Exercise: create Azure secret store

  • Set up git with new feature branch
    • Clone locally (already done)
    • Create branch
    • Checkout branch
  • Create resource group
  • Create random_id (8 characters, alpha-numeric)
  • Create random_string (24 characters)
    • Use limited set of special characters !@#$%*_
  • Create azurerm_key_vault
    • Restrict access to your (external) IP
  • Add tags to all resources to make management easier
  • Read current service principal object ID
    • Hint: look at azurerm_client_config
  • Grant your service principal full access to your key vault
    • Beware creating keys that you cannot see or delete!
  • Grant your read-only Portal user access to your key vault
    • Ensure your networking access includes the IP of the machine that you’re accessing the portal from
  • Create secrets
    • azurerm_key_vault_secret
    • azurerm_key_vault_key
    • azurerm_key_vault_certificate
      • Generate the certificate in key vault, then output name and size
  • Use depends_on to ensure that your secrets are created after and destroyed before the access permission
    • Typically this setting depends_on in each secret with a reference to the policy
  • Design output {} statements
    • to verify that secrets have been created properly

Exercise: working with workspaces

  • Refactor ‘create Azure secret store’ exercise
    • Create dev workspace
    • Create prod workspace
    • Include ${terraform.workspace} name in all resources
  • Create side-by-side (per environment) secrets
    • Create set of dev secrets
    • Create set of prod secrets at the same time
  • Destroy the dev secrets
    • Verify that prod secrets are still available

Exercise: referencing secrets

  • Create a second root module
    • Reference a secret using the data source
    • Create an output block to return some property of a secret
  • Use the prod secrets in tutorial/07
    • Refactor your previous tutorial/07 code
    • Source the admin password for your VMs from AKV
      • prod secrets

Exercise: create a VM as a docker host

  • Using tutorial/06 as a reference, create a VM
    • Open up port 80 using the Network Security Group
  • Customise your azurerm_virtual_machine to run a command whoami
  • Alter your command to install docker
    • yum install docker
  • SSH into the VM
    • List out current containers using docker ps -a (should be empty)
  • Use the docker command line to install the Apache HTTPd container
  • Use curl to connect to http://localhost:80
  • Use a local web browser to connect to your public IP (http://…)

Exercise: create Azure Kubernetes cluster

  • Coming soon

Help

If you’d like help moving your team onto GitFlow, please get in touch.

Leave a comment