Bicep

During the Bicep Community Call of July 2023 I was introduced to the new experimental testing framework that the Bicep team is working on. After learning the fundamentals of the Go programming language I saw the value of test driven software development, and it will be an advantageous improvement if we can start applying this methodology to Infrastructure as Code as well. Test driven software development is a software development practice that involves writing unit tests before writing the actual code, and then refactoring the code to pass the tests. Some of the advantages of test driven software development are: ...

In this video, I will show you how to use Bicep to deploy a Kubernetes cluster with custom network settings using the Azure CNI. Azure CNI allows pods to be assigned IP addresses from Azure VNets which allows them to communicate with Azure resources directly through peered networks. ...

In this video I explain how to generate random strings in Bicep and demonstrate a couple of deployments. I use the uniqueString function combined with the utcNow function. But the caveat is that you can only use it as a default value for a parameter, as follows: ...

Finish deploying keyvault using pipeline Get the random name generation to work Lessons Learned Subscriptions need to be registered with resource providers, apparently https://learn.microsoft.com/en-us/azure/azure-resource-manager/troubleshooting/error-register-resource-provider?tabs=azure-cli acccesPolicies are mandatory on KeyVaults, but not when RBAC is enabled Assign contributor role to Azure DevOps service connection to be able to create resource groups from pipeline Achieved Setting up connection between pipeline and Azure subscription Assign correct rights to the service connection so it is allowed to deploy new resource groups (and other resources) Learned about provider registrations Made progress on creating unique names for resources Successfully deployed new resource group and key vault from the pipeline Next time: Look into random string creation with utcNow ...

Write KeyVault template Write pipeline code set up Azure DevOps pipeline Lessons Learned Always make sure to use az deployment group instead of az group deployment Because it has older Bicep version and will be deprecated Make sure to be in correct Directory to be able to sync subscriptions for service connection Links: 202306302206 ...

Inspired by a GitHub Copilot demonstration I witnessed at Microsoft, I wanted to see how quickly I could deploy an AKS cluster from Neovim with Bicep using Copilot. I wasn’t disappointed! Links: 202306271706 https://www.youtube.com/watch?v=l0B65FUfNBU [[AKS]] [[Kubernetes]] [[Neovim]] [[bicep]] [[coding]]

The new parameter files use bicep style formatting instead of JSON, and they will make the lives of Cloud Engineers a lot easier. They have the following advantages: More readable and editor friendly Cleaner and less lines of code VSCode integration Quickly convert from JSON or template file using VSCode In this video I introduce these new files. I go over the new formatting, and I also introduce the new features in VSCode for the .bicepparam files. ...

Did a refactor of some of our Bicep template code for our AKS clusters today. Before, we were using a rather complicated line of code using string interpolation. var vnetSubnetId = '${resourceId(vnetResourceGroupName, 'Microsoft.Network/virtualNetworks', vnetName)}/subnets/${vnetSubnetName}' This was hard to read and the Bicep linter gave the following warning in my editor and during deployment: WARNING: D:\a\1\a\drop\Generic-templates\containers\azure-kubernetes-service\v4.0\templates\aks.bicep(117,7) : Warning use-resource-id-functions: If property “vnetSubnetID” represents a resource ID, it must use a symbolic resource reference, be a parameter or start with one of these functions: extensionResourceId, guid, if, reference, resourceId, subscription, subscriptionResourceId, tenantResourceId. Found nonconforming expression at vnetSubnetID -> vnetSubnetId [https://aka.ms/bicep/linter/use-resource-id-functions] ...

Next winter I’ll be entering my third year as a DevOps Engineer. When you first break into this field there is an overwhelming amount of things to learn. Frankly, this will always be the case. But I’m reaching a point where I have gained experience with most of the main areas and tooling, and I can start seeing the relations between them and how they compare to one another. Just like any other job or activity, there are things that you like and that suit you well, and there are things that you don’t like. And now the first phases of overwhelm are confidently behind me, I’m starting to learn the things I prefer doing over others. ...

Deploying to subscriptions and management groups To tell Bicep which scope to deploy to, use the targetScope keyword, for example, managementGroup. You’re not specifying which management group exactly, this is done during deployment of the template file. targetScope can be set to resourceGroup, subscription, managementGroup or tenant. If it is not set, Bicep assumes resourceGroup. create a resource group targetScope = 'subscription' resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-01-01' = { name: 'example-resource-group' location: 'westus' } To deploy you use az deployment group create for resource groups, but you use az deployment sub create for subscriptions, mg for management group and tenant for tenant. ...