Terraform : AZURE : Terraform on Azure with IaC DevOps SRE | Real-World 25 Demos
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Udemy
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Has 25 Demos .
- We will start with real world scenarios on Azure Cloud .
- We will have a step by step document on GitHub for every use case to implement
- We are going to build the infrastructure in an incremental way using Terraform on Azure Cloud
- Initially we will start with terraform fundamentals (Commands, Language Settings ,Providers, Resources). And this will take as 3 hours for us to complete.
- After we can enter into the real world section And in the real world section we will start with implementing the Virtual networks, Subnets and network security, we are going to build a four tier network .
- We are going to simply move on to build a simple Linux Virtual machine
- Once we implement and test it we will implement Azure Basion Host & Basion Service related Implementation.
- So in our entire architecture if you want to connect to our VMs we either need a Basion Host array or Basion service .
- Then we will implement Azure Standard Load balancer with inbount NAT rules.
- We will also implement standard load balancer internally on once of the subnets and we are going to test it from external to internal from the internet , the request will come to the external load balancer and from there it will go to web VMSS and from there it will go to internal load balancer and from there it will go to APP VMSS related VM instances so the enter use case we are going to build in part of this demo.
- Then we will implement Azure public and private DNS Zones .
- After that we will implement the Azure Traffic Manager use case
- We will also learn about Azure Application gateway basics and implement important concepts in Azure application Gateway like Context Path based routing and Multi site hosting all these things we will implement with Terraform code. And
- We shall also implement Azure Application Gateway , SSL HTTP to HTTPS redirect , SSL certificate bring it from Key Vault and use it on our Azue Application Gateway. In addition to that we will also learn about Terraform local modules , build a local module and also ensure that we use any of the Public registry modules and also once we build the local module , push that module to Terraform Public registry and use it again .
- We are also going to implement Terraform , Remote State Storage and Remote State Datasource .(Very Important Concepts)
- Finally we are going to implement a DNS to DB session which is nothing but Azure MYSQL Single Server with Azure Application gateway . So we are going to use a sample application that needs a MYSQL Database and implement that using terraform .
And all the sections of the course is well documented on the GitHub
In addition to that we are going to learn 20 Plus Azure services in this course using Terraform
And we will learn 30 Plus terraform concepts.
From the real world concept we won't need all the concept of Terraform what we required is all we are going to be using in the real world scenario .
Course View
Terraform concepts for a High level view , how we are going to manage inside the Terraform Manifest Folder.
- C1 to C5 are standard things ,
- From C6 we have Azure virtual networks and network security groups where we build the 4 tier network
- From C7 : is completely about Web-Linux -VMSS
- C8 you can see Bastion host linux systems etc
All this come under one single demo and inside the demo if you have a problem with Storage Account or if you have an issue with NAT gateway we can go to that specific file and fix it.
On the left is an example of web Load Balancer + VMSS + App Load Balancer + App VMSS
- C9 -- is web load balancer
- C10 storage account
- C11 Azure net gateways
- C12 App linux VMSS
- C13 App Load balancer
- C14 Private DNS Zones
- C15 is Public DNS
We can fork this Git Hub repositories and use it the way it is required . This completes the introductory part of this course.
What are going to Learn Here,
We are going to start with Terraform Workflow.
from here how we are going to learn terraform is in the block model . What are the blocks available , if we are going to cover these block in terraform , then most of the things we have learned.
Below we have 8 Blocks and all the terrform configuration comes from these 8 blocks
we are going to focus on 3 hours fundamental of terraform initially.
once we complete the terraform fundamental , only then we will move into real work scenarios of 25 demos .
From there we will move on to the real work demo which is a 4 tier network design with Azure with Vnet , subnet ,
After that we will immplement a small Linux VM machine here in the Web subnet with a Public IP and we will access , we will prvision a simple application inside this and then test it. By accessing it via browser .
During the process we are going to implement terraform files, functions , filebase64() and base64encode() function .
From there we will move on to implementing Azure Bastion Host Linux and Bastion service -- This is a very important service that we need to be aware of primarily the Basion service or to implement a Bastion host in our VNetwork to connect to our VM PRESENT in out private networks of our Azure cloud . For that pirpose we have create a Bastion service and we have also provided a Bastion host option with a Linux VM. Instead of a Linux VM we can also have a windows VM here in its respective Bastion host subnet .
From there we will move on and implement the Azure standard Load Balancer , which means for the Web VM we are front it with Azure Load Balancer
And to implement this standard load balancer in terraform we need to , we need have close to create 6 resources , that we need to create . those things we are going to create and implement it using terraform .
From there we will move on and implement inbound NAT Rules in Azure load balancer and access our Web VM via , Load Balancer Public IP with port 1022 for SSH connection . So this inbound NAT Rules is important from standard load balancer perspective not only for SSH connection , but also for TCP related service like FTP or any other service present in our internal networks if you want to expose it to internet with a load balancer with a Inbound NAT rules
From there we will move on to the key concepts of terraform. The core Key concept of terraform is
- Meta Argument count
- Meta Argument for_reach
so These play a very key role in overall terraform implementation , with a single resource too you can implement a Meta Argument Count . Here we are using Meta Argument Count for our Web VM resource for a single resource it will create multiple instances of Web VMs. using Meta Argument Count . But if you create multiple web VMs , you need to add the relation to your Azure standard Load Balancer - which mean one of the Azure Load balancer resource also needs to have the Meta Argument Count to add these three VMs to the load balancer
So count is added once in web VM and also added to Azure Standard load balancer , if you see here for Web VM you have added the count for the NIC (network Interface Card ) we need to have equallent NICs , which mean you will also use count in this .
So we have used counts for VMS , NICS and for one resource in standard load balancer . In the same line if you want inbount NAT rules , so from inbound NAT rules the two resource whatever we have from terraform perspective , in those things too you need to add your Meta Argument Count . Having said that we are going to us Meta Argument count in 5 connected resources and understand it detail
From there we will move on and implement the same thing , Meta Argument for_reach , which means in these five connections we are going to implement the same use case what we implemented in Argument Count for For_each as well .
In Addition to that we are going to learn about for_loop in terraform in this use case .
From there we move on to VMSS ( Virtual Machine Scale Set) . Manual scaling
Manual scaling use case .
So far we have used the VMs in the web subnet , from now on wards we are going to use teh VM scale sets here
From here we will move into Azure VMSS autoscaling .
This is one of the most critical feature available in Azure Cloud and automating with Terraform makes a key important thing here.
We are going to understand how are we going use Autoscaling Default profile / Auto Scaling Recurrence Profile, and Autoscaling Fixed Profiles. We are going to implement them manually and understand the concept and move on and implement it with Terraform .
And we are going to have examples for all the use cases implemented using terraform .
Screen shot of Auto scaling default profile
Where as these are our metrics that we will have in our terraform configuration . What ever you see here is created using terraform indeed .
Autoscaling Recurrence Profile
This is recurrence weekend profile implementation .
Moving on we will also implement Auto fixed scaling profile to .
After that we will move on with Mega Use Case which is External LB + Web VMSS + Internal LB + App VMSS
You can see Azure Standard Load Balancer in is External LB is in the resource group and not inside the Virtual Network .
But if you notice Internal LB that is present inside the App Tier subnet . So you will deploy a sample application in the App VMSS related VMs instances and to access that you are going to come from Internet to external LB and here your web VM Instances are Load balanced , here you will proxy to internal LB and from Intenal LB you will proxy connect to App VMSS
when the App VMSS is connected with internal LB at the sametime it needs a NAT Gateway for utbound connection to the internet to get whatever binaries needed by the Webserver to install on the App VMSS , therefore you will also implement the NAT gateway to NAT public IP to internet .
In this use case we are going to implement a Private DNS in our implementation .
There the Internal LB instead of Hard coding in the Web tier related Proxy passes instead we are going to use the applib.terraformguri.com internal DNS Zone here , therefore we are going to register the DNS record for this internal LB related IP address in our Private DNS zone.
As we focus on implementing Private DNS zone we are also going to take a look at our Public DNS zones .
Public DNS zone.
For our application we are going to register the External LB Public IP in the Public DNS zone. with DNS records and access them using https://kubeoncloud.com
via internet , the request goes in to the App tiers and servers the page present in the App VMSS using DNS .
There on we will move on and implement Terraform Backend with Azure Storage Account in Azure cloud .
From there we will move on to implement Terraform Remote State Datasource concept , this again we are going to implement with three projects will also make the - remote backend to be the azure storage . And each one has their own TF State file .
And to be more realistic we will implement this Terraform Remote State Datasource concept using the Traffic Manager Example .
You will use your Traffic Manager example to load balance your traffic across regions in the identical application present in Eastus2 and Westus2 regions . And to implement this use case we have also used the terraform Remote state Datasource concept .
And then we will move on to Application Gateway related basics . It is a very critical concept from Azure's perspective .
And for that we need to understand every concept in mention up there on the left side in the snapshot given above .
For that we need to firstly create the Azure Application Gateway LB from the Azure Portal .
Azure Applications Component Diagram :
When we are writing the live template for every use case for Azure Application Gateway
The next we will move on to Azure Application Gateway Context Path Based Routing use case using terraform.
So whenever the user access the application using the URL http/ag-public-ip/app1 the connection is routed to App1 VMSS simpilarly for app2 . This kind of logic is implemented on Azure Application Gateway . And this we shall be implementing using terraform .
And in addition to that whenever we access the root context , it will redirect to some external site. So we will be implementing in addition to context path routing we shall also implement redirection in our application gateway . There also we are going to see how the configurations are going to look like.
Next we will be implementing the Multi-Site hosting in Azure Application Gateway .
With respective URLs on the left the user is redirected to different sites. This is a DNS Name based routing or Mutisite Hosting
Next we will implement SSL certifications for out Application Gateway .
Therefore we will create SSL certificates and upload them in Application gateway . And we will also implement a use case called HTTP TO HTTPS redirection - A very common implementation in our real world approach in our real world use cases .
Whenever users access http://terraformguru.com it automatically redirects to https://terraformguru.com
As you have SSL certs added in the Application gateway with listener 443 - which is https and you will be serving the pages present in the App1 VMSS
Additionally in azure application gateway to embed the AG Error Pages , we need to create a storage account by uploading 503 .html and 403.html
Next we will also implement SSL from Key Vault , earlier your SSL certs were directly uploaded from Terraform working directory to SSL Certs container in Azure Application gateway
But in this use case the safest option what Azure recommends is to update your SSL certs to your Azure key Vault and Access them via Azure application Gateway .
And to do that you need to understand the User Assigned Managed Identity Concepts . And integrate this Azure Key Vault with Azure application gateway . meaning from the application gate way how am i going to access the SSL certs imported in the Azure Key Vault -- We will be implementing this via terraform too.
Azure Pipeline Key concepts .
- What is a Pipeline
- What is a Stage in Pipeline
- What is a job in a pipeline
- What is a job with Agent
- What is a job without Agent
- In each Job what are the steps and the type of scripts
- what is a step of type task
which is a build pipeline here with two tasks here with
Next we will implement the Release Pipeline .
This IaC related Build pipeline will publish the artifacts to our release pipeline and in release pipelines we shall create four stages
- Dev
- Staging
- QA
- Prod
Comments
Post a Comment