I’m grateful to have the opportunity to speak at HashiConf ’18. It’s always awesome to work with Mitchell, Armon, and the talented engineers at HashiCorp because I believe that we share the same focus on building pragmatic, open-source, and enterprise-ready tools for the cloud. With that strong vision and partnership in mind, I’m excited to describe some of the work that we have done since our announcements at last year’s HashiConf, to bring together the best of HashiCorp’s user focused experiences with the strengths of the Azure cloud.
Our engineering teams have collaborated to expand the resources and services supported by the Terraform provider for AzureRM and added several new integrations with HashiCorp Vault. For this post, I thought it would be beneficial for readers to see the great strides that we’ve made in our partnership with HashiCorp by reviewing some of the major milestones that we hit this year.
Terraform updates in Azure Cloud Shell
Honestly, Cloud Shell is one of my favorite features in Azure. A cloud-based workspace accessible from anywhere and on any device means that I can easily create, monitor and update my cloud resources regardless of where I am. For some time now, we have had Terraform tightly integrated into the Azure Cloud Shell, and recently we launched a graphical editor, powered by Monaco, the open source engine that powers Visual Studio Code. Today, I’m excited to announce that we have added Terraform syntax highlighting to this editor.
This allows seamless editing and authoring of Terraform plan files directly in the Azure Cloud Shell. Now when you edit Terraform HCL using the Cloud Shell editor and get the colors that you have grown to use in VS Code, so you can quickly recognize errors, typos, and more.
Terraform provider for Azure
Microsoft and HashiCorp engineers have been working hard with the help of the community to build support for new Azure services, new features in existing services, and new scenarios. Since our last update, we have continued to invest in IaaS but mostly focused on enabling new Azure PaaS scenarios. We have listened to customers to prioritize the features that are most important.
In order to ensure that you do not wait to long for the fixes, features, and resources that are being delivered, we are releasing new updates approximately on an every other week basis and have very recently shipped Terraform provider for AzureRM version 1.17. Below are the highlights of new resources that have been released since version 1.3.
- Azure Active Directory
- Azure Security Center
- Dev Test Labs
- Shared Image Gallery
- Data Lake
- Logic Apps
- Azure Container Registry
- KeyVault Access Policy
- API Management
Terraform provider for Azure Stack
Azure Stack is an extension of Azure allowing our customers to fully realize hybrid applications that span on-premises to the public cloud. Users of Azure Stack get the consistency of a single API surface area that can work from air-gapped data centers all the way through hybrid deployments.
HashiCorp and Microsoft have partnered to extend Terraform’s capability to manage Azure Stack, allowing our customers to create or manage their resources in Azure Stack in the same manner they do in Azure.
The Terraform Provider for Azure Stack was first made available in May 2018 and has since been updated to include more functionality.
The following capability was made available as of Microsoft Ignite, in September:
- Create and manage Compute, Storage, and Network artifacts.
- Perform complex infrastructure deployments needed to install orchestrators such as Cloud Foundry, Kubernetes, OpenShift, and Service Fabric.
You can get started developing your Terraform scripts to target Azure Stack today, by following the instructions.
One of the most amazing things about open source is how a community can come together to collaborate and share their work to empower others. In this effort, the Terraform and Azure community have stepped up in a big way. The community has taken advantage of all of the new Azure resources that have been added to Terraform and they have contributed new Azure modules in the Terraform Registry. This brings the total number of resources up to 73 modules from about 45 three months ago.
Terraform customers on Azure
We have made the commitment to invest in Terraform resources in order to allow Azure customers who are already invested in, or just prefer Terraform, to use it as their infrastructure provisioning tool of choice. The results of our efforts have been amazing. The number of customers adopting Terraform on Azure has grown by almost 3x since the beginning of the year. It is being adopted by very large customers and small customers across a wide range of industries alike.
Axon is one such customer, who wanted to better manage high data volumes, strict data-integrity standards, and a global customer base, so it used HashiCorp Terraform on Microsoft Azure to migrate Axon Evidence (Evidence.com) from Amazon Web Services to Azure.
Azure Terraform Resource Provider
We have a private preview of a new Azure Resource Provider for HashiCorp Terraform which will enable Azure customers using Azure Resource Manager (ARM) to provision and configure dependent resources with Terraform Providers as if they were native Azure Resource Providers.
We have been investing heavily in Terraform and partnering closely with HashiCorp on enabling deep and rich support of Azure for customers who use Terraform to manage their resources. While many users come to us as dedicated Terraform users, there are others who have built up extensive configurations based on ARM templates, Azures native configuration language. Prior to our partnership with HashiCorp, ARM template users were faced with a dilemma when they wanted to integrate outside tools or services into their templates. They could use various hacky approaches, or they could rewrite their entire configuration stack in Terraform. With the integration of Terraform providers into the Azure Resource Manager Templates, this problem has been resolved. Users of ARM templates now have access to broad ecosystem of providers that are implemented for Terraform, and likewise, startups and service providers that have done the work to integrate with Terraform can now automatically be integrated with Azure’s native templates as well.
If you would like to sign up for the private preview, see “Introducing the Azure Terraform Resource Provider” on the Azure blog.
Vault integrations on Azure
There has been quite a bit of activity adding and improving HashiCorp Vault integrations with Azure. There has been the release of a new auth method for Azure Active Directory, a secrets engine for dynamic generation of Azure service principals and role assignments, and the ability to unseal HashiCorp Vault with keys stored in Azure Vault KMS. You can get an overview of these features in a blog post announcing their availability, in a short intro video we recorded together with HashiCorp, or detailed documentation for “Azure auth method” and “Azure secrets method”.
Azure VM Image Builder Service
Users commonly want VMs to include predefined security and configuration settings as well as application software they own. However, setting up your own image build pipeline would require infrastructure and setup. With Azure VM Image Builder, you can take an ISO or Azure Marketplace image and start creating your own golden images in a few steps.
Azure VM Image Builder lets you:
- Set a source: Use either a Linux-based Azure Marketplace VM or Red Hat Enterprise Linux (RHEL) ISO and begin to add your own customizations.
- Add customizations: These can be added in the form of a shell script, and because the VM Image Builder is built on HashiCorp Packer, you can also import your existing Packer shell provisioner scripts.
- Distribute: you specify where you would like your images hosted, either in the Azure Shared Image Gallery or as an Azure Managed Image.
If you would like to sign up for the private preview, see “Announcing private preview of Azure VM Image Builder” from the Azure blog.
Consul Integrations on Azure
Continuing evolution towards widely distributed software systems and microservices-based architectures brings with it multiple interesting challenges, with one of the main ones being, “How do you keep track of all your deployed services?” This is where HashiCorp Consul deployed onto a modern cloud platform like Microsoft Azure can help. In addition to providing a service discovery mechanism, Consul allows for configuration changes to services deployed in Azure, and add a service mesh capability.
Some key updates:
- We worked with HashiCorp to provide a set of quick starts (Terraform templates) for deploying Consul on Azure in both single and multiple region scenarios.
- We now have a set of guidelines for deploying Consul service mesh agents on top of Azure IaaS and Azure AKS environments.
- HashiCorp has launched a Helm template for Consul. Helm is the open source package manager for Kubernetes developed and supported by Microsoft. The Helm package for Consul, developed by Hashicorp enables Kubernetes users to easily deploy Consul into any Kubernetes environment, for example those created via the Azure Kubernetes Service.
These enhancements reflect the strong partnership between HashiCorp and Microsoft, something we are reinforcing at this year’s HashiConf. The progress over the past 12 plus months has set a strong foundation for future collaboration and advancements in the Cloud and DevOps space. As we look to the new year, our engineers are working to bring closer integrations to HashiCorp products with Azure services.
If you’re in San Francisco on October 23, 2018, I’ll be delivering a keynote on all these great engineering updates between our companies next week at HashiConf, see you there!