Infrastructure as Code and AI - does it fit? PATRICK KOCH

Patrick Koch Email: patrick.koch@avl.com Blog: patrickkoch.dev LinkedIn: patkoch87 GitHub: patkoch BlueSky: @patkoch.bsky.social Mastodon: @patkoch@hostux.social Cloud Adoption Engineer, AVL List GmbH Source icons: Microsoft, HashiCorp

Source: kleinezeitung.at – 01.04.2024

Content What is Infrastructure as Code? How does GenAI work? Why focusing on Infrastructure as Code? Usages of AI tools for Infrastructure as Code Conclusion

What is Infrastructure as Code?

What is Infrastructure as Code?  Infrastructure as Code (IaC) is a method of managing and provisioning computing infrastructure through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools. It's a key practice in DevOps and is used in conjunction with continuous delivery.  IaC allows developers to automate the process of setting up and managing infrastructure, which can lead to faster deployment times, more efficient use of resources, and more reliable and repeatable processes. It can be used to manage a wide range of services, including networks, virtual machines, load balancers, and connection topology. Source: GitHub Copilot

Example: Azure Kubernetes Cluster resource "azurerm_resource_group" "example" { name = "my-demo-rg" location = "West Europe" } resource "azurerm_kubernetes_cluster" "example" { name = "my-demo-aks" location = azurerm_resource_group.example.location resource_group_name = azurerm_resource_group.example.name dns_prefix = "exampleaks1" default_node_pool { name = "default" node_count = 1 vm_size = "Standard_D2_v2" } identity { type = "SystemAssigned" } tags = { Environment = "Production" } } Azure AKS Azure Icons: Azure Public Service Icons V14, Terraform Icon: HashiCorp Brand Kit

What is GenAI and how does it work?

https://terrateam.io/blog/using-llms-to-generate-terraform-code#what-is-a-large-language-model-llm “A Large Language Model (LLM) is an artificial intelligence model or program that generates text by “predicting” the next token in a sequence. These models are trained on massive datasets, requiring substantial parallel computing resources, such as GPUs, to process and learn from the vast amounts of text data..” “Developers can interact with the LLM by providing prompts or instructions, such as ‘ChatGPT, you are a developer…’ followed by a specific code generation request. The LLM then generates code snippets or functions based on the given prompt.”

Why focusing on IaC?

“LLMs are only as good as the data they're trained on. Terraform and IaC tools are relatively new …..That means the dataset the model was trained on (mostly from GitHub) is sparse. But most of all, most companies don't put their infra code on GitHub for security reasons. So the encoding space for this kind of code is sparse….” https://www.anyshift.io/blog/navigating-ai-in-your-infrastructure-dos-don-ts-and-why-it-matters

https://www.hashicorp.com/resources/the-story-of-hashicorp-terraform-with-mitchell-hashimoto

“The exact number of GitHub repositories used to train GPT-4 isn't publicly disclosed. However, GPT-4 was trained on a diverse dataset that includes a significant amount of code from various sources, including public repositories on GitHub. This extensive dataset helps the model understand and generate code effectively.” https://github.blog/news-insights/octoverse/octoverse-2024/

https://medium.com/@dlaytonj2/chatgpt-show-me-the-data-sources-11e9433d57e8

AI and IaC Example usages of AI tools for Infrastructure as Code

Answering questions

No content

No content

Code Generation

No content

No content

Security

resource "azurerm_network_security_group" "sg-rdp- connection" { name = "demonsg" location = azurerm_resource_group.rg.location resource_group_name = azurerm_resource_group.rg.name security_rule { name = "tcptraffic" priority = 100 direction = "Inbound" access = "Allow" protocol = "Tcp" source_port_range = "*" destination_port_range = "*" source_address_prefix = "*" destination_address_prefix = "*" } tags = { environment = "Testing" } }

No content

Code Interpretation

param registryName string param location string = resourceGroup().location param sku string = 'Basic' resource acr 'Microsoft.ContainerRegistry/registries@2021-06-01-preview' = { name: registryName location: location sku: { name: sku } properties: { adminUserEnabled: true } }

No content

Are my prompts retained?

Source: GitHub Copilot Trust Center - GitHub Resources

Source: https://learn.microsoft.com/en-us/purview/retention-policies-copilot#how-retention-works-with-microsoft-copilot-for-microsoft-365

Source: Gemini

• Don‘t blindly trust your suggested IaC code • Speeds up the development • In future: game changer and crucial for cloud deployments

THANK YOU! ☺