Skip to content
adatum
  •  SCOM Web API
  • About adatum
laptop computer showing c application Infrastructure As Code

Azure Infrastructure as code – Pulumi

  • 10/12/202010/12/2020
  • by Martin Ehrnst

Infrastructure As Code is here to stay. And all companies work with this in a variety of ways. Recently I changed job, and with that comes new challenges. The team I joined I highly skilled and is responsible for a very complex, and large infrastructure in Azure. A great part of this infrastructure is deployed and maintained using a tool called Pulumi.

My new role does not require me to become a developer creating Apps. But I have been advocating and teaching fellow IT pro’s the importance of embracing developer tools and processes for our infrastructure management tasks. My knowledge around infrastructure as code is with PowerShell, Terraform, and ARM. My C# skills are very limited, although I have some experience.
Pulumi is definitely putting developers first, and I need to step up my game.

What is Pulumi

Azure Resource Manager and Azure Bicep are both domain-specific languages, meaning they only work with Azure. Terraform, is another popular tool (almost a standard), which also has it’s own language (HCL). HCL differs from ARM as it works with more than Azure.

Create, deploy, and manage infrastructure on any cloud using familiar programming languages and tools.

Pulumi

Pulumi on the other hand, use general-purpose programming languages. This means you can deploy and maintain your infrastructure with ‘real programming languages’, like C#, Java, TypeScript, and Go.

How does Pulumi work

Pulumi is a declarative infrastructure as code tool. And it’s core engine will ‘build’ your desired infrastructure, and keep track of its state.

Projects and stacks

You start with something called a Project. The project folder is controlled via a Pulumi.yml file looking something like this, where name and runtime are mandatory.

name: core-infra
runtime: dotnet
description: my very first pulumi project

After creating the project you will need to create a stack. The stack is an instance of your project. For example, staging and production of project core-infra would be two separate stacks.

State management

You might be familiar with this concept already, but if not here’s what’s what;
Pulumi keeps a snapshot of your infrastructure, referred to as ‘state’. This allows Pulumi to delete, create, and change your infrastructure components. But it also means you have to think about where you perform edits (only within the Pulumi stack/project), and where to store your state files.

By default Pulumi will store and manage state with their online service, Pulumi Console.

Getting started with Pulumi for Azure

My short goal for self learning Pulumi is to replicate what I demoed in me and Marcel Zehner’s Live streams on Azure resource manager and infrastructure as code.
for Pulumi I am using this repository

For some reason, I assume you run Windows and CSharp, but if you fancy any of the other options, they are documented as well.

To run Pulumi on Azure you will need to install Pulumi, log in/sign up, install .NET 3.1, and Azure CLI (if you don’t have it already). The process is documented on the getting started page.
I tried to run with .NET 5.0, without any luck, but that might be solved soon.

Your next task is to create your project. In all essence, you run a few commands against an empty folder. This will generate the Pulumi program files and your project metadata files. Below is my configuration

cd C:users\MartinEhrnst\repos\Pulumi\
mkdir 1.ResourceGroup-storageAccount
cd 1.ResourceGroup-storageAccount
pulumi new azure-csharp

After filling in your mandatory project parameters, a getting started code will be generated for you. This will create an Azure resource group and a storage account.
In the above picture, I have changed this slightly to include a storage container, and change some of the default parameters. You can find my latest Pulumi code in this GitHub repo

For those experienced with C#, you can see that Pulumi has classes for the Azure resources. But since this is C#, we can use common coding techniques, like iterations (for-each) to deploy our infrastructure.

Pulumi deployments

If I now want to deploy my infrastructure. I will need to run Pulumi, which translates this code into something Azure Resource Manager can understand. To my knowledge, Pulumi uses the Azure Resource Manager REST APIs to run the deployment.

To deploy the resources, you can follow this guide. In my environment above, this is the code and output from my review.

PS C:\Users\MartinEhrnst\repos\Pulumi\1.ResourceGroup-storageAccount> pulumi up
Previewing update (dev)

View Live:

     Type                         Name                Plan
 +   pulumi:pulumi:Stack          rg-and-storage-dev  create
 +   ├─ azure:core:ResourceGroup  resourceGroup       create
 +   ├─ azure:storage:Account     storage             create
 +   └─ azure:storage:Container   container           create
 
Resources:
    + 4 to create

Do you want to perform this update? details
+ pulumi:pulumi:Stack: (create)
    [urn=urn:pulumi:dev::rg-and-storage::pulumi:pulumi:Stack::rg-and-storage-dev]
    + azure:core/resourceGroup:ResourceGroup: (create)
        [urn=urn:pulumi:dev::rg-and-storage::azure:core/resourceGroup:ResourceGroup::resourceGroup]
        [provider=urn:pulumi:dev::rg-and-storage::pulumi:providers:azure::default_3_33_2::04da6b54-80e4-46f7-96ec-]
        location  : "norwayeast"
        name      : "rg-PulumiStorage"
    + azure:storage/account:Account: (create)
        [urn=urn:pulumi:dev::rg-and-storage::azure:storage/account:Account::storage]
        [provider=urn:pulumi:dev::rg-and-storage::pulumi:providers:azure::default_3_33_2::04da6b54-80e4-46f7-96ec-b56ff0331ba9]
        accountKind           : "StorageV2"
        accountReplicationType: "LRS"
        accountTier           : "Standard"
        allowBlobPublicAccess : false
        enableHttpsTrafficOnly: true
        isHnsEnabled          : false
        location              : output<string>
        minTlsVersion         : "TLS1_0"
        name                  : "storage2966fa9"
        resourceGroupName     : "rg-PulumiStorage"
    + azure:storage/container:Container: (create)
        [urn=urn:pulumi:dev::rg-and-storage::azure:storage/container:Container::container]
        [provider=urn:pulumi:dev::rg-and-storage::pulumi:providers:azure::default_3_33_2::04da6b54-80e4-46f7-96ec-b56ff0331ba9]
        containerAccessType: "private"
        name               : "images"
        storageAccountName : "storageab46f04"

In Azure, I can now see that the storage account and resource group are created. But I cannot find this as deployments. I suspect this has to do with how Pulumi interacts with Azure resource manager. This might not be an issue for you, but if you rely on the deployment plane, you should have given this a thought.

Should you use Pulumi for Azure?

Given my very limited knowledge of the product that is hard for me to answer. But there are things you should consider.
As I said, I have advocated for a few years about the ‘Modern IT pro’. Meaning we need to adopt and use more developer-oriented software and processes, like Git for example.

By using Pulumi you are not only adopting processes, but you also assume your team knows CSharp or any of the other supported languages. If your team consists of IT Pro’s who are beginning to explore the Dev side of the DevOps circle. Pulumi will give you some rough weeks ahead.

On the other hand, if your team is developer heavy, looking into the operations side. Pulumi might be your best choice. As a developer, it must seem alluring to be able to provision infrastructure together with your application code.
However, the responsibility for correct configuration, governance, and security is still the most important for your infrastructure. Can this be done with the same team and codebase, you can definitely consider using Pulumi.

Pulumi ARM template converter

A tool to convert ARM templates to Pulumi already exists. During my initial testing, I had success converting less complex templates, but when I tried to convert a nested template with a Copy loop the tool failed.

I suggest you try it out with your own templates, and since it’s open-sourced, you could always try to improve it your self. If not, the community will at some point.

Share this:

  • LinkedIn
  • Twitter
  • Reddit
gray laptop computer showing html codes in shallow focus photography Azure

Azure Infrastructure As Code video series

  • 28/10/202028/10/2020
  • by Martin Ehrnst

For weeks Marcel Zehner and I have held four live streams. Covering ‘everything’ related to Infrastructure as code on Azure.

Recording available

In the series, we covered the following topics, and everything is now available on YouTube

  • Advanced ARM templates
  • Deployment scripts
  • Linked and nested ARM templates
  • ARM template deployment with Pipelines

Share this:

  • LinkedIn
  • Twitter
  • Reddit
flight sky earth space Azure

Recording available: ARM template deployment scripts

  • 23/10/202023/10/2020
  • by Martin Ehrnst

Sign up for our next livestream; How to deploy resources using CI/CD

In our Infrastructure as code live stream series, Marcel Zehner and I covered a new feature in the Azure IAC space. Namely deployment scripts. With deployment scripts for Azure, you can run PowerShell or Bash (CLI) scripts within your ARM templates.

You may have heard of Custom script extension for Azure Windows VMs, this is sort of the same thing. Making you able to call external systems during deployment, or perform the last-mile configuration to your infrastructure.

Deployment scripts recording

You can find all our recordings on youtube and all code examples on github

Share this:

  • LinkedIn
  • Twitter
  • Reddit
Azure

Recording available: Complex ARM templates

  • 12/10/202012/10/2020
  • by Martin Ehrnst

Together with MVP and Regional Director, Marcel Zehner we are running four live streams on Azure Resource Manager deployments using ARM templates. Recording from our first live stream, Complex ARM templates is available now.

In this session, we covered how you should use parameters, functions, and dependencies to create more reusable code, and how to control the result of your user’s input.

You can find the recording on YouTube, and the script examples on GitHub

More ARM template live streams

We have three more ARM template live streams planned- hopefully we will see you there:

Nested & linked ARM templates
Date & Time: October 12, 2020, 5PM CEST
Registration: https://lnkd.in/deW4xXJ
Attendee Link: https://lnkd.in/dz_WgyW

Deployment scripts
Date & Time: October 19, 2020, 5PM CEST
Registration: https://lnkd.in/dhEYeMr

Code release using pipelines
Date & Time: October 26, 2020, 5PM CEST
Registration: https://lnkd.in/d_JuDuv

Share this:

  • LinkedIn
  • Twitter
  • Reddit
Conferences

IT Pro announcements from Microsoft Build

  • 20/05/202003/09/2020
  • by Martin Ehrnst

Microsoft Build is Microsoft prime developer conference, where Microsoft Ignite is the conference for your traditional IT pros. However, the traditional IT pro role has changed significantly in recent years, and Build is therefore interesting to us, and a lot of great “infrastructure” announcements were released at Build this year. Below I have picked out a few announcements I find most interesting.

Azure Resource Manager templates

ARM language improvements

Azure resource manager templates are very powerful. However, one of its Achilles heels is its verbosity. At build we got a small sneak peek on how Microsoft is looking in to improve ARM template language. Sign up here to get more information.

What-If analysis

I have deployed a lot of templates in recent years. And when I first saw a preview of the new what-if command I was thrilled. The ability to check what impact your template would make is a very important feature that is now available.

PowerShell or CLI inline in the templates

I’m not sure I like this one- the ability to actually write PowerShell or CLI scripts within ARM templates via Deployment Script is now in Public Preview.

ARM templates tend to be very complex already. And while this feature will solve a lot of issues, I am pretty sure we can manage to create a lot of new ones as well. I suggest a very humble approach to this feature.

Azure infrastructure

Azure Peering service generally available. Providing the fastest route from on-premises to your Azure resources. At first this looks like a new name for Express Route, but Azure Peering is not private. Instead it uses the largest ISPs around the world to quickly get you on Microsofts backbone.

Azure Arc enabled kubernetes

Azure Arc provides a range of capabilities for managing servers, Kubernetes, and Azure data services across clouds, datacenters, and edge locations.

Azure Arc was introduced at Microsoft Ignite in 2019. At build, Microsoft announced Arc for kubernetes in preview. With Arc for Kubernetes, we are able to use management tools in Azure like Azure policy and Azure monitor. For clusters running on-premises or in another cloud, public or private. For companies using for example RedHat OpenShift on-premises, and AKS in Azure. You can have a unified experience for both environments.

Read more about Azure Arc for kubernetes here

Azure Security and Azure AD

Azure AD now has a feature called ‘external identities’ in public preview. I’m not sure about all the news. But it seems to be a revamped Azure AD B2c. I will look more in to it later.

Azure Security Center is updated with a secure score API. To me this is great as integration to internal portals will be much easier. In other news, the ability to suppress alerts is now publicly available!

More Azure AD news can be found here

Build 2020 book of news

I will continue to update this list throughout Build and hopefully test drive some of the new features. In the meantime, you can find the complete list of Build 2020 announcements in the book of news

Share this:

  • LinkedIn
  • Twitter
  • Reddit

Top Posts & Pages

  • Azure Application registrations, Enterprise Apps, and managed identities
  • Azure AD authentication in Azure Functions
  • Automate Azure DevOps like a boss
  • Azure token from a custom app registration
  • How to move Azure blobs up the path
  • Access to Blob storage using Managed Identity in Logic Apps - by Nadeem Ahamed
  • Script to add SCOM agent management group
  • Azure Bicep modules, variables, and T-shirt sizing
  • Track changes to Azure resources
  • Multi subscription deployment with DevOps and Azure Lighthouse

Tags

agent announcements api ARM authoring Automation Azure AzureAD Azure Bicep AzureDevOps AzureFunctions AzureLighthouse AzureMonitor AzureSpringClean Bicep Community CSP database EventGrid ExpertsLive ExpertsLiveEU IaC Infrastructure as code Integrations LogAnalytics management pack monitoring MSIgnite MSIgnite2017 MSOMS MSP nicconf Nordic Virtual Summit OperationsManager OpsMgr Powershell QUickPublish rest SCOM SCOM2016 Serverless SquaredUP SysCtr system center Webasto

Follow Martin Ehrnst

  • Twitter
  • LinkedIn

RSS feed RSS - Posts

RSS feed RSS - Comments

Microsoft Azure MVP

Martin Ehrnst Microsoft Azure MVP
Adatum.no use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it. Cookie Policy
Theme by Colorlib Powered by WordPress