Event banner
Event details
- Is Microsoft going to broaden their Azure Quickstarts to include both Bicep and Terraform configurations in their gallery and GitHub repository? Is there a chance that Marketplace deployments might accept Terraform instead of solely ARM?
- bmoore-msft
Microsoft
In case you're referring to the Quickstart here: https://github.com/Azure/azure-quickstart-templates
Which are also here: https://azure.microsoft.com/en-us/resources/templates/ - but that UI is being migrated to here: https://aka.ms/azqst
We have bicep code for about 300 of the 1000 samples... we're going through the process of adding more. To see the bicep ones specifically click the aka link above and then check the bicep filter to see them.
TF has it's own gallery - will get details for you...
Mark GrayHey Olaf, First, thanks for your interest in Terraform on Azure. We do have a set of Quickstarts for Terraform that are hosted on our Terraform GitHub repo: https://github.com/azure/terraform. This repo is no where near as extensive as the ARM repo but it is something that we are investing in and expect to grow over the short term. As you can see, this. repo is public so if you have any good examples that you would like to share, please feel free to submit a pull request. We will also look into whether there is a way to have a common set and list/index of Quickstarts across ARM, Bicep and Terraform. As far as the market place goes, we do not currently have plans to add Terraform support here but it is something that we will investigate for the future. Thanks for the suggestions!! MarkG
- Welp, this was a waste of time...
- EricStarker
Community Manager
We have the team here live answering questions via text! Feel free to post a question to the team and they are here responding. This is a text-based event as advertised, so there's no audio or video component to it.- EricStarkerWhat makes this a waste of time for you - what were you expecting or needing from this event that isn't being provided? Would be happy to take your feedback.
- Is there a good reference or best practise recommendation on how to organize IaC code in repositories in regards to pure deployment code and configuration/parameter code (split?)
- bmoore-msft
IDK know of a good reference or hard/fast rule. A few things to consider:
- never put secrets in source control - so if you have params that are secret, you need another store for those (github, azdo, keyvault)
- do you want [all] param/config changes to go through the same "test" that your deployment code does (e.g. do you want validate parameters in a pipeline or test) - and in some cases you may specifically *not* want this
- I see a mix of both in practice - some params are all on source control, others use pipeline/deploy time variables
Happy to expand more if you have more questions...
- EricStarkerThanks for joining us for this Azure Deployments AMA! The event is now over, but we'll be posting a summary of the questions and answers here soon.
- Waiting from long time,very exited to learn..
- Is there any plan to improve the scoping of variables in AzureDevOps similar to Octopus? Current restricted scoping causes duplication of variables.
- EricStarkerHello - sorry, but AzureDevOps is outside the scope of the expertise of the panelists here. Please post your question instead in our Azure DevOps space: https://techcommunity.microsoft.com/t5/azure-devops/bd-p/AzureDevOpsForum
- Has anyone found a good way of running pipelines from artifacts downloaded in a pipeline? Or achieving the same outcomes of such a “dynamic” pipeline in other ways? That is: We package our deployment IaC next to our application code, so that they are packaged as a single artifact. This is good. But we then face a problem when we try to deploy a system of these individual artifacts. We would like to write a pipeline that downloads one of those artifacts, and run the pipeline specified within it. But our release tool (Azure DevOps) doesn’t allow us to do this because all pipelines have to available at “compile”-time of the initiating pipeline. Has anyone found a way of working around this?
- This is really interesting. What was the benefit of choosing this solution?
- To be clear, we haven’t got a solution; getting a solution is what I am trying to achieve. —— If a contextual example would be helpful: imagine a micro-service-ish architecture. I want to be able to deploy each component/service individually, for testing, or hot-swapping a new instance to an existing system, etc. My component/service should be self-contained into a single, immutable artifact. —— But I I also want to be able to deploy my entire system from a single pipeline, for integration testing, or simply just deploying a production instance. —— As far as I can see, my options are 1) manually orchestrate the system deployments, 2) automate it in a janky fashion by invoking the pipelines via REST , or 3) duplicate the deployment code for those components into a mega-pipeline for system deployment. —— I’m wondering what the panel would do to get around this.
- EricStarkerJust to confirm, this would be more of a DevOps question and not something this particular team is qualified to answer. Feel free to check out our Azure DevOps discussion space: https://techcommunity.microsoft.com/t5/azure-devops/bd-p/AzureDevOpsForum
Anyone have a list of great opensource tools they are using for their pipelines?
static code analysis for IaC
https://github.com/bridgecrewio/checkov
static code analysis for Github Actions
https://github.com/rhysd/actionlint
kitchen sink
https://github.com/oxsecurity/megalinter
- bmoore-msft
ARM Template Toolkit:
ARM Template Analyzer
https://github.com/Azure/template-analyzer - more security focused - this is still in a "preview" state.- Perfection. Thank you Brian.
- Hi there, Martin here from Germany. I learned Azure Basics and want to start scripting AzDeployment. What is an easy way for new rollouts, biceps? And by what technique/tool it is easy to manage or alter an environment. Should it be Infrastructure by code completely? Regards, Martin
- adotfrank
For getting started, some people find it easier to use Az CLI or Azure PowerShell. They tend to be more familiar for those with IT backgrounds and have done powershell or bash scripting. The issue with those tools is they tend not to scale well as your deployments get more complex -- they deploy resources serially instead of in parallel for example.
If you want to use one of the declarative tools, then both Terraform and Bicep are great options. We offer some introductory guides for both tools, which I've linked to below:
* Bicep: https://docs.microsoft.com/en-us/learn/paths/fundamentals-bicep/
* Terraform: https://learn.hashicorp.com/collections/terraform/azure-get-started
- ok, thank you. I did not have a look at the tools yet. I think of deploying and maintaning environments as an MSP. Or maybe rollout a PoC. We want to enhance our powershell-rollouts by Bicep or Terraform. The structure of an AVD environment is quite similar. Which one to concentrate on as a newbie?
- Is there a document which can help to understand the core functions & configuration part?
- bmoore-msftAlpesh - can you expand a bit more on what you mean by core/config?
- Hey Brian I meant to in brief document on functions of bicep
- Try to use Microsoft docs, the oldest information is as old as new.
