The Building Blocks of Infrastructure Lifecycle Management

Transcript

1. The building blocks of Infrastructure Lifecycle Management Kerim Satirli Jenna

   Goldstrich Sr. Developer Advocate Infrastructure & Orchestration Sr. Software Engineer Packer & HCP Packer

2. Senior Developer Advocate, Infrastructure & Orchestration he / him @ksatirli

   Kerim Satirli

3. Senior Software Engineer Packer & HCP Packer she / her

   Jenna Goldstrich

4. 01 Adopt

5. Cloud Chaos Codification Collaboration

6. Collaboration Containerization Compliance Certification I S O

7. Collaboration Containerization Compliance Certification C I S

8. Collaboration Containerization Compliance Certification P C I

9. Collaboration Containerization Compliance Certification N I S

10. Collaboration Containerization Compliance Certification C S I C S I

11. 02 Standardize

12. Consistent Codified Platform Compliant

13. Consistent Codified Platform Compliant

14. None
15. None

16. Workspace: gap-closer

17. HCP Terraform Explorer app.terraform.io/app/HashiCafe-inc/explorer/types/Workspaces

18. HCP Terraform Explorer app.terraform.io/app/HashiCafe-inc/explorer/types/Workspaces

19. app.terraform.io/app/HashiCafe-inc/explorer/views HCP Terraform Explorer

20. Can you fix this Workspace? Looks like a new vuln.

    Can you fix? Greetings from HashiConf! app.terraform.io/app/HashiCafe-inc/explorer/views HCP Terraform Change Request

21. app.terraform.io/app/HashiCafe-inc/explorer/views HCP Terraform Explorer

22. HCP Packer portal.cloud.hashicorp.com/services/packer/buckets/gapcloser/versions

23. HCP Packer portal.cloud.hashicorp.com/services/packer/buckets/gapcloser/versions/3

24. HCP Packer portal.cloud.hashicorp.com/services/packer/buckets/gapcloser/versions/3

25. app.terraform.io/app/HashiCafe-inc/explorer/views HCP Packer

26. app.terraform.io/app/HashiCafe-inc/explorer/views HCP Packer

27. app.terraform.io/app/HashiCafe-inc/explorer/views HCP Packer

28. gapcloser.pkr.hcl Terraform Resources data "hcp_packer_artifact" "gapcloser" { bucket_name = "gapcloser"

    platform = "docker" region = "docker" channel_name = "production" } resource "nomad_job" "gapcloser_scraper" { jobspec = templatefile("${path.module}/gapcloser.nomad.hcl", { CONTAINER_IMAGE = data.hcp_packer_artifact.gapcloser.external_identifier SCRAPER_PROFILE = "code" }) }

29. source "docker" "gapcloser-scraper" { image = data.hcp-packer-artifact.nodejs-base.labels["ImageDigest"] commit = true

    platform = "linux/amd64" exec_user = "gapcloser:gapcloser" } build { hcp_packer_registry { bucket_name = "gapcloser-scraper" } sources = [ "source.docker.gapcloser-scraper" ] provisioner "file" { source = "./app" destination = "/app" } Packer template service_gapcloser.tf

30. } sources = [ "source.docker.gapcloser-scraper" ] provisioner "file" { source

    = "./app" destination = "/app" } post-processors { post-processor "docker-tag" { repository = var.registry_host tags = concat(var.extra_tags, [ local.timestamp_cleaned, "latest" ]) } post-processor "docker-push" { ecr_login = true login_server = var.registry_host } Packer template service_gapcloser.tf

31. source "docker" "gapcloser-scraper" { image = data.hcp-packer-artifact.nodejs-base.labels["ImageDigest"] commit = true

    platform = "linux/amd64" exec_user = "gapcloser:gapcloser" } build { hcp_packer_registry { bucket_name = "gapcloser-scraper" } sources = [ "source.docker.gapcloser-scraper" ] provisioner "file" { source = "./app" destination = "/app" } Packer template service_gapcloser.tf

32. 15 minutes later

33. github.com/hashicorp-forge/gapcloser-scrapers/compare/main...fix_vuln_issue Opening a PR Fix Vulnerability in Scraper application I

    got a request from Kerim to patch this dependency, this PR updates one of our core dependancies that was vulnerable to a CVE described in this ticket here please approve ASAP to mitigate this vulnerability in this image.

34. HCP Packer portal.cloud.hashicorp.com/services/packer/buckets/gapcloser/versions/3

35. HCP Packer portal.cloud.hashicorp.com/services/packer/buckets/gapcloser/versions/3

36. service_gapcloser.tf Terraform Resources data "hcp_packer_artifact" "gapcloser" { bucket_name = "gapcloser"

    platform = "docker" region = "docker" channel_name = "production" } resource "nomad_job" "gapcloser_scraper" { jobspec = templatefile("${path.module}/gapcloser.nomad.hcl", { CONTAINER_IMAGE = data.hcp_packer_artifact.gapcloser.external_identifier SCRAPER_PROFILE = "code" }) }

37. 03 Scale

38. None

39. Platform team

40. app.terraform.io/app/HashiCafe-inc/registry/private/modules Insert title here!

41. app.terraform.io/app/HashiCafe-inc/registry/modules/private/HashiCafe-inc/gapcloser-scrapers/aws/0.2.1 Insert title here!

42. app.terraform.io/app/HashiCafe-inc/registry/modules/private/HashiCafe-inc/gapcloser-scrapers/aws/0.2.1 Insert title here!

43. app.terraform.io/app/HashiCafe-inc/registry/modules/private/HashiCafe-inc/gapcloser-scrapers/aws/0.2.1 Insert title here!

44. app.terraform.io/app/HashiCafe-inc/registry/modules/private/HashiCafe-inc/gapcloser-scrapers/aws/0.2.1 Insert title here! Fixed a downstream vulnerability, please update

    to the latest version of this module. https://wiki.internal/security-reports/gapcloser-scrapers/0.2.1

45. app.terraform.io/app/HashiCafe-inc/registry/modules/private/HashiCafe-inc/gapcloser-scrapers/aws/0.2.1 Insert title here!

46. People Foundational processes enable a better understanding of our infrastructure

    through basic monitoring and modularization. Adopt Standardized workflows unlock consistency and compliance through guardrails and codified best-practice patterns. Standardize Cross-stack architecture enables guided and self- service deployments that empower teams to scale. Scale Summary

47. Next steps hashi.co/ilmwithhcp Get the whitepaper

48. Learn More Empowering Platform teams Today at 12:00 pm Level

    2, Ensemble Ballroom

49. Learn More AI workloads with Nomad and NVIDIA Today at

    04:15 pm Level 5, West Prefunction Empowering Platform teams Today at 12:00 pm Level 2, Ensemble Ballroom

50. Thank you