Open in app

Sign in

Write

Sign in

Enterprise Scale Azure Landing Zones Azure DEVOps using Terraform and CAF Modules: Technologies Involved

Sebastian Rogers
4 min readJul 19, 2021

TL:DR There are multiple technologies used. You could choose to use different technologies for the CI/CD component but the community is focussed on Azure DEVOps.

This series of stories is a practical set of written instructions for Microsoft Cloud Adoption Framework for Azure documentation — Cloud Adoption Framework | Microsoft Docs.

This story carries on from Enterprise Scale Azure Landing Zones Azure DEVOps using Terraform and CAF Modules: Start Here.

Terraform (Required)

Terraform is a provisioning engine that uses a template language to control its flow of execution. Although it is the core of the system, as it contains the actual code by using Rover and Azure DEVOps, it is effectively hidden from us.

It uses configuration files are written in the HashiCorp Configuration Language (HCL) which confusingly looks similar to json.

You will need to understand Terraform Language Documentation to do this configuration

Terraform, unfortunately, uses state files that record your “last known state” to allow it to:

  • Be idempotent by not creating or configuring Azure Resources that are already correctly created.
  • Check for configuration drift from the last known state

It is vital you understand how these work and where they live, running against the wrong state file either because its out of date or your looking for it in the wrong place will hurt you very badly.

Recorded state is a bad idea, it can, and almost always is, wrong. If your recorded state and the real world differ then Terraform may not work forcing you to update the state file. External forces, e.g. Azure Policies may do this . This can often be quite tricky to resolve. Terraform state files are recorded state.

Desired state is a good idea. You can check to see if your system is in the correct state and if not then take actions to achieve it. Azure Resource manager templates are desired state.

Sebastian Rogers’ First Law of Computing: Lies will hurt you

Rover (Required)

Cloud Adoption Framework for Azure — Landing zones on Terraform — Rover

This is a docker container designed to ensure that people using the CAF Landing Zones are all using a consistent set of tools and also helpers for Terraform.

It is used to:

  • Create just enough of the Azure Environment to support hosting Azure DEVOps Clients
  • Create multiple Azure DEVOps Rover clients
  • Create multiple Azure DEVOps Managed Identities
  • Create Azure DEVOps pipelines that use the Azure DEVOps clients
  • Create the Enterprise Scale Azure Environment

To complicate matters it comes in two flavours:

The rover is available from the Docker Hub in form of:

Standalone edition: to be used for landing zones engineering or pipelines.

Adding runner (agent) for the following platforms

  • Azure DevOps
  • GitHub Actions
  • Gitlab
  • Terraform Cloud/Terraform Enterprise

This implies that multiple technologies can be used to perform the CI/CD component.

Azure DEVOps (Preferred)

SANDPIT ENVIRONMENT WITH AZURE DEVOPS PIPELINES

This is a Source Code Repository and Continuous Integration / Continuous Deployment that will allow us to automate deploying the Enterprise Scale CAF environment. It is often used by Enterprises who use the Microsoft / Azure / Windows development stack.

It is also the example that the CAF-ES Community are developing and hence is preferred.

GitHub Actions

GitHub Actions are a workflow implementation hosted by GitHub, which is owned by Microsoft, that can be used to implement Continuous Integration / Continuous Deployment. When combined with GitHub Repos this gives a complete solution.

Based on the deprecation of Visual Studio CodeSpaces and its replacement by GitHub CodeSpaces I strongly suspect that GitHub will become the default CI/CD for all Microsoft technologies in the medium term future.

However the CAF-ES Community is currently using Azure DEVOps.

Gitlab

Gitlab is a DEVOps environment providing full lifecycle management.

However the CAF-ES Community is currently using Azure DEVOps.

Terraform Cloud/Terraform Enterprise

Terraform Cloud/Terraform Enterprise is an application that helps teams use Terraform together. It manages Terraform runs in a consistent and reliable environment, and includes easy access to shared state and secret data, access controls for approving changes to infrastructure, a private registry for sharing Terraform modules, detailed policy controls for governing the contents of Terraform configurations, and more.

The difference is between using a hosted service (Terraform Cloud) or hosting your own service (Terraform Enterprise).

However the CAF-ES Community is currently using Azure DEVOps.

TL:CR There are multiple technologies used. You could choose to use different technologies for the CI/CD component but the community is focussed on Azure DEVOps.

  • Create the Enterprise Scale Azure Environment

To complicate matters it comes in two flavours:

The rover is available from the Docker Hub in form of:

Standalone edition: to be used for landing zones engineering or pipelines.

Adding runner (agent) for the following platforms

  • Azure DevOps
  • GitHub Actions
  • Gitlab
  • Terraform Cloud/Terraform Enterprise
Terraform
Cloud Adoption
Azure Devops

--

--

Sebastian Rogers

Written by Sebastian Rogers

52 Followers

Technical Director for Simple Innovations Ltd. First paid for code in 1980, but still has all his own hair.

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams