Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Integrating Infrastructure as Code into a Conti...

Adarsh Shah
March 22, 2018
Technology
0
840

Integrating Infrastructure as Code into a Continuous Delivery Pipeline

Infrastructure as Code (IaC) is the approach that takes proven coding techniques used by software systems and extends them to infrastructure. It is one of the key DevOps practices that enables teams to deliver infrastructure rapidly, reliably and at scale, and thereby, also software running on that infrastructure.

The primary goal of Continuous Delivery (CD) is to ensure that the software can be reliably released at any time and integrating IaC as part of the CD pipeline helps in achieving that goal.

With over 13 years of engineering and DevOps experience, Adarsh Shah has helped organizations from various domains adopt IaC and CD. In this presentation, he will show how to integrate Infrastructure as Code into a Continuous Delivery pipeline by applying some of the best practices used by software systems, as well as highlighting other aspects to consider.

Key Takeaways:

Benefits and challenges of integrating IaC to CD pipeline
Best practices and patterns to use for integrating IaC to CD pipeline
Topics include:

Source Control - structure and strategies
Testing for IaC
Security and Compliance
Provisioning - Patterns for server provisioning
Building and deploying pipelines

Adarsh Shah

March 22, 2018
Tweet

More Decks by Adarsh Shah

See All by Adarsh Shah
Improve Developer Productivity with Ephemeral Environments
shahadarsh
0
36
Environment as Code: Moving away from Imperative Pipelines
shahadarsh
0
92
From Infrastructure as Code to Environment as Code - DevOps Days Tampa Bay
shahadarsh
0
54
From Infrastructure as Code to Environment as Code – DevOps Days Boston
shahadarsh
0
81
From Infrastructure as Code to Environment as Code - AzConf
shahadarsh
0
160
From Infrastructure as Code to Environment as Code - DevOps Days Buffalo
shahadarsh
0
97
From Infrastructure as Code to Environment as Code – DevOps Days Poznań
shahadarsh
0
89
From Infrastructure as Code to Environment as Code
shahadarsh
0
59
Principles, Patterns, and Practices for Effective Infrastructure as Code
shahadarsh
0
840

Other Decks in Technology

See All in Technology
個人でもIAM Identity Centerを使おう!(アクセス管理編)
ryder472
3
200
TypeScriptの次なる大進化なるか!? 条件型を返り値とする関数の型推論
uhyo
2
1.6k
AWS Lambda のトラブルシュートをしていて思うこと
kazzpapa3
2
170
IBC 2024 動画技術関連レポート / IBC 2024 Report
cyberagentdevelopers
PRO
0
110
Terraform CI/CD パイプラインにおける AWS CodeCommit の代替手段
hiyanger
1
240
ノーコードデータ分析ツールで体験する時系列データ分析超入門
negi111111
0
410
スクラムチームを立ち上げる〜チーム開発で得られたもの・得られなかったもの〜
ohnoeight
2
350
Taming you application's environments
salaboy
0
190
The Rise of LLMOps
asei
7
1.4k
強いチームと開発生産性
onk
PRO
34
11k
信頼性に挑む中で拡張できる・得られる1人のスキルセットとは?
ken5scal
2
530
安心してください、日本語使えますよ―Ubuntu日本語Remix提供休止に寄せて― 2024-11-17
nobutomurata
1
990

Featured

See All Featured
A designer walks into a library…
pauljervisheath
204
24k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
329
21k
No one is an island. Learnings from fostering a developers community.
thoeni
19
3k
VelocityConf: Rendering Performance Case Studies
addyosmani
325
24k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
229
52k
Git: the NoSQL Database
bkeepers
PRO
427
64k
Rebuilding a faster, lazier Slack
samanthasiow
79
8.7k
Docker and Python
trallard
40
3.1k
Happy Clients
brianwarren
98
6.7k
Building Your Own Lightsaber
phodgson
103
6.1k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
232
17k
Making Projects Easy
brettharned
115
5.9k

Transcript

  1. Integrating Infrastructure as Code into a Continuous Delivery Pipeline Considerations,

    Best Practices & Patterns Adarsh Shah & Matt Kuritz Contino - Enterprise DevOps and Cloud Transformation Consultancy @ShahAdarsh & @_kuritz Deck: http://bit.ly/IaC-CD

  2. Who are we? Adarsh Shah Principal Consultant ShahAdarsh _kuritz Matt

    Kuritz Senior Consultant

  3. @ShahAdarsh @_kuritz Infrastructure as Code Infrastructure as Code (IaC) is

    the approach that takes proven coding techniques used by software systems and extends them to infrastructure.

  4. @ShahAdarsh @_kuritz Challenges without IaC • Configuration Issues • Repeatability

    • Human Error • Time to Complete

  5. @ShahAdarsh @_kuritz Continuous Delivery Continuous Delivery is the ability to

    get changes of all types—including new features, configuration changes, bug fixes and experiments—into production, or into the hands of users, safely and quickly in a sustainable way. - Jez Humble

  6. @ShahAdarsh @_kuritz Continuous Delivery

  7. @ShahAdarsh @_kuritz Considerations & best practices when integrating IaC to

    CD pipeline

  8. @ShahAdarsh @_kuritz Source Control

  9. @ShahAdarsh @_kuritz Source Control • Everything in source control •

    Code accessibility • Modularize • Collaboration!! • Code/test as documentation

  10. @ShahAdarsh @_kuritz Source Control

  11. @ShahAdarsh @_kuritz Infra as Code testing Static Analysis terraform validate,

    TFLint, puppet parser validate Unit bats, chefspec Smoke w/ dummy app Selenium Integration inspec, goss Brittle Cost Maintenance Infra as Code Test Pyramid Duration

  12. @ShahAdarsh @_kuritz Security Patterns • CIS benchmark automation • Building

    hardening policies • Static scanning

  13. @ShahAdarsh @_kuritz Security Considerations • Dynamic scanning • Secrets management

    • Artifact signing & verification

  14. @ShahAdarsh @_kuritz Compliance • Finance, Healthcare & other industries •

    SOX, PII, HIPPA, PCI • Compliance as Code - Code instead of Paperwork • Chef InSpec, HashiCorp Sentinel (Policy as Code)

  15. @ShahAdarsh @_kuritz Compliance as Code using HashiCorp Sentinel Ensure that

    modification of critical data can only be performed by authorized sysops with valid MFA

  16. @ShahAdarsh @_kuritz Patterns for Provisioning • Immutable VMs • Containerized

    Services • Base Image & App Pull

  17. @ShahAdarsh @_kuritz Immutable VMs • Infra Module - Multitier App

    w/ Cache Cluster • Loosely Coupled • App Image consumed by Infrastructure Module

  18. @ShahAdarsh @_kuritz Immutable VMs Infrastructure Application pull Ephemeral Environment Testing

    & Validation Ephemeral Environment Ephemeral Environment AMI Publish & Deploy AMI pull Security Int. Tests Compliance Continuous Integration Unit Tests Static Analysis Security App Tests Int. Tests

  19. @ShahAdarsh @_kuritz Containerized Services • Infra Module - Container Management

    System • Fully Decoupled from Apps • Apps are deployed with Container Management System specific tools

  20. @ShahAdarsh @_kuritz Containerized Services Infrastructure Application Publish & Deploy pull

    Scan Sign App Tests ECR Testing & Validation Ephemeral Environment Security Compliance Int. Tests Continuous Integration Unit Tests Static Analysis

  21. @ShahAdarsh @_kuritz Base Image & App Pull • Infra Module

    - App Servers • VMs pull app on deploy, or app update • Anti-Pattern: Allowing Long-Lived VMs

  22. @ShahAdarsh @_kuritz Base Image & App Pull Infrastructure Application pull

    pull Publish & Deploy AMI Testing & Validation Ephemeral Environment Security Int. Tests Ephemeral Environment Compliance Ephemeral Environment Security App Tests Continuous Integration Unit Tests Static Analysis

  23. @ShahAdarsh @_kuritz People & Process • Enables teams to interact

    • Infra, Security, Compliance, QA etc teams work together • Improvement in processes • Faster feedback

  24. @ShahAdarsh @_kuritz Infra Compliance Security Production Inspection

  25. @ShahAdarsh @_kuritz Building Quality In Infra Compliance Security Production

  26. @ShahAdarsh @_kuritz Summary • Infrastructure as Code • Continuous Delivery

    • Considerations & best practices when integrating IaC to CD • Source Control • Testing • Security • Compliance • Patterns for Provisioning • Build and Deploy pipelines • People & Process

  27. Questions Adarsh Shah & Matt Kuritz Contino - Enterprise DevOps

    and Cloud Transformation Consultancy @ShahAdarsh & @_kuritz Deck: http://bit.ly/IaC-CD