Self-service Infrastructure as Code: People, process, product

Transcript

1. THE PAYMENTS BANK FOR THE NEW ECONOMY Self-service IaC: People,

   process, product HashiTalks, Feb. 16th, 2023

2. A BIT OF HISTORY… ”We need an environment…” ”Talk to

   this guy, he’s the one who knows” “Script does 20%, I have instructions for the rest.” Banking Circle 2 First week at the new job

3. Banking Circle 3

4. DEVOPS “DevOps is the union of people, process, and products

   to enable continuous delivery of value to our end users.” Donovan Brown Banking Circle 4

5. DEV & OPS People Process Product/Tech Banking Circle 5 Dev

   Ops Dev Dev Dev Dev Dev

6. DEV & OPS People Process Product/Tech • Dev. teams wait

   too long • Ops team have too much to do • Communication happens too late • Ops team is a bottleneck • Different solutions to same problem • Environmental drift • Every change is a “big thing” • Requires specific knowledge • Hard to replicate/repeat Banking Circle 6 Dev Ops Dev Dev Dev Dev Dev

7. Dev Dev Dev Dev Dev DevOps DEV, DEVOPS & OPS

   People Process Product/Tech Banking Circle 7 Dev Ops Dev Dev Dev Dev Dev

8. Dev Dev Dev Dev Dev DevOps DEV, DEVOPS & OPS

   People Process Product/Tech • Workload falls on DevOps • Big cognitive load on DevOps • Communication with Ops happens too late • More points of communication in the process • Bottleneck partially moved from Ops to DevOps • Different solutions to same problem • Declarative, repeatable • Requires specific knowledge Banking Circle 8 Dev Ops Dev Dev Dev Dev Dev

9. TEAM TOPOLOGIES Banking Circle 9 Dev DevOps Ops DevOps Ops

   BEFORE AFTER Dev Dev M. Skelton and M. Pais, “Team Topologies: Organizing Business and Technology Teams for Fast Flow”, 2019

10. TEAM TOPOLOGIES • Shared, re-usable, self-service “building blocks” • Blocks

    are easy-to-use, standard, compliant • DevOps (platform) team provides, maintains and supports those blocks • Dev. (stream-aligned) teams are self-sufficient all along the SDLC, using those blocks Banking Circle 10 Our solution

11. INFRASTRUCTURE AS CODE • Terraform modules • Collection of resources

    • Azure DevOps pipeline templates • ”Do the same thing in the same way” Banking Circle 11 Shared, re-usable, self-service ”building blocks”

12. TERRAFORM PROJECT Banking Circle 12 Pipelines Projects Modules Self-service approach

13. TERRAFORM PROJECTS Banking Circle 13 Project development flow

14. GOVERNANCE MODEL • Owner/Maintainer • Contributor • User Banking Circle

    14 For projects and modules

15. PIPELINE TEMPLATES • Simplify adoption • Standardize: • Operations •

    Validate, plan, apply • Testing and validation • Pipeline agents • State storage • Secrets management • Pipeline flow • Approvals • Environments Banking Circle 15 ”Do the same thing in the same way”

16. TERRAFORM MODULES “A module is a container for multiple resources

    that are used together. You can use modules to create lightweight abstractions, so that you can describe your infrastructure in terms of its architecture, rather than directly in terms of physical objects.” Banking Circle 16 Collections of resources Hashicorp Developer, “Module Development”, 2023

17. TERRAFORM MODULES Name What is it? azurerm_storage_account Storage account azurerm_key_vault_secret

    Keyvault secret(s) containing the connection string azurerm_storage_container Blob container(s) azurerm_storage_blob File(s) to be uploaded Banking Circle 17 Example: terraform-azurerm-storage

18. MODULE USAGE Banking Circle 18

19. TERRAFORM MODULES Banking Circle 19 Development flow

20. TERRAFORM MODULES • Deployable examples • Used as reference •

    Used for unit testing • Static code analysis (checkov) Banking Circle 20 Validation

21. TERRAFORM MODULES • Published modules are already validated • Modules

    are versioned Banking Circle 21 Modules registry

22. TERRAFORM MODULES • Includes examples • Auto-generated • terraform-docs •

    Mkdocs • Published twice • As README of repository • As a website (including all our modules) Banking Circle 22 Documentation

23. Banking Circle 23

24. Banking Circle 24

25. DEVOPS “DevOps is the union of people, process, and products

    to enable continuous delivery of value to our end users.” Donovan Brown Banking Circle 25

26. PLATFORM People Process Product/Tech • More engagement • More collaboration

    • More awareness • More control • More reliability • Less ”hard work” • Ease of usage • Idempotency • Repeatability Banking Circle 26 DevOps Ops Dev

27. LINKS • Team Topologies • Terratest • Checkov • MkDocs

    • terraform-docs Banking Circle 27

28. THE PAYMENTS BANK FOR THE NEW ECONOMY Thank you