An example of using terraform to call Azure APIs to provision a vnet with subnets, network security groups, and a bastion host.
- Create a service principal if you haven't already
az ad sp create-for-rbac -n "mycloud-1-sp" --role="Contributor" - Set env vars
export ARM_SUBSCRIPTION_ID= export ARM_CLIENT_ID= export ARM_CLIENT_SECRET= export ARM_TENANT_ID=
- Create
config.jsonnetby copying and editingconfig.bastion.example.jsonnet - Generate Terraform JSON
./build.sh - Deploy to Azure
./deploy.sh
The above steps generate this network:
Above diagram created by azuml.
I recently had to add a lot of NSG rules to a Terraform HCL + Azure project. The resulting HCL was verbose and riddled with rule name and rule priority conflicts.
I realized I had to invest more of my time to learn HCL better to make the code correct and maintainable or find a new way to express the rules. I considered three options: work smarter with HCL, write a code generator app that wrote HCL from a config file - ie: create my own DSL, or try jsonnet. jsonnet met my needs and I can use it for other purposes such as creating Kubernetes yaml.
The Terraform tool is still extremely valuable without HCL. While I don't use any HCL language features in this demo, I do use Terraform interpolation syntax for resolving the "not known until deployment" attributes.