Understanding the Maturity of Infrastructure as Code

Transcript

1. Understanding the Maturity of Infrastructure as Code

2. Bruno Russi Lautenschlager • SRE @ iFood • AWS Community

   Builder • Creator @ Rocketseat • Pai de pet • YouTuber linktr.ee/bruno_russi

3. What is Infrastructure as Code • Define your infrastructure as

   code instead of creating it manually • Infrastructure can be easily reproduced

4. Types of IaC Not only infrastructure • Network as Code

   • Policy as Code • Configuration as Code • Security as Code

5. How usually people use IaC Not on a git repository

   • Create and test locally infra files • Execute from local machine

6. How usually people use IaC I have a repository but

   commit and push all on main/master No Review/Approval process • No pull requests • No code review • No collaboration • No automated tests

7. How usually people use IaC Apply the infrastructure locally •

   Tooling version variations from one machine to another • Many people have access to the infrastructure • Difficulty tracking changes ◦ Hard to know who performed it and when ◦ No visibility of what is being applied and what has been applied

8. How usually people use IaC No defined environment • No

   development/test environment for infra • You will find the problems only after applying

9. Infra as code is very good and has many benefits,

   but often the process is 💩

10. GitOps: requirements Git repository • Version controlled • Team collaboration

    Pre-commit • Lint Process • Docs CI/CD • Test Process

11. Why GitOps? 1. Visibility, RFC → Pull request 2. Conformance

    → CI/CD Pipelines a. Unit tests b. Lint 3. Review from team → Need the approval to apply 4. Less contact with credential → Atlantis

12. Choice of path 1. Build a platform 2. Use the

    market platform

13. Build a platform

14. Use the market platform

15. Why platforms are the future?

16. Use Cases

17. Benefits • Automated process ◦ No tolling version variation ◦

    No human failures • More transparent ◦ Team collaboration ◦ More quality in code ◦ Any person can send a PR and propose a change • Greater security ◦ Only the pipeline has access to infra • Centralized ◦ Git is the source of truth (everything that passes is applied) ◦ Just revert a commit and open an MR for rollback ◦ Infra reflect what's in git

18. Demo ⚡

19. 󰢨 Questions? 󰢡

20. Thanks

21. youtube.com/brunorussi

22. Reference • https://www.runatlantis.io • https://hub.docker.com/r/runatlantis/atlantis • https://github.com/terraform-aws-modules/terraform-aws-atlantis • https://github.com/msfidelis/atlantis-aws •

    https://youtu.be/f5EpcWp0THw
23. None