Infrastructure Lifecycle Management

Transcript

1. Kerim Satirli Senior Devevloper Advocate, HashiCorp Unlocking Infrastructure Lifecycle Management

2. ©2024 HASHICORP Maximize infrastructure investments Infrastructure Nomad Scheduling and orchestration

   Automated developer services Waypoint Packer Build and manage images as code Terraform Infrastructure as code provisioning WORKFLOW AUTOMATION SYSTEM OF RECORD LIFECYCLE MANAGEMENT Infrastructure as code to build, deploy and manage the lifecycle of infrastructure and applications.

3. ©2024 HASHICORP Optimize infrastructure on Day 1 Build Author infrastructure

   and images as code Create and share reusable modules Collaborate safely via version control

4. ©2024 HASHICORP Optimize infrastructure on Day 1, Day 2 Deploy

   Enforce security and compliance Standardize provisioning workflows Enable self-service patterns

5. ©2024 HASHICORP Optimize infrastructure on Day 1, Day 2, and

   beyond Manage Gain organization-wide visibility Monitor infrastructure health and drift Auto-destroy temporary resources

6. ©2024 HASHICORP Blueprint for cloud success Security Infrastructure Compose Collaborate

   Publish and discover Enforce policy Enable self-service Observe and respond Manage all secrets Enforce policy Ensure continuity Automate and observe Remediate Encrypt seamlessly Stage 1: Adopting Stage 2: Standardizing Stage 3: Scaling

7. ©2024 HASHICORP Team goals People Tools Process Platform teams Standardize

   and automate Enable app and service teams Reduce cross-team friction AppDev teams Accelerate app delivery Get infrastructure quickly Reduce context switching

8. How do we go from blocker to enabler?

9. ©2024 HASHICORP Build 01

10. ©2024 HASHICORP Platform team Container registry HCP Packer artifact registry

    VCS Packer template Infrastructure lifecycle

11. ©2024 HASHICORP HCP Terraform private registry Packer template HCP Packer

    artifact registry Terraform module Platform team Container registry VCS Infrastructure lifecycle

12. ©2024 HASHICORP HCP Terraform private registry HCP Waypoint templates/add-ons App

    developers Actions HCP Packer artifact registry Terraform module Application Add-ons Packer template Platform team Container registry VCS Infrastructure lifecycle

13. ©2024 HASHICORP data "hcp-packer-artifact" "nodejs-base" { bucket_name = var.base_image_bucket channel_name

    = var.base_image_channel platform = "docker" region = "docker" } Images as code • Repeatable and automated builds with Packer • Common syntax and workflow for AMIs, VM templates, and containers • Publish artifact metadata to HCP Packer registry source "docker" "store-frontend" { image = data.hcp-packer-artifact.nodejs-base.labels["ImageDigest"] commit = true platform = "linux/arm64" changes = [ "WORKDIR /app", "ENTRYPOINT [\"/app/entrypoint.sh\"]", "CMD [\"node_modules/.bin/next\", \"start\"]", "USER nextjs", "EXPOSE 3000", ] } store-frontend.pkr.hcl

14. ©2024 HASHICORP build { hcp_packer_registry { bucket_name = "hashicafe-store-frontend" description

    = "HashiCafe store frontend Node.js app container." bucket_labels = { "owner" = var.owner "department" = var.department } } sources = ["source.docker.store-frontend"] provisioner "shell" { script = "build-app.sh" } post-processor "docker-tag" { repository = "${var.registry_host}/hashicafe-store-frontend" tags = [ local.timestamp, "latest" ] } post-processor "docker-push" { } } store-frontend.pkr.hcl • Repeatable and automated builds with Packer • Common syntax and workflow for AMIs, VM templates, and containers • Publish artifact metadata to HCP Packer registry Images as code

15. ©2024 HASHICORP • Promote for deployment using specific channels •

    Incrementally update channels as new builds are approved and tested Images as code

16. ©2024 HASHICORP Standardize with modules main.tf data "hcp_packer_artifact" "frontend" {

    bucket_name = var.hcp_packer_bucket_name channel_name = var.hcp_packer_channel platform = "docker" region = "docker" } resource "aws_ecs_task_definition" "app" { container_definitions = jsonencode( [ { name : "frontend" image : data.hcp_packer_artifact.frontend.labels["ImageDigest"] essential : true portMappings = [{ containerPort = 3000 }] } ] ) } • Design for reusability

17. ©2024 HASHICORP run "unit_test" { command = plan assert {

    condition = local.base_name == "hashicafe-frontend-demo-app" error_message = "Interpolated resource name doesn't match expected." } assert { condition = length(data.aws_subnets.private.ids) >= 2 error_message = "Expected at least 2 private subnets." } } run "input_validation" { command = plan variables { task_cpu = 100 # Min is 256 task_memory = 256 # Min is 512 } expect_failures = [ var.task_cpu, var.task_memory ] } Standardize with modules tests/unit-tests.tftest.hcl • Design for reusability • Bake-in compliance rules and approved practices • Extend with tests and functional health checks

18. ©2024 HASHICORP check "service_health" { assert { condition = aws_ecs_service.app.task_definition

    == aws_ecs_task_definition.app.arn error_message = "The service is not using the latest task definition.” } } check "web_health" { data "http" "service" { url = "https://${local.dns_name}" } assert { condition = data.http.service.status_code == 200 error_message = "${data.http.service.url} returned an unhealthy status.” } } Standardize with modules checks.tf • Design for reusability • Bake-in compliance rules and approved practices • Extend with tests and functional health checks

19. ©2024 HASHICORP • Private registry with integrated publishing, versioning, and

    testing • Enable module for easy no-code provisioning Publish and discover

20. ©2024 HASHICORP • Platform teams curate a catalog of golden

    patterns • Templates and add-ons use Terraform no-code modules • Consistent governance with policy as code and run tasks Beta + Pave a golden path

21. ©2024 HASHICORP Risk Standardized, modular deployment patterns Approved and hardened

    images and modules Build People Cost Best practices directly codified in modules Less duplicated effort for overcommitted teams Speed Automation through codification Reusability - stop reinventing the wheel

22. How do we make tomorrow better?

23. ©2024 HASHICORP Deploy 02

24. ©2024 HASHICORP 4,200+ providers Workspaces VCS/CLI/API Kubernetes Operator No-code provisioning

    Plan Apply Run tasks OPA Sentinel Policy Developer platform Dynamic provider credentials (OIDC) Service catalogs Standardized provisioning workflow

25. ©2024 HASHICORP Self-service flow • App devs get a push-button

    consumption experience • Module inputs and outputs synced with HCP Terraform • Add-ons for optional app and infra dependencies Beta

26. ©2024 HASHICORP Beta Self-service flow • Platform teams curate a

    catalog of golden patterns • Templates and add-ons use Terraform no-code modules • Consistent governance with policy as code and run tasks

27. ©2024 HASHICORP Deploy Risk Proactive, consistent policy enforcement Keep cloud

    credentials dynamic and safe Speed Eliminate slow ticket- driven process Developers enabled to innovate on apps Cost Eliminate deployment and over-provisioning errors Reduce burden on app and platform teams Eliminate blockers and reduce frustration People

28. What happens after Day 1?

29. ©2024 HASHICORP Manage 03

30. ©2024 HASHICORP Platform teams expose common tasks for Day 2

    operations: • Trigger CI/CD action • Build promotion and rollback • Toggle a feature flag Beta Day 2 actions

31. ©2024 HASHICORP Day 2 visibility • Explorer provides views into

    workspace details • Sort and filter, export to CSV • API access for programmatic reporting and processing

32. ©2024 HASHICORP Assessments • Automatic drift detection • Continuous validation

    of checks and conditions • Proactive notifications

33. ©2024 HASHICORP Clean-up • Self-service: delete HCP Waypoint app, workspace

    gets destroyed • Terraform ephemeral workspaces: auto-destroy temporary resources

34. ©2024 HASHICORP Manage Risk Detect and remediate drift and health

    risks Speed Golden patterns for app developers Shared service available to all teams Cost Clean up temporary resources Avoid costly health issues and outages People Reduce friction between app, platform, and security teams

35. ©2024 HASHICORP Infrastructure Compose Collaborate Publish and discover Enforce policy

    Enable self-service Observe and respond Private registry Dynamic image usage No-code provisioning Standardize application delivery Policy as code Integrate security tooling Continuous validation Auto-destroy temporary resources Infrastructure as code Provision cloud resources Version control integration Role-based access Stage 1: Adopting Stage 2: Standardizing Stage 3: Scaling Blueprints for cloud success

36. Prescriptive guidance

37. ©2024 HASHICORP Next steps Tutorials and certification developer.hashicorp.com Sign up

    for free hashicorp.com/cloud