Skip to main content
Version: Next

Part 1: CI/CD Pipeline Deployment

Implementation Azure

DOCUMENT CATEGORY: Part Overview SCOPE: Phase 04 - Azure Management Infrastructure (CI/CD Method) PURPOSE: Automated deployment using CI/CD pipeline and Terraform MASTER REFERENCE: azurelocal-toolkit

Status: Active Execution: Recommended deployment method Last Updated: 2026-02-07

Part Purpose

This part documents the automated deployment of Azure management infrastructure using CI/CD pipelines. This is the recommended approach for most deployments.

The pipeline uses the azurelocal-toolkit Terraform module to deploy all management infrastructure in a standardized, repeatable way.

Module Documentation

For detailed configuration options, variable reference, and advanced features, see the azurelocal-toolkit README.

Phases in This Part

PhaseTitleDescriptionTasks
Phase 01ConfigurationConfigure Terraform variables for management and cluster modes3
Phase 02Pipeline ExecutionExecute CI/CD pipeline pipeline and monitor deployment6
Phase 03ValidationVerify deployed resources and connectivity3

Execution Flow

┌─────────────────────────────────────────────────────────────────────────────┐
│ Part 1: CI/CD Pipeline Deployment │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────────────────────────┐ │
│ │ Phase 01 │ │ Phase 02 │ │ Phase 03 │ │
│ │Configuration│───▶│ Pipeline │───▶│ Validation │ │
│ │ │ │ Execution │ │ │ │
│ └─────────────┘ └─────────────┘ └─────────────────────────────────┘ │
│ │ │ │ │
│ ▼ ▼ ▼ │
│ ┌───────────┐ ┌─────────────┐ ┌───────────────────────────────────┐ │
│ │ Variables │ │ CI/CD │ │ ┌─────────┐ ┌─────────────────┐ │ │
│ │Configured │ │ Pipeline │ │ │Resources│ │ Connectivity │ │ │
│ └───────────┘ │ Runs │ │ │Verified │ │ Tested │ │ │
│ └─────────────┘ └───────────────────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────────────────┘

Key Deliverables

DeliverablePhaseDescription
Terraform Variables01Management and cluster configuration defined
Pipeline Execution02Successful deployment via CI/CD pipeline
Management Resources02VNet, VPN Gateway, Bastion, Key Vault, Log Analytics
Cluster Resources02VPN Connection, cluster Key Vault, storage, DNS records
Validated Deployment03All resources verified and connectivity tested

Deployment Modes

Deployment Modes

The CI/CD method provides two deployment modes:

Management Mode (Once per Environment)

Deploys shared infrastructure for an entire environment:

  • Virtual Network with subnets (Gateway, Azure Local, Bastion, Private Endpoints, DNS)
  • VPN Gateway for site-to-site connectivity
  • Azure Bastion for secure VM access
  • NAT Gateway for outbound internet
  • Log Analytics Workspace for monitoring
  • Key Vault for secrets management
  • Private DNS Zone and DNS Resolver
  • Network Security Groups
  • NDM Server for monitoring (optional)
  • Utility Server (optional)

Cluster Mode (Once per Azure Local Cluster)

Deploys cluster-specific resources:

  • VPN Connection to on-premises cluster network
  • Cluster Key Vault
  • Cluster Log Analytics Workspace
  • Cloud Witness Storage Account
  • Arc Gateway (optional)
  • DNS A records for cluster nodes

Benefits

Automated & Consistent: Standardized infrastructure across all deployments ✅ Version Controlled: All configuration tracked in Git with change history ✅ Tested & Validated: Built-in validation, security scanning, and compliance checks ✅ Secure State Management: Terraform state stored in Azure Storage with encryption ✅ Audit Trail: Complete deployment history and approval records ✅ Modular: Reusable Terraform module with proven patterns

Prerequisites

Before starting automated deployment:

Resources Deployed

Management Mode Resources

ResourcePurposeQuantity
Resource GroupContainer for management resources1
Virtual NetworkHub network for management1
SubnetsNetwork segmentation5
VPN GatewaySite-to-site connectivity1
Azure BastionSecure VM access1
NAT GatewayOutbound internet1
Log Analytics WorkspaceMonitoring and logging1
Key VaultSecrets management1
Private DNS ZoneInternal DNS1
DNS ResolverDNS forwarding1
Network Security GroupsTraffic filtering2+
NDM Server (optional)SNMP/syslog monitoring1
Utility Server (optional)Management jumpbox1

Cluster Mode Resources

ResourcePurposeQuantity
Resource GroupContainer for cluster resources1
VPN ConnectionOn-prem cluster connectivity1
Key VaultCluster secrets1
Log Analytics WorkspaceCluster monitoring1
Storage AccountCloud witness1
Arc Gateway (optional)Hybrid connectivity1
DNS A RecordsNode name resolution1 per node

Deployment Timeline

ComponentDeployment Time
Management Mode45-60 minutes
VPN Gateway30-45 minutes
Other resources15-20 minutes
Cluster Mode10-15 minutes
VPN Connection5 minutes
Other resources5-10 minutes
VPN Gateway Deployment

The VPN Gateway is the longest-running resource. Plan accordingly and do not interrupt the deployment.

Module Resources

Next Steps

After successful deployment:

  1. Proceed to VM Configuration — Configure AD DS, utility server, NDM, Lighthouse, and WAC
  2. Verify VPN connectivity with on-premises network team
  3. Test Bastion access to deployed VMs (if applicable)
  4. Store credentials in Key Vault
  5. Configure monitoring in Log Analytics
  6. Proceed to Phase 05: Identity & Security

Alternative Methods

If automated CI/CD deployment is not suitable for your environment:

PreviousUpNext
Phase 03 - RBAC PermissionsPhase 04 - Management InfrastructurePhase 01 - Configuration

Version Control

VersionDateAuthorChanges
1.0.02026-03-24Azure Local Cloudnology TeamInitial release