Self-service IaC @ Banking Circle

Transcript

1. THE PAYMENTS BANK FOR THE NEW ECONOMY Self-service IaC @

   Banking Circle DevOps Meetup, Copenhagen, Nov. 10th, 2022

2. ABOUT US Banking Circle is a fully licensed next generation

   Payments Bank that is designed to meet the global banking and payments needs of Payments businesses, Banks and Marketplaces. Our mission is to increase efficiency and reduce costs around cross-border transactions, so that a transaction that used to take 5 days and cost 50 Euros, takes only 5 seconds and costs 50 cents in the future. Banking Circle 2 Banking Circle

3. ABOUT ME Spanish, >5 years in Denmark Senior Engineer at

   Banking Circle Banking Circle 3 Juan

4. BEGINNING OF THE JOURNEY ”We need an environment…” “Script does

   20%, I have instructions for the rest.” Banking Circle 4 My first week

5. Banking Circle 5

6. PROBLEMS BEFORE USING IAC • Overloaded Ops • Single points

   of failure • Environment drift • Friction between Devs & Ops • Every change is ”a big thing” • Same problem solved in different ways Banking Circle 6

7. TEAM TOPOLOGIES Banking Circle 8 M. Skelton and M. Pais,

   “Team Topologies: Organizing Business and Technology Teams for Fast Flow”, 2019

8. TEAMS AT BANKING CIRCLE • DevOps Team – Both Platform

   and Enabling team • Several Developer Teams – Stream-aligned team Banking Circle 9 Dev DevOps Ops DevOps Ops BEFORE AFTER Dev Dev

9. OUR SOLUTION • Terraform modules • Collection of resources •

   Azure DevOps pipeline templates • ”Do the same thing in the same way” Banking Circle 10 Shared, re-usable, self-service ”building blocks”

10. TECH STACK Banking Circle 11

11. GOVERNANCE MODEL • Owner/Maintainer • Contributor • User Banking Circle

    12 For projects and modules

12. TERRAFORM MODULES “A module is a container for multiple resources

    that are used together. You can use modules to create lightweight abstractions, so that you can describe your infrastructure in terms of its architecture, rather than directly in terms of physical objects.” Banking Circle Confidential 14 Collections of resources Hashicorp Developer, “Module Development”, 2022

13. TERRAFORM MODULES Name What is it? azurerm_storage_account Storage account azurerm_key_vault_secret

    Keyvault secret(s) containing the connection string azurerm_storage_container Blob container(s) azurerm_storage_blob File(s) to be uploaded Banking Circle 15 Example: terraform-azurerm-storage

14. MODULE USAGE Banking Circle 16

15. TERRAFORM MODULES Banking Circle 17 Development flow

16. TERRAFORM MODULES • Auto-generated • terraform-docs • mkdocs • Deployable

    examples Banking Circle 18 Documentation

17. Banking Circle 19

18. Banking Circle 20

19. TERRAFORM MODULES • Static code analysis (Checkov) • Unit test

    (through deployable examples) Banking Circle 21 Validation

20. PIPELINE TEMPLATES • Simplify adoption • Standardize: • Operations •

    Validate, plan, apply • Testing and validation • Pipeline agents • State storage • Secrets management • Pipeline flow • Approvals • Environments Banking Circle 22 ”Do the same thing in the same way”

21. TERRAFORM PROJECTS Banking Circle 24 Project development flow

22. DEVOPS PLATFORM • Centralized documentation • Self-service APIs Banking Circle

    25

23. Banking Circle 26

24. Banking Circle 27

25. NOT THERE YET… • State management is still a pain

    point • For teams that are new to IaC, help is needed at the beginning • Platform needs to be further developed • Development flow when both module and project change could be smoother • We aim for further decentralization, i.e., more Contributors to the different building blocks Banking Circle 28

26. CONCLUSION “DevOps is the union of people, process, and products

    to enable continuous delivery of value to our end users.” Donovan Brown Banking Circle 29

27. © Banking Circle, 2020 bankingcircle.com bankingcircle.com DISCLAIMER: This material has

    been prepared for the purpose of discussing possible business relationships with potential clients of Banking Circle S.A., a credit institution licensed under Luxembourg law with branches in Germany, the United Kingdom and Denmark passported under the EU/EEA passporting regime (“Banking Circle”). It is provided for information and negotiation purposes only and shall not constitute or be construed as a binding offer from Banking Circle. All prices, data and other information in this material are subject to an agreement with Banking Circle. This material is provided on a confidential basis and may not be reproduced, redistributed or transmitted, in whole or in part, without the prior written consent of Banking Circle. Any unauthorized use is strictly prohibited. Banking Circle disclaims any responsibility or liability to the fullest extent permitted by applicable law, whether in contract, tort (including, without limitation, negligence) for any loss or damage arising from any reliance on or the use of this material in any way. The information contained herein is as of the date and Banking Circle does not undertake any obligation to update such information. Nothing in this material should be construed as an offer, or the solicitation of an offer, to purchase, subscribe to or sell any payment services, or to engage in any other transaction or provide any kind of financial services in any jurisdiction where Banking Circle or any of its affiliates do not have the necessary licence. THE PAYMENTS BANK FOR THE NEW ECONOMY Thank you Banking Circle 33