Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ADDO - Integrating Infrastructure as Code into a Continuous Delivery Pipeline

Adarsh Shah
November 06, 2019
Technology
2
540

ADDO - Integrating Infrastructure as Code into a Continuous Delivery Pipeline

Infrastructure as Code (IaC) is the approach that takes proven coding techniques used by software systems and extends them to infrastructure. It is one of the key DevOps practices that enables teams to deliver infrastructure rapidly, reliably and at scale, and thereby also software running on that infrastructure.

The primary goal of Continuous Delivery (CD) is to ensure that the software can be reliably released at any time and integrating IaC as part of the CD pipeline helps in furthering that goal.

Adarsh Shah has helped organizations from various domains adopt IaC & CD. In this presentation, he will talk about benefits & challenges of integrating Infrastructure as Code into a Continuous Delivery pipeline, best practices/patterns to be used & any other aspects to consider.

Adarsh Shah

November 06, 2019
Tweet

More Decks by Adarsh Shah

See All by Adarsh Shah
Environment as Code: Moving away from Imperative Pipelines
shahadarsh
0
22
From Infrastructure as Code to Environment as Code - DevOps Days Tampa Bay
shahadarsh
0
39
From Infrastructure as Code to Environment as Code – DevOps Days Boston
shahadarsh
0
34
From Infrastructure as Code to Environment as Code - AzConf
shahadarsh
0
120
From Infrastructure as Code to Environment as Code - DevOps Days Buffalo
shahadarsh
0
71
From Infrastructure as Code to Environment as Code – DevOps Days Poznań
shahadarsh
0
51
From Infrastructure as Code to Environment as Code
shahadarsh
0
40
Principles, Patterns, and Practices for Effective Infrastructure as Code
shahadarsh
0
570
Continuous Delivery for Machine Learning Systems - DevOpsDays Warsaw
shahadarsh
0
410

Other Decks in Technology

See All in Technology
就活は相談したもの勝ち
carta_engineering
0
130
自分のデータは自分で守る - あなたのCI/CDパイプラインをセキュアにする処方箋
jacopen
4
470
Data Lake, Real-time Analytics, or Both? Exploring Presto and ClickHouse
ahana
0
110
マネジメント3.0モデル入門(120分版)
takufujii
11
2.7k
データの民主化はじめました 俺たちの民主化はこれからだ
akki_megane
0
160
サービスと共にチームも成長する 〜New Relicを利用したサービスとチームの定量化〜
hirokiotsuka
0
140
試して分かった!AWS を使った PLCのデータ収集と分析基盤の実践ノウハウ #FA設備技術勉強会#13
ganota
1
3.3k
ZOZOTOWNの検索APIにキャッシュを導入、実装時の工夫や効果について
sattosan
0
350
How Much Should Staff+ Code? StaffPlus NYC 2023
jkebertz
0
100
ローコード自動テストを1ヶ月半で導入した話
sumiren
0
160
開幕LT
makamaka
0
360
私と Nature Remo E / Nature Remo E
orgachem
0
280

Featured

See All Featured
Statistics for Hackers
jakevdp
785
210k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
11
1.4k
Code Reviewing Like a Champion
maltzj
508
38k
Building Flexible Design Systems
yeseniaperezcruz
314
35k
Pencils Down: Stop Designing & Start Developing
hursman
114
10k
For a Future-Friendly Web
brad_frost
166
7.9k
Done Done
chrislema
178
15k
GraphQLの誤解/rethinking-graphql
sonatard
39
8k
Teambox: Starting and Learning
jrom
124
8k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
14
5.6k
Build The Right Thing And Hit Your Dates
maggiecrowley
22
1.5k
The Invisible Side of Design
smashingmag
292
49k

Transcript

  1. Integrating Infrastructure
    as Code into a Continuous
    Delivery Pipeline
    Considerations & Best
    Practices
    Adarsh Shah
    Technology Leader, Coach, Hands-on Architect
    Independent Consultant
    @shahadarsh 

    shahadarsh.com

    View Slide

  2. @shahadarsh shahadarsh.com
    We are going to cover..
    • Infrastructure as Code
    • Continuous Delivery
    • Considerations & best practices when integrating IaC to CD
    • Source Control
    • Testing
    • Security
    • Compliance
    • Patterns for Provisioning
    • Build and Deploy pipelines
    • GitOps
    • People & Process

    View Slide

  3. @shahadarsh shahadarsh.com
    Infrastructure as Code
    Infrastructure as Code (IaC) is the approach that takes
    proven coding techniques used by software systems
    and extends them to infrastructure.

    View Slide

  4. @shahadarsh shahadarsh.com
    Challenges without IaC
    • Configuration Drift
    • Snowflake Servers
    • Human Error
    • Time to Complete

    View Slide

  5. @shahadarsh shahadarsh.com
    Continuous Delivery
    Continuous Delivery is the ability to get changes of all
    types—including new features, configuration changes, bug
    fixes and experiments—into production, or into the hands
    of users, safely and quickly in a sustainable way.
    - Jez Humble

    View Slide

  6. @shahadarsh shahadarsh.com
    Continuous Delivery

    View Slide

  7. shahadarsh.com
    @shahadarsh
    Considerations & Best
    Practices

    View Slide

  8. @shahadarsh shahadarsh.com
    Source Control

    View Slide

  9. @shahadarsh shahadarsh.com
    Source Control
    • Everything in source control
    • Code accessibility
    • Modularize
    • Version the Modules
    • Collaboration!!
    • Code/test as documentation

    View Slide

  10. @shahadarsh shahadarsh.com
    Infra as Code testing
    Static Analysis
    terraform validate, TFLint, puppet parser validate
    Unit
    bats, chefspec
    Smoke
    w/ dummy app
    Selenium
    Integration
    inspec, goss
    Brittle
    Cost
    Maintenance
    Infra as Code Test Pyramid
    Duration

    View Slide

  11. @shahadarsh shahadarsh.com
    Security Patterns
    • CIS benchmark automation
    • Building hardening policies
    • Static scanning

    View Slide

  12. @shahadarsh shahadarsh.com
    Security Considerations
    • Dynamic scanning
    • Secrets management
    • Artifact signing & verification

    View Slide

  13. @shahadarsh shahadarsh.com
    Compliance
    • Finance, Healthcare & other industries
    • SOX, PII, HIPPA, PCI, GDPR
    • Compliance as Code - Code instead of Paperwork
    • Chef InSpec, HashiCorp Sentinel (Policy as Code)

    View Slide

  14. @shahadarsh shahadarsh.com
    Compliance as Code using HashiCorp Sentinel
    Ensure that modification of critical data can only be performed
    by authorized sysops with valid MFA

    View Slide

  15. @shahadarsh shahadarsh.com
    Patterns for Provisioning
    • Immutable VMs
    • Containerized Services
    • Base Image & App Pull

    View Slide

  16. @shahadarsh shahadarsh.com
    Immutable VMs
    • Infra Module - Multitier App
    • Loosely Coupled
    • App Image consumed by Infrastructure Module

    View Slide

  17. @shahadarsh shahadarsh.com
    Immutable VMs
    Infrastructure
    Application
    pull
    Ephemeral
    Environment
    Testing & Validation
    Ephemeral
    Environment
    Ephemeral
    Environment
    AMI
    Publish & Deploy
    AMI
    pull
    Security
    Int. Tests
    Compliance
    Continuous Integration
    Unit Tests
    Static Analysis
    Security
    App Tests
    Int. Tests

    View Slide

  18. @shahadarsh shahadarsh.com
    Containerized Services
    • Infra Module - Container Management System
    • Fully Decoupled from Apps
    • Apps are deployed with Container Management System
    specific tools

    View Slide

  19. @shahadarsh shahadarsh.com
    Containerized Services
    Infrastructure
    Application
    Publish & Deploy
    pull
    Scan
    Sign
    App Tests
    ECR
    Testing & Validation
    Ephemeral
    Environment
    Security
    Compliance
    Int. Tests
    Continuous Integration
    Unit Tests
    Static Analysis

    View Slide

  20. @shahadarsh shahadarsh.com
    Base Image & App Pull
    • Infra Module - App Servers
    • VMs pull app on deploy, or app update
    • Anti-Pattern: Allowing Long-Lived VMs

    View Slide

  21. @shahadarsh shahadarsh.com
    Base Image & App Pull
    Infrastructure
    Application
    pull
    pull
    Publish & Deploy
    AMI
    Testing & Validation
    Ephemeral
    Environment
    Security
    Int. Tests
    Ephemeral
    Environment
    Compliance
    Ephemeral
    Environment
    Security
    App Tests
    Continuous Integration
    Unit Tests
    Static Analysis

    View Slide

  22. @shahadarsh shahadarsh.com
    GitOps
    •Source Control as a System of Record
    •Operations by Pull Request
    •Repeatable, Predictable, Auditable & Accessible

    View Slide

  23. @shahadarsh shahadarsh.com
    GitOps Workflow
    Create Pull
    Request Trigger
    Approve
    Pull Request
    Int Tests
    Compliance
    Security
    Trigger
    Terraform Apply
    Terraform Plan
    Static Analysis

    View Slide

  24. @shahadarsh shahadarsh.com
    People & Process
    • Enables teams to interact
    • Infra, Security, Compliance, QA etc teams work together
    • Improvement in processes
    • Faster feedback

    View Slide

  25. @shahadarsh shahadarsh.com
    Infra
    Compliance
    Security
    Production
    Inspection

    View Slide

  26. @shahadarsh shahadarsh.com
    Building Quality In
    Infra Compliance
    Security
    Production

    View Slide

  27. @shahadarsh shahadarsh.com
    Summary
    • Infrastructure as Code
    • Continuous Delivery
    • Considerations & best practices when integrating IaC to CD
    • Source Control
    • Testing
    • Security
    • Compliance
    • Patterns for Provisioning
    • Build and Deploy pipelines
    • GitOps
    • People & Process

    View Slide

  28. Questions on
    Slack #2019addo-ci-cd
    Adarsh Shah
    Technology Leader, Coach, Hands-on Architect
    Independent Consultant
    @shahadarsh 

    shahadarsh.com

    View Slide