Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Integrating Infrastructure as Code into a Continuous Delivery Pipeline

Adarsh Shah
March 22, 2018
Technology
0
710

Integrating Infrastructure as Code into a Continuous Delivery Pipeline

Infrastructure as Code (IaC) is the approach that takes proven coding techniques used by software systems and extends them to infrastructure. It is one of the key DevOps practices that enables teams to deliver infrastructure rapidly, reliably and at scale, and thereby, also software running on that infrastructure.

The primary goal of Continuous Delivery (CD) is to ensure that the software can be reliably released at any time and integrating IaC as part of the CD pipeline helps in achieving that goal.

With over 13 years of engineering and DevOps experience, Adarsh Shah has helped organizations from various domains adopt IaC and CD. In this presentation, he will show how to integrate Infrastructure as Code into a Continuous Delivery pipeline by applying some of the best practices used by software systems, as well as highlighting other aspects to consider.

Key Takeaways:

Benefits and challenges of integrating IaC to CD pipeline
Best practices and patterns to use for integrating IaC to CD pipeline
Topics include:

Source Control - structure and strategies
Testing for IaC
Security and Compliance
Provisioning - Patterns for server provisioning
Building and deploying pipelines

Adarsh Shah

March 22, 2018
Tweet

More Decks by Adarsh Shah

See All by Adarsh Shah
Environment as Code: Moving away from Imperative Pipelines
shahadarsh
0
22
From Infrastructure as Code to Environment as Code - DevOps Days Tampa Bay
shahadarsh
0
39
From Infrastructure as Code to Environment as Code – DevOps Days Boston
shahadarsh
0
34
From Infrastructure as Code to Environment as Code - AzConf
shahadarsh
0
120
From Infrastructure as Code to Environment as Code - DevOps Days Buffalo
shahadarsh
0
71
From Infrastructure as Code to Environment as Code – DevOps Days Poznań
shahadarsh
0
51
From Infrastructure as Code to Environment as Code
shahadarsh
0
40
Principles, Patterns, and Practices for Effective Infrastructure as Code
shahadarsh
0
570
Continuous Delivery for Machine Learning Systems - DevOpsDays Warsaw
shahadarsh
0
410

Other Decks in Technology

See All in Technology
サクッとAWS入門+モダン開発の基本
minorun365
6
2.8k
React開発における失敗事例と学び〜実例3選とともに〜
bitkey
PRO
2
630
べ、べつにアンタのことなんて 好きなんかじゃないんだからね! ねぇS3、アンタ聞いてんの!?
kentosuzuki
0
400
Secret sauce for improving developer experience: tackle flaky tests
line_developers
PRO
2
210
スマート東京実施戦略_2023(令和5)年度の取組
tokyo_metropolitan_gov_smart_tokyo_strat
0
500
ChatGPT(GPT-4版)でIoTやってみた / IoTLT vol.97
you
0
190
Zennを支える Google Cloud の技術
wadayusuke
0
120
ちょっとわかるWindows Autopilot
shao1555
1
390
PHP で学ぶ Cache の距離の話 / study_cache_with_php
hanhan1978
3
860
Concevoir son API pour le futur
tgalopin
1
520
PM同士のレトロスペクティブのすゝめ
bengo4com
0
100
計測できるレガシーさを捉え、コード改善に対処する / phperkaigi2023
blue_goheimochi
0
230

Featured

See All Featured
Art Directing for the Web. Five minutes with CSS Template Areas
malarkey
197
11k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
109
16k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
152
13k
The Art of Programming - Codeland 2020
erikaheidi
36
11k
How New CSS Is Changing Everything About Graphic Design on the Web
jensimmons
214
12k
No one is an island. Learnings from fostering a developers community.
thoeni
12
1.6k
Atom: Resistance is Futile
akmur
256
24k
Building Adaptive Systems
keathley
28
1.4k
Reflections from 52 weeks, 52 projects
jeffersonlam
340
18k
From Idea to $5000 a Month in 5 Months
shpigford
374
44k
What's in a price? How to price your products and services
michaelherold
233
9.8k
Typedesign – Prime Four
hannesfritz
34
1.6k

Transcript

  1. Integrating Infrastructure
    as Code into a Continuous
    Delivery Pipeline
    Considerations, Best Practices
    & Patterns
    Adarsh Shah & Matt Kuritz
    Contino - Enterprise DevOps and Cloud Transformation Consultancy
    @ShahAdarsh & @_kuritz
    Deck: http://bit.ly/IaC-CD

    View Slide

  2. Who are we?
    Adarsh Shah
    Principal Consultant
    ShahAdarsh _kuritz
    Matt Kuritz
    Senior Consultant

    View Slide

  3. @ShahAdarsh @_kuritz
    Infrastructure as Code
    Infrastructure as Code (IaC) is the approach that takes
    proven coding techniques used by software systems
    and extends them to infrastructure.

    View Slide

  4. @ShahAdarsh @_kuritz
    Challenges without IaC
    • Configuration Issues
    • Repeatability
    • Human Error
    • Time to Complete

    View Slide

  5. @ShahAdarsh @_kuritz
    Continuous Delivery
    Continuous Delivery is the ability to get changes of all
    types—including new features, configuration changes, bug
    fixes and experiments—into production, or into the hands
    of users, safely and quickly in a sustainable way.
    - Jez Humble

    View Slide

  6. @ShahAdarsh @_kuritz
    Continuous Delivery

    View Slide

  7. @ShahAdarsh @_kuritz
    Considerations & best practices
    when integrating IaC to CD pipeline

    View Slide

  8. @ShahAdarsh @_kuritz
    Source Control

    View Slide

  9. @ShahAdarsh @_kuritz
    Source Control
    • Everything in source control
    • Code accessibility
    • Modularize
    • Collaboration!!
    • Code/test as documentation

    View Slide

  10. @ShahAdarsh @_kuritz
    Source Control

    View Slide

  11. @ShahAdarsh @_kuritz
    Infra as Code testing
    Static Analysis
    terraform validate, TFLint, puppet parser validate
    Unit
    bats, chefspec
    Smoke
    w/ dummy app
    Selenium
    Integration
    inspec, goss
    Brittle
    Cost
    Maintenance
    Infra as Code Test Pyramid
    Duration

    View Slide

  12. @ShahAdarsh @_kuritz
    Security Patterns
    • CIS benchmark automation
    • Building hardening policies
    • Static scanning

    View Slide

  13. @ShahAdarsh @_kuritz
    Security Considerations
    • Dynamic scanning
    • Secrets management
    • Artifact signing & verification

    View Slide

  14. @ShahAdarsh @_kuritz
    Compliance
    • Finance, Healthcare & other industries
    • SOX, PII, HIPPA, PCI
    • Compliance as Code - Code instead of Paperwork
    • Chef InSpec, HashiCorp Sentinel (Policy as Code)

    View Slide

  15. @ShahAdarsh @_kuritz
    Compliance as Code using HashiCorp Sentinel
    Ensure that modification of critical data can only be performed
    by authorized sysops with valid MFA

    View Slide

  16. @ShahAdarsh @_kuritz
    Patterns for Provisioning
    • Immutable VMs
    • Containerized Services
    • Base Image & App Pull

    View Slide

  17. @ShahAdarsh @_kuritz
    Immutable VMs
    • Infra Module - Multitier App w/ Cache Cluster
    • Loosely Coupled
    • App Image consumed by Infrastructure Module

    View Slide

  18. @ShahAdarsh @_kuritz
    Immutable VMs
    Infrastructure
    Application
    pull
    Ephemeral
    Environment
    Testing & Validation
    Ephemeral
    Environment
    Ephemeral
    Environment
    AMI
    Publish & Deploy
    AMI
    pull
    Security
    Int. Tests
    Compliance
    Continuous Integration
    Unit Tests
    Static Analysis
    Security
    App Tests
    Int. Tests

    View Slide

  19. @ShahAdarsh @_kuritz
    Containerized Services
    • Infra Module - Container Management System
    • Fully Decoupled from Apps
    • Apps are deployed with Container Management System
    specific tools

    View Slide

  20. @ShahAdarsh @_kuritz
    Containerized Services
    Infrastructure
    Application
    Publish & Deploy
    pull
    Scan
    Sign
    App Tests
    ECR
    Testing & Validation
    Ephemeral
    Environment
    Security
    Compliance
    Int. Tests
    Continuous Integration
    Unit Tests
    Static Analysis

    View Slide

  21. @ShahAdarsh @_kuritz
    Base Image & App Pull
    • Infra Module - App Servers
    • VMs pull app on deploy, or app update
    • Anti-Pattern: Allowing Long-Lived VMs

    View Slide

  22. @ShahAdarsh @_kuritz
    Base Image & App Pull
    Infrastructure
    Application
    pull
    pull
    Publish & Deploy
    AMI
    Testing & Validation
    Ephemeral
    Environment
    Security
    Int. Tests
    Ephemeral
    Environment
    Compliance
    Ephemeral
    Environment
    Security
    App Tests
    Continuous Integration
    Unit Tests
    Static Analysis

    View Slide

  23. @ShahAdarsh @_kuritz
    People & Process
    • Enables teams to interact
    • Infra, Security, Compliance, QA etc teams work together
    • Improvement in processes
    • Faster feedback

    View Slide

  24. @ShahAdarsh @_kuritz
    Infra
    Compliance
    Security
    Production
    Inspection

    View Slide

  25. @ShahAdarsh @_kuritz
    Building Quality In
    Infra Compliance
    Security
    Production

    View Slide

  26. @ShahAdarsh @_kuritz
    Summary
    • Infrastructure as Code
    • Continuous Delivery
    • Considerations & best practices when integrating IaC to CD
    • Source Control
    • Testing
    • Security
    • Compliance
    • Patterns for Provisioning
    • Build and Deploy pipelines
    • People & Process

    View Slide

  27. Questions
    Adarsh Shah & Matt Kuritz
    Contino - Enterprise DevOps and Cloud Transformation Consultancy
    @ShahAdarsh & @_kuritz
    Deck: http://bit.ly/IaC-CD

    View Slide