Using GitHub and Terraform to deploy Azure resources - Part 2

Table Of Contents

Intro

In this part of the blog series, I want to focus on the GitHub Actions I created in the first part and explain what the Action performs. I will also add the vNet resources to my deployments.

GitHub Actions explained

To explain what is going on in the GitHub Action, I have added comments to each code section.

# Name of the action
name: rg-connectivity-001

# Controls when the workflow will run
on:
  # Triggers the workflow on changes to the terraform files in the path
  # Subscriptions/Sub-MVP-Sponsorship/rg-connectivity-001/
  # Action will only trigger on the main branch
  push:
    paths:
      - 'Subscriptions/Sub-MVP-Sponsorship/rg-connectivity-001/*.tf'
  branches:
      - main
  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
  # This action only has one job called Connectivity
  Connectivity:
    # The type of runner that the job will run on
    runs-on: ubuntu-latest
        
    # Setting environment variables
    # Variables are used by Terraform to authenticate to Azure
    env:
      ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
      ARM_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
      ARM_SUBSCRIPTION_ID: ${{ secrets.MVP_SUBSCRIPTION }}
      ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
      
    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
      - uses: actions/checkout@v3

      # Initialize Terraform
      - name: 'Terraform init'
        id: init
        run: |
          cd Subscriptions/Sub-MVP-Sponsorship/rg-connectivity-001
          terraform init          

      # Create Terraform plan
      - name: 'Terraform plan'
        id: plan
        run: |
          cd Subscriptions/Sub-MVP-Sponsorship/rg-connectivity-001
          terraform plan          
      
      # Deploy the planned resources to Azure using Terraform
      - name: 'Terraform apply'
        id: apply
        run: |
          cd Subscriptions/Sub-MVP-Sponsorship/rg-connectivity-001
          terraform apply -auto-approve          

You might have noticed that I have added a few things to the actions since part 1, but please update your Actions with these changes if you haven’t. The main difference is adding the filter “braches: main,” the rest is cosmetic and only comments.

Creating the vNet, subnets and NSGs

The vNet in my hub network will contain just two subnets, one called GatewaySubnet and one called AzureFirewallSubnet. I have updated my variables to create these resources.tf and main.tf files for the rg-connectivity-001 resource group.

Variables.tf

variable "Location" {
    type        = string
    default     = "WestEurope"  
}

variable "ResourceGroup" {
    type        = string
    default     = "rg-connectivity-network-001"   
}

variable "vnet" {
  type = any
  default = {
    "vNetName"                      = "vnet-connectivity-001"
    "address_space"                 = ["172.16.0.0/16"]
  }  
}
variable "Subnets" {
    type = any
    default = {
        "GatewaySubnet" = {
            "name"      = "GatewaySubnet"
            "prefix"    = ["172.16.0.0/26"]
            "routeTable" = "rt-vnet-connectivity-gateway-001"
        }
        "FirewallSubnet" = {
            "name" = "AzureFirewallSubnet"
            "prefix" = ["172.16.0.64/26"]
            "routeTable" = "rt-vnet-connectivity-firewall-001"
        }
    }
}

Main.tf

resource "azurerm_resource_group" "resourcegroup" {
    name        = var.ResourceGroup
    location    = var.Location
}

resource "azurerm_virtual_network" "vnet" {
  name                = var.vnet.vNetName
  address_space       = var.vnet.address_space
  location            = azurerm_resource_group.resourcegroup.location
  resource_group_name = azurerm_resource_group.resourcegroup.name

  
}

resource "azurerm_subnet" "subnets" {
  for_each = var.Subnets
  name                 = each.value["name"]
  resource_group_name  = azurerm_resource_group.resourcegroup.name
  virtual_network_name = azurerm_virtual_network.vnet.name
  address_prefixes     = each.value["prefix"]
  
  depends_on = [
    azurerm_virtual_network.vnet
  ] 
}

Deployment of network resources

To deploy my updated code, I don’t need to do much. I need to commit my updated files to my main branch in GitHub; the rest will happen automatically via the GitHub actions.

I have worked in a new branch that allows me to commit code to GitHub without updating resources in Azure. Working with branches enables me to update my repository often, ensuring that I can revert to previous code with minimal changes.

Summary

I can now complete this second part of the blog series. I now have some network resources in my environment, and I also got to explain what goes on in the GitHub Actions.

Any feedback is welcome, so reach out on Twitter or LinkedIn, so I can fix any errors or optimize the code I am using.

Part 1: https://www.cloudninja.nu/post/2022/06/github-terraform-azure-part1/

Part 3: https://www.cloudninja.nu/post/2022/06/github-terraform-azure-part3/

Part 4: https://www.cloudninja.nu/post/2022/06/github-terraform-azure-part4/

Part 5: https://www.cloudninja.nu/post/2022/06/github-terraform-azure-part5/

Part 6: https://www.cloudninja.nu/post/2022/06/github-terraform-azure-part6/

Part 7: https://www.cloudninja.nu/post/2022/06/github-terraform-azure-part7/

Link for all the code in this post

I have put all the code used in this blog post on my GitHub repository so you can download or fork the repository if you want to.

https://github.com/mracket/GitHub-Terraform

Comments