azure devops pipeline container job with terraform

This blog article will leverage the Azure DevOps pipeline container job to be able to deploy an Hashicorp Terraform template.

Just to make sure, you don’t need to use a container job to deploy a Terraform template with Azure DevOps, one of the Microsoft-hosted agents, the Ubuntu 16.04 has already Terraform installed. But currently, the version pre-installed is 0.11.11, I would like 0.11.13. And when it will changed, I would like to keep the specific version of my choice.
Another way to deploy a Terraform template and have more control is to manage your own private agent as an Ubuntu VM or an Ubuntu Docker image (~10GB…). But I need to host it and maintain it, that I don’t want to do. Here is an example with Terraform installed on a custom Docker image agent.

My goal here is to run some tasks on a specific container job with a specific Terraform version installed on a consistent and light way. Here is the GitHub repository I have build for this: mathieu-benoit/terraform-agent. You will find:

• Dockerfile to build my own Docker image with Terraform pre-installed
• azure-pipeline.yml which defines 2 phases:
  • Build: to build my Terraform agent image and push it then here: mabenoit/terraform-agent (~57MB)
  • Release: which uses a container job to actually deploy a Terraform template with the previously built Terraform agent image. In that simple example we deploy an Azure Resource Group.

Like you could see in my Dockerfile to build that container image, I’ve learned how to optimize its size by following these 2 recommendations:

• Ubuntu 18.04 is now the minimal Ubuntu
  • 16.04=44MB and 18.04=32MB
• Lightweight Docker Images in 5 Steps
  • Fewer layers + integrating the rm -rf /var/lib/apt/lists/* command after the apt-get update command in the same RUN command

Remark: initializing/pulling this Docker image takes ~21 seconds in my build pipeline.

Further considerations:

• For now the Azure DevOps pipeline container job is only available for the Build definition and not the release definition for now. And furthermore it’s only supported for the YAML definition and not the yet via the UI designer.
• You could read more about the Container Jobs in Azure Pipelines here: https://docs.microsoft.com/azure/devops/pipelines/process/container-phases
• Not part of this blog article, but you need to store Terraform state in Azure Storage in your CI/CD pipeline to keep the state between 2 Terraform template deployment.
• Even if that blog article was focused on Terraform, you could use this process and concept with any tool of your choice.

Resources:

• Terraform with Azure
• Provisioning an AKS cluster using Hashicorp Terraform
• Tutorial: Terraforming your JAMstack on Azure with Gatsby, Azure Pipelines, and Git
• Use your own build container image to create containerized apps
• I cho, cho, choose you container image Part 1 and Part 2

Hope you enjoyed this blog article and you will be able to leverage and adapt it for your own needs and projects!

Cheers! ;)