Category: Terraform

Posted on by Leave a comment

Azure Chaos Studio terraform properties

Recently I was playing around with Azure Chaos studio and as a DevOps engineer I wanted to automate the experiment creation through terraform. Although it might seem straightforward it is not and through the process you may find out that some information are needed.

First things first you can go through the documentation and use the azurerm_chaos_studio_experiment terraform resource. This resource needs some properties to be defined as selectors which would be the resources that the experiment will affect.

  selectors {
    name                    = "Selector1"
    chaos_studio_target_ids = [azurerm_chaos_studio_target.example.id]
  }

As shown from the code we will then need a azurerm_chaos_studio_target terraform resource which is identical to the below:

resource "azurerm_chaos_studio_target" "example" {
  location           = "West Europe"
  target_resource_id = data.azurerm_windows_web_app.example.id
  target_type        = "Microsoft-AppService"
}

The first thing that I. was searching is the target_types. Those can be located in the below page and for my example I wanted to use a WebApp that’s why I selected Microsoft-AppService

https://learn.microsoft.com/en-us/azure/chaos-studio/chaos-studio-fault-providers

Afterwards you will need a capability. The capability block can be located inside the steps of the experiment as shown in the example of terraform docs (link attached to the bottom of the article). The capability has a unique name depending on the action that you need to perform and resource. You can find them in the below link.

https://learn.microsoft.com/en-us/azure/chaos-studio/chaos-studio-fault-library#stop-app-service

resource "azurerm_chaos_studio_capability" "example" {
  chaos_studio_target_id = azurerm_chaos_studio_target.example.id
  capability_type        = "Stop-1.0"
}

In my case I wanted to stop a WebApp so I selected the appropriate. As an example if you need to shutdown a virtual machine you will have to use another capability which is Shutdown-1.0 instead of Stop-1.0.

Bonus:

When running terraform to create your azure chaos resources you may encounter the below error:

retrieving list of chaos target types: loading results: Get "": unsupported protocol scheme ""

For this issue there is an open bug under terraform repository and it is under investigation.

https://github.com/hashicorp/pandora/issues/4535

Links:

https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/chaos_studio_experiment

Posted on by Leave a comment

Deploying kubernetes applications with 2-clicks | Azure DevOps & Terraform

When you read the title you may think that this article can be a clickbait. That’s the reason you should continue reading until this end to figure out that deploying k8s application with Azure DevOps and terraform can be very easy when you create everything through infrastructure as code.

In this example we will utilize Azure DevOps pipelines and terraform to deploy a yaml definition on an AKS cluster that runs on Azure. For this output we will need three steps.

The first step is to create an AKS cluster on Azure. When we have the infrastructure ready we can then continue and bind Azure DevOps pipelines with the AKS resource so that we can deploy on the cluster. The last step is to have the yaml definition of the application that we need to deploy and run the application deployment process inside azure devops.

The project is structure as shown in the below picture.

  • The code folder contains the yaml k8s definition file.
  • The iac_aks creates the AKS cluster inside Azure
  • The iac_devops creates the Azure Devops resources needed (Service connection with AKS)
  • And finally the azure-pipeline and application-pipeline are the pipelines that will run the automation and do the job.

In order to try out the example the first think that you need to do is to create a variable group inside azure devops and store two values. The first value will be the secret Personal access token that will be used to create the Azure DevOps resources. The second one is the URL of your Azure DevOps organization.

When those are set you will need to change the tfvars files and add the names that you prefer for the resources creation. Finally you can have your deployment ready with just two clicks. One for the infra pipelines and one for the application pipeline.

Code is hosted on Github
https://github.com/geralexgr/globalazuregreece2024

Posted on by Leave a comment

Pass terraform provider variables as secrets

Many times you need to provide values in provider information when using terraform. Lets take as an example the below code block. The azuredevops provider needs some variables in order to deploy successfully and we need to pass those values as secrets because they contain sensitive information. 

terraform {
  required_providers {
    azuredevops = {
      source = "microsoft/azuredevops"
      version = ">=1.0.0"
    }
  }
}

provider "azuredevops" {
  org_service_url       = URL
  personal_access_token = TOKEN
}

We should never hardcode such information in the application as this information may get leaked. In order to pass those as secrets we will need to create a variable group or standalone variables and place the secrets there.

Then we will need to create some terraform variables and pass the values for those through the pipeline.

variable "org_service_url" {
  description = "The URL of your Azure DevOps organization."
}

variable "personal_access_token" {
  description = "The personal access token for authentication."
}

The provider block should be updated accordingly.

provider "azuredevops" {
  org_service_url       = var.org_service_url
  personal_access_token = var.personal_access_token
}

Finally we pass those values through the pipeline step by providing those with -var argument on terraform.

    - task: TerraformTaskV4@4
      displayName: terraform apply
      inputs:
        provider: 'azurerm'
        command: 'apply'
        workingDirectory: '$(System.DefaultWorkingDirectory)/src/iac_devops'
        commandOptions: '-var="org_service_url=$(URL)" -var="personal_access_token=$(PAT)"'
        environmentServiceNameAzureRM: 'SUBSCRIPTION'

Finally the pipeline will succeed.

Posted on by Leave a comment

The subscription is not registered to use namespace ‘Microsoft.ContainerService’.

When you deploy on Azure using terraform you may encounter the below error.

The subscription is not registered to use namespace ‘Microsoft.ContainerService’. See https://aka.ms/rps-not-found for how to register subscriptions.

In order to resolve issue you should go inside azure portal and under your subscription you should navigate into Resource Providers. Then you should search for the specific provider that is not registered (in my example in was ContainerService) and click register.

When you press register you will see that the provider is going to be in Registering state.

Finally the deployment will succeed after the above change.