Event banner
Event details
92 Comments
- Welp, this was a waste of time...
- We have the team here live answering questions via text! Feel free to post a question to the team and they are here responding. This is a text-based event as advertised, so there's no audio or video component to it.
- What makes this a waste of time for you - what were you expecting or needing from this event that isn't being provided? Would be happy to take your feedback.
- Is this event live? I don't see activity here
- Hello! The event is all text-based - there is no video or audio component. If you scroll down, you will see existing questions being answered and you can ask new questions by posting a comment (as you have just done).
- How to join please share link
- You have already joined by being on this page and being logged into Tech Community! You can post a new question for the team as a comment above, or you can read existing questions and answers below. The team is here live answering questions!
- It is all text-based, so there is no video or audio component.
- Has the event started? Don't see a 'join' anywhere...
- Yes, the event has started! It's all text-based and you're in the right place already, so you'll see new questions and answers to previous questions appear when you refresh (or as it auto-refreshes). Feel free to introduce yourself in the thread below!
- It is all text-based, so there is no video or audio component.
Welcome to the Azure Deployments Ask Microsoft Anything!
This live hour gives you the opportunity to ask questions and provide feedback directly to the Azure Deployments team.
Please post any questions in a separate, new comment thread.
To start introduce yourself below and tell us where you're logging in from!
- When working with Azure, I am looking for the best approach for standardization and scalability. My experience with Azure is mostly UI-based and some PowerShell. I set up Azure Policies in the UI, create dynamic groups in UI, set Conditional Access policies in UI, and would like to know the purpose of Terraform, Ansible, ARM, and Bicep, as well as which one would be the ideal one to learn. Should I learn all of them or focus on one or two?
Ernie, this is my personal opinion as a CSA working with partners rather than that of the product group representatives:
All of the options listed give the ability to provision Azure resources declaratively, and enable common configurations to be repeatedly deployed in a consistent manner.
ARM and Bicep are essentially the core first party offerings. Bicep is newer and is a DSL of ARM, i.e. can translate the ARM templates (JSON) to something more readable, and with a semi-coded aspect. It has the strongest support for services and features, so the Bicep learning path is a great place to start.
Terraform is commonly used, is open source, and enables multiple providers. The same syntax (Hashicorp's own HCL) and workflow (init -> plan -> apply) can be used consistently on multiple platforms. Widely used by multi-cloud partners and customers, and has some great lifecycle aspects (state). Can have some gaps in terms of new resource types or features, but huge innovation and the azapi provider helps to bridge the gap. (I'll plug my own https://www.azurecitadel.com/terraform/azapi/ labs here...)
Ansible is also open source and comes from Red Hat. Again, supports multiple platforms for infrastructure provisioning, but is also very rich regarding VM customisation and Ansible Galaxy is worth exploring.
Personally I like Bicep, which is evolving very nicely, but I still lean towards Terraform (for infra) combined with Ansible (for additional OS customization). Training and supportability within your org should always be a consideration here too!
- I'm a System Admin heading up the charge towards the adoption of Azure for my company. I'm in California, USA
- What is your time frame to do so
- Hey guys! Glad to join this event!
- Is it still useful to add biceps warnings due to broken API schemas to https://github.com/Azure/bicep/issues/784? I really would like to get to a stage where bicep can have a "Treat Warnings As Errors" setting. Right now that doesn't work for obvious reasons.
- adotfrank
Microsoft
Have you seen the "#disable-next-line" directive? You can use that to tell bicep to turn off specific warnings or errors and that may help you rely more on specific warnings and treat them as errors. It is still useful to add type issues to that thread. We are planning to revamp how we take in type issues, but in the meantime we would like issues filed there.
I am looking for a good solution to multiple (1-200) Single Tenant Deployments instead of just using Environments with Github. Although that is the current solution.
This page has been abandoned:
https://github.com/Azure/Multi-tenant-Landing-Zones
And the "Deploy All Customers" is not robust enough:
https://github.com/Azure/Multi-tenant-Landing-Zones/blob/main/.github/workflows/Deploy-All-Customer.yml
I'd love to hear some good examples of anyone else doing this.
- Are you working for a managed service provider (MSP)? Can you give an example of what you would like to achieve?
- We've dealt with them in the past and they don't offer any good suggestions. What would be the best way to keep track of deploying multiple tenants? Or buzzwords to include in our monthly conversation with our Microsoft rep?
Anyone have a list of great opensource tools they are using for their pipelines?
static code analysis for IaC
https://github.com/bridgecrewio/checkov
static code analysis for Github Actions
https://github.com/rhysd/actionlint
kitchen sink
https://github.com/oxsecurity/megalinter
- bmoore-msft
ARM Template Toolkit:
ARM Template Analyzer
https://github.com/Azure/template-analyzer - more security focused - this is still in a "preview" state.FYI, checkov, actionlint and arm-ttk and embedded within MegaLinter and regularely upgraded to their latest version 🙂 About template analyzer, once it's not in "preview" anymore we could embed it too 🙂
Since recent version, it is also possible to have MegaLinter results as a comment in the PR
https://oxsecurity.github.io/megalinter/latest/reporters/AzureCommentReporter/
- Has anyone found a good way of running pipelines from artifacts downloaded in a pipeline? Or achieving the same outcomes of such a “dynamic” pipeline in other ways? That is: We package our deployment IaC next to our application code, so that they are packaged as a single artifact. This is good. But we then face a problem when we try to deploy a system of these individual artifacts. We would like to write a pipeline that downloads one of those artifacts, and run the pipeline specified within it. But our release tool (Azure DevOps) doesn’t allow us to do this because all pipelines have to available at “compile”-time of the initiating pipeline. Has anyone found a way of working around this?
- Just to confirm, this would be more of a DevOps question and not something this particular team is qualified to answer. Feel free to check out our Azure DevOps discussion space: https://techcommunity.microsoft.com/t5/azure-devops/bd-p/AzureDevOpsForum
- This is really interesting. What was the benefit of choosing this solution?
- To be clear, we haven’t got a solution; getting a solution is what I am trying to achieve. —— If a contextual example would be helpful: imagine a micro-service-ish architecture. I want to be able to deploy each component/service individually, for testing, or hot-swapping a new instance to an existing system, etc. My component/service should be self-contained into a single, immutable artifact. —— But I I also want to be able to deploy my entire system from a single pipeline, for integration testing, or simply just deploying a production instance. —— As far as I can see, my options are 1) manually orchestrate the system deployments, 2) automate it in a janky fashion by invoking the pipelines via REST , or 3) duplicate the deployment code for those components into a mega-pipeline for system deployment. —— I’m wondering what the panel would do to get around this.
- Is there any plan to improve the scoping of variables in AzureDevOps similar to Octopus? Current restricted scoping causes duplication of variables.
- Hello - sorry, but AzureDevOps is outside the scope of the expertise of the panelists here. Please post your question instead in our Azure DevOps space: https://techcommunity.microsoft.com/t5/azure-devops/bd-p/AzureDevOpsForum
