Terraform Functions - Part 1 - For_Each

-

In this blog series we will explore some of the common Terraform functions that will be useful to know when deploying resources to Azure. With working demos you can follow along and deploy resources to your own Azure subscriptions and learn how these functions behave.  Knowing about these features and combining the use of them in your Terraform configurations will help as you make more advanced deployment templates and modules. This will be a four part series covering the following;
  • Basic for_each demo
  • Basic count demo
  • Conditional expression demo
  • Advanced count and conditional expression combined
The assumption is you have an Azure subscription you can use to deploy these resource to. You have installed terraform version 0.12 minimum and are familiar with deploying basic resources to Azure using Terraform configurations. You will have the az cli installed and know how to authenticate to Azure using azure cli. We will be working with a local Terraform state file to keep things simple. You have some working knowledge of Git to be able to clone the demo files to your local workstation. 

Getting Prepared

  • Clone the repo TerraformDemos
  • Open the folder in Visual studio code
  • Authenticate to Azure
    • az login - complete authentication process in the browser
  • If you have access to a number of subscriptions run this command to confirm which one you are active working on, this will show 'IsDefault' as true.
    • az account list --output table
  • If you need to change this use this command and replace that value with your subscription number
    • az account set --subscription 000000000-00000000000-00000000-0000000
  • At the end of each lab we carry out a cleanup task to remove any resources we have deployed during the demo.
Each folder is a self contained demonstration which you can run through with to help understand these Terraform functions. We are now ready to get started.

The for_each function is new in version 0.12 of Terraform, this can be used to iterate through a list or map. This is an alternative to the count function. In the count function we can append a number to the name of resources so you can build web1, web2, web3, etc. What if we want the names to be different? Also, what if we were dealing with a different resource? For example, we have a list of users we want to assign RBAC permissions to. With the for_each function we could create a list of users in a variable and iterate through this to deploy role assignments for each user. 

In this demo we deploy multiple web application resources, you will see how we do this using count function in an upcoming demo. We use a list of app names and deploy multiple Web Apps using for_each to iterate through the list of names.
  1. Review the code in \app-service-foreach-demo\variables.tf
  2. See that variable webapps has three names configured, two of them are currently commented out
  3. Review the code in \app-service-foreach-demo\main.tf
  4. Check the resource azurerm_app_service
  5. We have a for_each value, this references var.webapps the list we have in our variable file
    • for_each = var.webapps
  6. For the name of the resource we are using each.value which gets the name value from var.webapps. When we deploy this configuration it will iterate through the list.
    • name = each.value
  7. In the Visual studio code terminal shell, make sure you are in folder \app-service-foreach-demo\
  8. Run terraform init
  9. Run terraform plan check there are no errors and confirm that it is going to deploy the resources you expect.
  10. Run terraform apply and type yes to approve the change
  11. Check the Azure Portal to review what has been deployed in the resource group terraform-demo-rg
    • One Web App Service Plan
    • One Web Application called dog-fe-web-1
  12. Back in Visual studio code edit variables.tf and uncomment the variable webapps as shown below by removing the # from the start of the line
    • #web2 = "be-web-2"
    • #web3 = "demo-web-3"
  13. Save the changes and deploy again
  14. Run terraform plan check there are no errors and confirm that it is going to deploy the resources you expect.
  15. Run terraform apply and type yes to approve the change
  16. When the deployment completes check the Azure Portal to review what has been deployed in the resource group prd-rg
    • One Web App Service Plan
    • Three Web Applications fe-web-1, be-web-2, demo-web-3
  17. See how we can now deploy the same resources but with very different names easily
  18. We will now remove the resources we deployed ready for the next demo
  19. From the terminal run terraform destroy 
  20. Confirm that it is going to destroy only the resources you expect type yes to approve and cleanup the resources
  21. Check the resources have been deleted in the Azure Portal
I hope this has helped you get started using the new for_each function and you can see where this may be useful in your deployments.  Next time we will explore how we can achieve a similar goal using the count function. 

Comments

Post a Comment

Popular posts from this blog

Terraform Functions - Part 3 - Conditional expression

-
In part three of this blog series we will take a look at the conditional expression function in  Terraform  and see how we can use this with a basic  Azure Web App  deployment. In a future blog we will explore how to use the conditional expression alongside the count function in a more complex resource deployment.  In part one we cover an overview of the blog series and some pre-requisites you will need to get started when working through the deployment steps in this blog series, if you haven't seen this information please review this  here  before you get started with the steps below. Conditional expressions can be used to dynamically omit or change an argument depending on a certain condition. This can be useful for several scenarios, one example may be that you create a module for deploying VMs and have a variable for VM size of small or large, you can set this as a variable and evaluate this variable to change configurations like SKU, disk size etc.  The example we will go thr
Read more

Azure Kubernetes Service (AKS) and Managed Identities

-
Image
In this blog I will be exploring the use of Azure Manged Identities in Azure Kubernetes Service (AKS).  We will then discuss how we can use managed identities according to security best practice. We will look at how we configure the managed identities for the AKS cluster so it can in turn manage other Azure resources.  We will explore how we can configure managed identities for our services/applications that are running on AKS so pods can reach out to other Azure services. Managed Identities Why are we using managed identities? The alternative is to use Service Principal accounts (SPNs). The issues with SPNs is you have a client secret which you have to manage and keep secure. Your cluster apps and services will need to access the SPNs you have created so this means potentially saving it in a few places so it is available to CI/CD pipelines. The secret attached to an SPN rotates so you need to ensure it is valid to ensure your cluster and services continue to run. Managed identi
Read more

Working with WSL and AKS

-
Image
Introduction I find I am working with  Azure Kubernetes Service (AKS) more and more recently and I thought I would share a few tips and snippets of code I have found useful. For reasons I will explain shortly I have started using the Windows Subsystem for Linux (WSL) as my main way of managing AKS.  If you are starting out with AKS I hope you will find some of these hints and tips useful. AKS is a fully managed Kubernetes service from Azure, if you want to find out more about AKS check out the material and video from Microsoft here  .  For the purpose of this document I am assuming you are familiar with AKS and have at least started to play around with it.   Commands There are some key commands you will need when working with AKS and kubectl you can find some of these on the first link below.  While working with AKS you will  be using other tools like Docker for creating and managing your container images.,  I have provided some key starter commands for this on the second link. Helm
Read more