Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Understanding the Maturity of Infrastructure as...

Understanding the Maturity of Infrastructure as Code

Bruno Russi Lautenschlager

November 30, 2021
Tweet

More Decks by Bruno Russi Lautenschlager

Other Decks in Technology

Transcript

  1. Bruno Russi Lautenschlager • SRE @ iFood • AWS Community

    Builder • Creator @ Rocketseat • Pai de pet • YouTuber linktr.ee/bruno_russi
  2. What is Infrastructure as Code • Define your infrastructure as

    code instead of creating it manually • Infrastructure can be easily reproduced
  3. Types of IaC Not only infrastructure • Network as Code

    • Policy as Code • Configuration as Code • Security as Code
  4. How usually people use IaC Not on a git repository

    • Create and test locally infra files • Execute from local machine
  5. How usually people use IaC I have a repository but

    commit and push all on main/master No Review/Approval process • No pull requests • No code review • No collaboration • No automated tests
  6. How usually people use IaC Apply the infrastructure locally •

    Tooling version variations from one machine to another • Many people have access to the infrastructure • Difficulty tracking changes ◦ Hard to know who performed it and when ◦ No visibility of what is being applied and what has been applied
  7. How usually people use IaC No defined environment • No

    development/test environment for infra • You will find the problems only after applying
  8. GitOps: requirements Git repository • Version controlled • Team collaboration

    Pre-commit • Lint Process • Docs CI/CD • Test Process
  9. Why GitOps? 1. Visibility, RFC → Pull request 2. Conformance

    → CI/CD Pipelines a. Unit tests b. Lint 3. Review from team → Need the approval to apply 4. Less contact with credential → Atlantis
  10. Benefits • Automated process ◦ No tolling version variation ◦

    No human failures • More transparent ◦ Team collaboration ◦ More quality in code ◦ Any person can send a PR and propose a change • Greater security ◦ Only the pipeline has access to infra • Centralized ◦ Git is the source of truth (everything that passes is applied) ◦ Just revert a commit and open an MR for rollback ◦ Infra reflect what's in git