Apps vs Infra Where are my Pipelines? Julie Ng, Engineer, Microsoft DevOps.js Conference, March 2021 

Hi, I’m Julie • Engineer, FastTrack for Azure • Previously Enterprise Architect Allianz Germany (2016-2019) • Full-Stack Engineer, UX Designer • Likes: Node.js, Ruby, Open Source • Dislikes: Windows 😜 • Opinions are my own Engineering Bootcamp, Dublin, Ireland, February 2020 

Monorepo – CI Workflow Once Upon a Time /app refs/head/main dev.app.com refs/head/production app.com 

Monorepo – CD Workflow Once Upon a Time /app npm run e2e Build n+1 refs/head/main Build n push deploy dev.app.com deploy app.com OK? No Fail git commit Yes push refs/head/production 

Backends for Frontends (BFFs) Along came Mobile Devices and… /frontend refs/head/main refs/head/production /backend What do you want me to deploy? • Backend • Frontend • Both? 

• Git Push • Branches • Paths • Pull Requests • Schedule • Web Hooks Events and Triggers 

Monorepos & Triggers Pipeline As Code Example Snippet - Jenkins Example Snippet – Azure Pipelines 

🥴 

Split ‘em up Pipeline as Code backend.dev.Jenkinsfile backend.prod.Jenkinsfile frontend.dev.Jenkinsfile frontend.prod.Jenkinsfile 

What About Versioning? /frontend /backend v1.8.2 Version? v1.1 Distributed Monolith? 

Microservices Truly independent calculator subtract multiply divide add • v1.0 • v1.1 • v1.2 

Which End to End Tests? Independent, but still challenging multiply multiply.dev.app.com npm run e2e deploy calculator Which version of e2e? • /refs/head/production • /refs/tags/v1.3 promote or not promote? 

So how do we solve this? Talk to each other 😎 

Ingress Calculator to Kubernetes Management: All the Cool Kids are Doing it Ingress calculator code images charts calculator.com calculator Infra as Code Pipeline as Code 3 Repos X n Triggers So many triggers, events and dependencies 😬 

PROs • Total Control • More conducive to “Learning by Doing” without others relying on you • Easier overview of possible triggers • Easier to version • High Trust à Less Security configuration required. CONs • More skills required – App Dev, DevOps, Infrastructure, esp. networking • Tightly coupled app and infra Lifecycles Monorepo – App + Infra (one team) 

Multi-tenant Kubernetes What if it’s many teams? images Ingress Ingress calcula tor calculator add subtract multiply divide add subtract multiply divide calc infra CI/CD pull min. 7 Repos X n Triggers MORE triggers, events and dependencies(?) 🤯 

CI/CD at Scale - Layers infra dev.app.com foo.app.com DNS TLS Certs dev.app.com foo.app.com Ingress namespace namespace calculator pull TLS Certs team.app.com pull? pull? aks app Layer 0 - Infra Layer 1 – K8s Layer 2 – Apps dns dns fork Pull Request Example - InnerSource Multiple managed clusters 

InnerSource Code Examples Terraform https://github.com/julie-ng 

All the Security Configs Don’t Forget End-to-End Governance https://github.com/azure/devops-governance 

PROs • App Dev Teams – less infra experience required if everything pre-configured • Loose Coupling / Independent teams • InnerSource Possibilities • …you’re doing this because it’s required, right? CONs • Need very experienced central IT team • Many Security Vectors, the more granular… • The smaller the attack surface • The larger the management overhead DevOps at Scale (many teams) 

Choreography CI/CD is Easier with small teams, but still a dance 😎 

• Triggers grow exponentially. • Who owns the responsibility? E.g. uptime. Suppliers make the rules, not consumers. • What level of complexity are you most comfortable with? • E2E Tests are critical for automated promotion. • It’s OK to promote manually. • TALK TO EACH OTHER (within and across teams) • In Person • Chat • Video Meetings • Issues, Pull Requests, etc. Takeaways 

Follow Me GitHub.com/julie-ng julie.io