and i can have lots of files until i stage it really get doesn't know anything about it so the first thing we kind of want to do is if i jump over to my code see here we're looking at it and i really don't even have to have the storage account open i'm really not doing anything with this right now so i'm going to make the bottom window a bit bigger so i kind of see that history a bit more so if i'm actually in this bottom window there's commands i can run so firstly if i go into my arm templates folder i can do a get status git status shows there are untracked files so it's like hey look you you got stuff that you've not committed so the first thing i can do now i can do a get add and the actual name storage account.json if i now do a get status now it's saying hey look you've got changes to be committed so what i've essentially done right now is with the get ad what get ad has done so that's doing an ad that's now staged it so that's now in staging but it's it's not part of a commit it's not part of a particular snapshot because i could continue staging other files so staging is what i want the next commit to have in it that's kind of the goal of it okay so i've done the stage so now what we'll actually go and do is well now i actually want to do the commit so what i'm going to say is in here well okay get commit and i give it a comment if i don't do this it will prompt me and ask me get m add the storage can't type um account dot json file and we can see a few different things now it's created a kind of a hash for this commit and it shows us the first seven characters and i can see hey a file change there were 48 insertions it's showing me what the hash is so now if i do get status there's nothing to commit and the working tree is clean if i do a get log well i can see hey yeah look there's a particular there's the full commit i can see the head so the head is the pointer to the branch i am currently working on in my working area is pointing to master and master is at that particular commit i can see who did the changes when yes it's sunday morning as when i create all of these so what did we just do so we go back to our picture what's now happened is we can kind of think about we took the staging as it is right now and we essentially created kind of this this hash one as a bubble essentially and what's happening so all of this kind of the current state this was a commit so created that hash value with the contents as it is now behind the scenes git actually stores the entire contents it doesn't do deltas it's doing all of it um but it then packs it down if there's files that have not changed it points to the original hash of that file it does efficient things behind the scenes and essentially what's happening is this is my main branch and the pointer my head pointer is pointing here so this is what i'm actually working on so that's my main branch and that's where i'm working so we kind of took all of this down to create that particular hash version so that's the this layers what we do so we work on stuff when we're kind of ready want to commit it we stage all the changes there might be other files i'm not ready to put in the commit so i'll leave those there stage it and then i commit it through okay let's just kind of carry on with this so that's that's good we've got that information now one of the things i can actually do is get a lot more kind of information about the various things because i've got kind of this get log and i can see it but i can actually do a get log oh not typing there we go get log and i can do this this thing called do a one line and actually show me show me that i typed it before it's on one line decorate graph all and that shows me hey there's kind of the commit hash um and there's that my head is pointing at the master so i'm kind of up to date and rather than keep typing this over and over and over again one of the things you can absolutely do now i'm in powershell so i'm going to create a function if you were using bash or something else you could just do an alias so i'm creating something called get graph that maps to that command so i can now just do get graph and see that whenever i want so it's rather than me typing all that stuff out every single time i can be kind of lazy so what we're going to do now let's change something so i'm working on my project and i've decided well hey i'm going to change the default to grs and save it so now my working you can see so git is noticing hey look you've got some changes here do you want to stage them but i'm going to stick to using get but realize i could do all of this from vs code i don't have to use git directly this can stage it by clicking the add then i can type a comment in and actually do a commit so this can do all of this for me so what i've now got to is well i've i've changed the file so now you can imagine well now i'm kind of in my working area i have a slightly different version of that file so the staging still has the old one but it can see there's a difference between it knows i'm not up to date anymore so what i need to do is add it again so now it would have this version and then i want to commit this so i would now do a commit and it will generate a new hash with that file and now my main will move up this is my main branch and my head would kind of move with it so that's that's what we're going to kind of go through so now we can actually see this so we've actually run our get graph again so we save the file let's just clear this so it's easier to see if i run get graph well it doesn't know anything yet because it's just in my working folder so the first thing we need to do is well get status it sees there's a file that i need to stage if i do git diff it's showing me hey you've changed lrs to grs and once again in vs code because i'm in vs code and it's awesome i can actually double click storage account in what it's showing me and it shows me the same thing it's saying hey look these things are different in my working so the difference between my account and what's in my working tree is this okay so what we're going to do is we want to add it now i could manually add the file member add moves it to staging or rather than adding each individual file i can just do get add dot everything that's different go ahead and stage it so now you'll notice in the vs code it's moved it up to stage changes if i do my get graph well it still doesn't know anything but now if i do my get status now it knows there's stage changes to go through and now if i want to get diff staged it knows what the difference between what's staged and what's actually at my my head in my main branch is that change so now i can commit it well let's commit it and i'll just say changed um rep so i'm lazy i can't bother to type that much now if i do my get graph my state should show this clean and my get graph will show hey i've moved up so my head my master has moved forwards like i showed in the picture we still have the original hash of that first commit but we've now actually moved forwards to the new hash we just generated when we did the commit so 217c 217c so that's how we're working on this we're tracking our changes we can see exactly what's going on i could absolutely let's clears this again if i do a get log we can see yep so i can see the history i could see the detail changes if i do a git log dash p i can scroll through and it says with the last commit hey yeah you change the default value then it'll actually show me all of the changes from the first file which was creating it so there's a lot of stuff there then q gets me out of it it's never actually gone through and that that's awesome i've got this ability now to track and work on things and i could go and see the history it's all it's all being kept i always go back i can kind of move between i could check out so i could check out different versions potentially i've got that kind of full history now what if i have files that i don't want to be stored like i might have secrets sometimes so one of the things i can actually do is let's say i'm in my folder and i'm going to create another file called secrets and never tell doesn't matter now i don't have to add it absolutely i never have to add this file but the problem is it's going to constantly be nagging me it's going to constantly say hey look you've got this file if i do a git add it would add it to it so if i have files i don't want in a certain folder i can just create a file called dot get ignore and in that file put the names of the files you don't want and save it as soon as i hit save now its sequence has now gone gray and disappeared that that's what that does it's now not tracking it now get status will now say that the ignore file needs to be there which i want that i'm quite happy now i can just do get add and i can just say get commit dot get ignore file added and now my get status should show i'm clean my get graph shows now i've moved up again because what i've essentially done now is well i i added a file remember now we'll say this color i added um dot git ignore i didn't add remember that file was already there so now i've got my dot ignore file now i've done a commit so everything staged has now gone into hash three which is now got my json and my dot gignor file and once again my main has moved forwards and the pointer to what i'm using went with it so that's kind of the point but i've got that full history that we can see with what we're doing so that's get i mean that's really what it's all about now what if you do have multiple people so we have this very nice easy picture let's see we will scroll up a sec where i'm having my different versions going up just my main i'm saying may not master now what if i want to work on something and commit it i want to save it but it's going to be in progress i don't want to mess with kind of what my main that the master is actually doing so i can create branches so let's say main is currently here i can actually create a branch so maybe we're going to do some zrs we're going to do zrs replication so i can add a new branch which initially will point to the same as main the same hash whatever it is but now my head is pointing here so i can now go off and hey i'll create a change and i'll commit it hash four and z os will move forwards my head will move forwards because i'm committing now to a different branch now technically someone else well they could create their own branch maybe they're creating something like i don't know sa storage account kind and they're making changes so they get kind of a hash five version because their head is over here they're working on this version so we can absolutely do all of those things and then eventually we'll merge them back and we'll get back to main now these where we start to get this like three-way merges we can do here i'm not going to cover that it's a more it's not even more advanced it just has a recursive check it will work out hey can i merge these things in if there's collisions so maybe we change the same property it will open up a file showing me the two changes and i get to pick which ones we keep so it's not even like it's more complicated it's just a bit beyond what i'm going to try and cover in this amount of time but i can go and work on this and what i can do is when i'm happy and with this commit and i want to bring this back into maine i can actually merge my branch into main which will now make maine come up to here as well and because zrs was a direct kind of child off of main i can do a fast forward i can just say well main now points to this again if i was trying to bring all of these together i can't just fast forward then we have to do this traversal this three-way merge but here i can i can just bring it in and then once i did that fast forward i can actually change my head to now point to main because it's the same thing and then i could just delete the zos branch to keep it clean because it's not needed anymore i've done my testing i can now carry on and i'm essentially just using this so that's one way i can use branches i can i'm working on some code i want to do things around that i commit it once i'm happy i'll merge it into main and then carry on so let's actually kind of see this in action and again all of this is in kind of that sample code that we have in the main repo so we're back over here let's clear this out let's get rid of this get ignore file just got our storage account so what i'm going to do is right now i'm going to create a new branch i'm going to do get branch crs work so i'm going to create a new branch called the os work if i do my get graph i can see well they're pointing to the same thing but now i can see well i do have a new branch crs work they're pointing to the same thing but right now i'm still pointing to master so what i'm going to do is i'm going to say well actually i want to use the os work so i'm going to check out crs work now if i do a get graph my head pointer now points to z os work instead so i can see here i'm pointing to z os work right there instead of master now i can change things so right now i'm going to change my default value here to zrs instead save it my get status will show me hey there's modified files that you've not done so i now i can add it git add dot i can do a get commit updated to zrs and if i do my get graph now i can see i've moved forwards exactly as i drew in the picture my head is now pointing to z os work which is a hash beyond master now once i was happy with that if i'm good i've done all my changes maybe there's other commits and i want to put it back into master well i can check out master so now my head is going to point back to master so get graph i can see hey i'm now behind essentially zrs work i'm pointing at master and now i'm going to i could do a diff i could do a git diff master to zos work and it shows me the differences between them and now what i'm going to do is i'm going to get merge zrs work so i'm going to merge in from that branch into where i'm currently pointing which is master and what it's going to do is a fast forward now it's showing me that if i look notice it's saying fast forward because it was a direct child it could just move it forward and then my get graph shows head and master are pointing at the same thing now because of that zos work is kind of finished i'm not working on it anymore i can actually have a look or show me all the branches that are merged and it shows me master and zrs work are pointing at the same thing so now i finished that bit of project i want to keep it clean i will just go ahead and delete crs work and then my get graph is tied it up again so that's me really kind of going through various different kind of actions um keeping those changes and again it's all local i've done nothing beyond that now i could absolutely do nothing else i could stop there i could just use it locally i'd want to make sure it's protected but i can absolutely just have that i could maybe start on one drive which is where mine is so it's replicated but then we think about repositories that are kind of online and what we can now have when i start doing these types of things is that's good if i'm collaborating with others maybe i want other people contributing to my code maybe i just want to share it like my main repo for this masterclass i could have just kept locally for my own code but then you couldn't get to it so i can put it on a public repository now i can also have private repositories i could have had this on premises i can host get servers there's many different ways to do this but the option i now have is to tie into a repository so github azure devops and many more things like bitbuckets others provide get compatible servers the whole point is git is that kind of mechanism and tool set to maintain the histories and then these services are get compatible so they can store those repositories kind of online they can be private or public i'm gonna focus on github now you might think that's kind of weird because azure has azure devops well microsoft bought github excuse me well github's the future from a repository perspective it's better than azure devops from a continuous integration perspective when i think about continuous integration continuous deployment delivery devops has some kind of gating concepts that's better than github actions today but it's going to catch up i'm just going to focus on github now i have other videos linked in the repository for this course to read me where i go into using azure devops i also got a more detailed video on using github i've got more detailed visual videos on using terraform so go and look at those i'm going to focus on github so i'm going to create a github account it's free go to github.com and create an account and i'm going to create a repo now all of mine is local at this point if i know i want to make it public i would go and create the public repo first or private repo create the repo first and then i would clone it create a clone to my local machine and work on that it automatically now maps that that remote um repo normally it's called origin but i can name it anything i want having my origin is the corresponding to my local it makes some things easier but i don't have to we've already created our local one so i'm going to kind of extend that out so what we're going to start with is in github so i jump over to the portal and go home and i'll go to github so in get up i already have an account now i'm looking at my azure master class right now but i'll go up a level and what we'll do is we'll create a new one so i'll go to my repositories so repositories is kind of up here i'm just going to say no now it really doesn't matter what i do with this i'm just going to call it storage template i'm going to make it private i put a description i could say initialize it with a readme file and add a dot get ignore i'm just going to make it empty because i've already got that repo locally what i'm going to do is i'm going to push it up to be remote so i'll say hey create repository and then it's going to tell me things to do hey look we'll go and create a readme file is the first thing you should do then if it was starting no i would in it well i don't want to do that but i would add the readme file i'd commit the readme file now this is where i could use a name other than master so it's saying hey i can actually create a branch main and make it the main one and then i'm going to add this repo i just created as the remote origin so it's telling me everything i need to do to actually kind of make this the reality there's other ways i can go and populate this but right now it's empty there's nothing in it so we need to kind of go through and make this our world so remember i still got my storage account i'm kind of sitting in here on my file let's clears this so we kind of can go through all those commands it kind of just gave us now i'm in arm templates i want to go up a level first of all so we'll go cd dot dot and the first thing it was kind of well echo in storage template readme okay then it was git add readme then i'm going to go and do a commit so i can say well git commit and i'm just adding the readme file now i want to add that remote so what i have to do is that command it kind of gave me i'm adding a remote origin so if i just paste that in i've now added a remote origin for my environment and now if i do actually do it i get remote dash v i can see i've got that remote origin both for fetch all right getting stuff from it finding out the metadata and the push so this point what i've kind of now done if we think about going almost back to this file here this well now there's there's a cloud version i've now created another repo up here my remote and again i can call it anything i want but i've called it origin and right now it's empty it doesn't know anything but what i've now added to my environment is a remote called origin so i now know about this remote origin thing but there's nothing there yet i need to take this and i want to push my main branch to origin so i want to push to remote origin my main so that's what we're going to do then i'm going to have all of this and it's going to take the whole history then all of this all of this good stuff i've got right here probably not going to copy and paste this properly copy that and then if i'm lucky look want one uh paste oh there is a little white paste over there but i'll have this now as part of my remote as well and i can do various it didn't paste it all very well but you get the idea i'm going to basically push it over to that remote origin so i can think about well yeah i can push and then i can do things like fetch which just gets the metadata and then i can do a merge or i can do it all in one go and just do a pull so i have these kind of choices in how i'm going to interact with that okay so let's go back over here and do this so right now if we look if i do my get graph it it doesn't really know anything i'm up today i'm fine there's no problems with anything else so i've added my remote origin now i want to push to it so i'm going to do a get push to origin to a branch called master on that remote now before i run that command if we quickly look at github again and we kind of refresh that thing it's empty still there's nothing there so we'll go back we run that command now at this point you would have to actually authenticate to pull it down to clone anyone can do that if i've made it public and it was private so it wouldn't have worked we have to authenticate it makes it private but to push um i i would have to get an actual token to be allowed to do this so at this point right now i have to have permission to do that push but again if it was public anyone could go and clone it so we go back so that's happened now if we jump over to github and refresh well now it knows there's the files there's the readme there's my template there we go history hey it knows all the history it's got those hashes i've got all of the different information let's actually go and look at it oh it shows me what was there so it's now pushed all of this up to github i can see the differences so i've really brought everything together now and that's really all i have to do now notice one of the things i did was i kind of did this get push now the other option what i could do is i could kind of set that remote as my upstream so instead of just doing a get push one of the things i could have done is dash u to set the upstream of my environment so now it's actually set to track that remote so you might do my get graph now it also knows that origin master it has and can track that i can do things like get remote show origin and it shows me all of the information about it i could go and pull changes down so if i actually change something up there i could do a get pull now i get paul will kind of do a a fetch which gets the metadata and then emerge into my head branch but i don't have anything at this point i'm already up to date so now we're integrated in now whenever i make changes every time i make a change i'm going to have to push it back up but i'm not going to worry about that yet i'm going to get to this in a second because i can merge two things into one and from a demo perspective i'm lazy that way now i'll do devops so remember devops is all about the idea that hey my deployments i'm going to build that into my continuous integration my continuous deployment the whole point of continuous integration ci was about the fact that well i don't want to have these developers creating their code in isolation and then bringing it back together at some point in the future and it doesn't work i want it continuously being brought in at the end of the day automatically tested so that's continuous integration and that's where things like github make that possible because they've got this shared repository then continuous deployment is hey i'm going to keep um deploying it's always ready to be deployed i can test these things and what's great about infrastructure's code is because it's that declarative i want it to look this way at the start of my deployment pipeline i can just deploy the template if it's already there great it's it's item potent i can redeploy as many times as i want it won't do anything if there's not a change but it will make sure it's at that configuration now github actions is kind of that pipeline capability to do things with getup now i need a service principle this is going to let it use this and get up actions to talk to azure so i'm going to store it as a secret in the repo now again in the github file for this repo you can actually see i've got the command so all i'm doing is an azad sp create for role based access control the name of the account i'm going to create github actions i'm going to make it a contributor of a certain resource group sav dev git hub deploy now it's going to spit out this big chunk of json you're going to take that entire chunk of json and paste it into a new secret actually in github so let's jump over so if i jump back to the portal over here and we'll go and look so i've got my project and what i'm going to do is actually go to my settings and then with my settings what i can actually do is put in the required file now i saved that away already and it's not that i don't trust everyone but obviously i i don't kidding cause i trust you no um i'm gonna put this in so here under my settings i have secrets and i don't have one so i'm gonna create a new secret and i'm gonna call it azure underscore credentials you can see it's kind of autofilling it knows i created one of these before and then i'm going to put in that entire chunk of json so i saved that json and actually it's not i'm just going to delete this straight after this demo anyway so i'll just show you the whole thing so i'm going to take the whole chunk of json and i'm going to paste it in so you can see i've got my client id my secret so i'm just pasting in that whole thing and adding it as a secret so now i've got this secret which is the credential now if i jump over if i go and look at azure id and look at my app registrations and look at all apps there is that so i can always go and delete this which is exactly what i'm going to do once this course is finished i will go and delete this so it becomes useless but you can see for the resource group i'm going to do my testing on if i can find it's going to call my resource groups so if we scroll down my sav dev github deploy that particular app service principle in my role assignments there's github actions i have contributor so the whole point is it can deploy things to here okay so with that done we have a service principle github can now use stored in a secret in github so now i want to do things now github actions it's basically a file a yaml file there's a whole bunch of these if i go and look at azure github actions it walks through and there's massive numbers of these things i can really do anything i want so if we go and look at hopefully that opens somewhere it didn't let's try that again kind of hit and miss sometimes there we go all right so if we look at this in the documentation i can see it talks through things i want to do so i'm going to need to log in an azure login and it's going to show me how to do that the github action for login is it's going to use azure login v1 with credentials sequence.azure underscore credentials which is what mine is and then it has an example of using run now i'm not going to use run yes i can it's like sitting at the console and typing it but what i find with run is you don't get very good error diagnostics back if you go and look at my github actions dedicated video i'll show you an example of what you get so what we're going to use instead is there's actually where am i there's an azcli command instead here we go this this azure cli v1 i basically just get better error checking back so we're going to leverage that so what i'm going to basically do then is if i think about the flow i'm going to get up actions so i'm going to have to authenticate using the secret check out my code because it's going to create basically a disposable container to run these actions from so it has to go and get the content of the reboot so i have to check it out then i'm going to deploy the template so that that's that's all i'm going to do and they could do other stuff now you might then deploy your custom application there's a whole set of things you would probably do so from here what we're going to do is we need to obviously go and create this thing so over here if i go back to my github we're going to go to actions and we're going to create a new one now there are samples depend it's going to go and scan what you're doing and probably suggest better ones for me i'm just going to start with a blank one and i say blank it's put in some basic stuff it's going to save it to get hub workflows main.yaml i don't want it to be called main i'm just going to say i'll say deploy and that's what i need i'm going to leave it as it is and start the commit sure i'll leave that and it's going directly into the master branch so it's created that deploy file so under my repo there's now this dot get workflows now on my local machine remember what's it doing there we go on my local machine i know nothing about that i'm not aware that this has happened at all if i do my get graph for example oop typed it wrong get graph i i don't know it's moved forward i don't know about the metadata that changed on that remote repo because remember what i've done is i did a commit up here so up here i'm going to think about well i i did another change i created a a hash kind of four where i've got that yaml file in it but i don't know about that yet i i don't i don't have that i have to go into a fetch and merge that into my main or paul will do them both at the same time so i need to do that before i know that even exists so if we go back over to our code that's what we'll do so let's get my cursor back this clears the screen so we're good to go so what i want to do is now i'm going to do in two steps i'm going to do a get fetch origin so that pulls the metadata down so now i know that my origin master is actually ahead of me it's kind of showing me that fact that hey it's it's a hash ahead you don't have that so what i would actually do is a get merge so i could say well i can merge in that origin master now if i do a get graph you can see i've moved forward and as part of that merge what's really cool is once again it did a fast forward because obviously it was based off of mine i hadn't made any local changes so it was able to just directly do that so when i look at what it did i can see it did that fast forward so now i'm up to date i know about that now i could have just trying to get paul origin master would have done exactly the same thing but now i know about this now i've got that github folder under my vs code and i've got my deploy yaml file now before i do anything remember i'm going to deploy to a new resource group this sav dev github deploy and if i look at it it's empty there's nothing there so what i'm going to do is update that yaml file now if you want to see the exact step-by-step every single thing you want to do then you should kind of go and watch my other video where i go into detail on exactly what every step does i type it all in manually however i'm not going to do that right now so here i'm going to paste in one i made earlier we can see it's on push so anytime i do a push to the repository it's going to execute this pipeline i've given it a name this can be anything it's just azure arm deploy then i have a job i've named it deploy but again it can be anything i'm running on ubuntu latest this could be windows could be mac os there's a whole set of different uh build pipelines it supports and i have a series of steps i'm going to log into azure this name again can be anything but i'm using the azure slash login v1 github action and i'm using the azure credentials secret then i'm going to check out my source code using the github actions checkout v2 i'm going to deploy an arm template i'm using the azure cli v1 github action and really i'm just doing the az deployment group create so deploying a template to sav dev github deploy and the template file it's based on the root folder and then i'm using arm templates that's a subfolder i created that's all i have to reference so then i save that and at this point well i need to push it up so just like i do everything else at this point if i go and look at my status if i can type git correctly i can see there's files to add so i'm just going to add them all then i'm going to do a get commit to the ms git commit dash m updated deploy yaml file and then i'm going to push it now remember pushing it is actually what triggers it so i'm going to do a get push origin that remote origin mutton master so it's pushing that up so now if i quickly jump over we're going to look at a few different things so firstly remember my resource group is empty if i look at my github and i refresh well i can see there was a push 28 seconds ago if i look at my actions it's actually running because it's on push it's already triggered it if i select it i can see there's a job in progress i can see it's setting up the job it's currently logging into azure then it's going to check out the source code and it's going to deploy the arm template so okay the checkout source code worked the login was successful now it's running my script and then it will do kind of the post cleanup when this successfully deploys so we're looking good so let's see exactly what it does and the nice thing about the cli again is it gives me good um kind of diagnostics if randomly something doesn't work not that i'm expecting anything not to work so it's going through oh saying didn't work there's a shock and if we look up so i can go and see um get hub deployed disallow by policy what allowed storage account skus it shows me the policy that it failed on oh i remember now i forgot i don't allow zrs that's a mistake but you can certainly see the coolness here it showed me as part of that well why didn't it work so now all i have to do i'll go back to my source we'll go back to our storage account and i'll change this to lrs save it repeat all of those steps hit add git commit updated for yaml file to lrs i do a push it's pushing it up again again if we go back out this go to my actions i started another one my resource group is still empty nothing got created yet now it's trying again again it's automatically that's the point of these actions is automatically deploying it again so that's logging into azure again it's going to check out the source and this time i'm really hoping it works if it doesn't work this time i'm kind of in trouble but it's going to go through and so i can see it saying it's running the script it's starting that execution because it's actually saying the docker image so i can see it's using the azure cli docker image based on that ubuntu to actually run this thing so let's go back so that's deploying the arm template script execution by docker image come on come on fingers across toes are crossed um the only reason this might fail at this point is someone else stole my storage account name which i actually had a problem earlier i published these other demos and someone took my name so then storage accounts have to be globally unique so then it failed so please name your own storage account your own resource group names don't steal mine so it's still running but it's still running is actually a fairly good sign so i can see exactly the command it's running here feeling pretty good at this point it probably would have failed by now so it's going to create that storage account and then what i'll see is it will actually show up eventually okay so no errors post checkout cleaning up complete the job so we are good and we can see the update button let's go back through the whole history and what we'll see is always takes a little bit of time but there it is there's my storage account and it's that lrs now just to kind of prove we put everything together let's let's change it to a grs remember it's my desired end state i'm going to save it we're going to add it we're going to commit it now we're changing it to grs and we're going to push so remember the whole point of this is it should work across anything i'm just changing my desired state it's going to be at the start of my deployment pipeline so my resource is obviously there it's lrs if i look at my it's already saying hey an updated deploy file to grs it knows it's happening once again i can go and look at the details so right now it's setting up the job and what i would absolutely expect it to do now is go through that same sequence again see the storage account already exists but it's just using regular arm at this point my regular declarative it should actually go through and update it so i should see it change from lrs to grs so you can see it's going through all the various steps let's go and look in the detail so that's doing the deploy arm template exactly the same thing again and what we would hope to see is it's going to do a switch it sees well the storage account is there it matches everything except the resiliency option so i'll actually go and change that resiliency option to grs so i should just see that switch happening and the point is again this is a super simple really i'm not doing very much at all here in my actual deploy file but you could then have other actions that hey maybe i set up a kubernetes cluster and then i deploy a yaml file to aks that actually sets up my pods and my replica sets i could set up really anything else there's a whole set of things i could compile my code so this will be part of a greater pipeline that really does everything that i need so that deploy is still running again because it's updating the storage account again this is kind of a good sign i think it's probably going to work and what i should see at the end of this is my storage account should have flipped so instead of being lrs what we would hope and i should try refresh maybe it's done it oh it's done already there we go we can see it's grs so again that declarative desire so that's actually completed it's just completing up getting codes back and that that's kind of the whole point so what we saw was a kind of a lot of different that's finished so it says it's completed and it's all good and happy we have another successful thing so we went through really from kind of the start to finish we thought about what is infrastructure's code we had our arm template but we could if we wanted to use bicep to compile to that other things like terraform then we saw how we can use git to change control have the branches the things we're working on and then actually pushing that to a remote repository and then actually triggering off of this with github actions but again i could use azure devops pipelines to actually then deploy it and again i would be that as part of a greater thing maybe deploy my code but we really today i went through start to finish we started with an empty folder we made it a repository we put a template we created the template we made changes we integrated with the remote and then we built github actions which the sum of all that work was that is an hour and a half or two hour video is a long one as always i ended up with a storage account but you get the idea uh yes i could have clicked three buttons and create the storage account in the portal but that was just a simple example think about greater pipeline continuously deploying this between environments this is super super powerful so it really comes to an end of right now the master class as part 11 i may have other parts in the future but remember i create videos more videos every week i might update the github with other videos that kind of link to it i'll update as required but please please go and subscribe hit the little bell so you know when i post new videos every week i do the weekly update but uh as always i appreciate you watching i hope this is useful and you enjoyed it uh take care you

Info

Channel: John Savill's Technical Training

Views: 15,120

Rating: 4.9813519 out of 5

Keywords: azure, azure cloud, infrastructure as code, arm template, json, iac, git, github, github actions, devops, bicep

Id: wR92fLyrW6I

Channel Id: undefined

Length: 127min 29sec (7649 seconds)

Published: Tue Nov 17 2020