Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Integrating Infrastructure as Code into a Continuous Delivery Pipeline

Adarsh Shah
March 22, 2018
Technology
0
780

Integrating Infrastructure as Code into a Continuous Delivery Pipeline

Infrastructure as Code (IaC) is the approach that takes proven coding techniques used by software systems and extends them to infrastructure. It is one of the key DevOps practices that enables teams to deliver infrastructure rapidly, reliably and at scale, and thereby, also software running on that infrastructure.

The primary goal of Continuous Delivery (CD) is to ensure that the software can be reliably released at any time and integrating IaC as part of the CD pipeline helps in achieving that goal.

With over 13 years of engineering and DevOps experience, Adarsh Shah has helped organizations from various domains adopt IaC and CD. In this presentation, he will show how to integrate Infrastructure as Code into a Continuous Delivery pipeline by applying some of the best practices used by software systems, as well as highlighting other aspects to consider.

Key Takeaways:

Benefits and challenges of integrating IaC to CD pipeline
Best practices and patterns to use for integrating IaC to CD pipeline
Topics include:

Source Control - structure and strategies
Testing for IaC
Security and Compliance
Provisioning - Patterns for server provisioning
Building and deploying pipelines

Adarsh Shah

March 22, 2018
Tweet

More Decks by Adarsh Shah

See All by Adarsh Shah
Environment as Code: Moving away from Imperative Pipelines
shahadarsh
0
78
From Infrastructure as Code to Environment as Code - DevOps Days Tampa Bay
shahadarsh
0
49
From Infrastructure as Code to Environment as Code – DevOps Days Boston
shahadarsh
0
72
From Infrastructure as Code to Environment as Code - AzConf
shahadarsh
0
150
From Infrastructure as Code to Environment as Code - DevOps Days Buffalo
shahadarsh
0
90
From Infrastructure as Code to Environment as Code – DevOps Days Poznań
shahadarsh
0
75
From Infrastructure as Code to Environment as Code
shahadarsh
0
53
Principles, Patterns, and Practices for Effective Infrastructure as Code
shahadarsh
0
720
Continuous Delivery for Machine Learning Systems - DevOpsDays Warsaw
shahadarsh
0
540

Other Decks in Technology

See All in Technology
HEXA OSINT CTF V3 作戦会議
meow_noisy
0
120
ChatworkのSRE部って実は 半分くらいPlatform Engineering部かもしれない
saramune
0
150
自動生成を活用した、運用保守コストを抑える Error/Alert/Runbook の一元集約管理 / Centralized management of Error/Alert/Runbook to minimize operational costs using automated code generation
biwashi
12
2.3k
Databricks:『生成AI World Cup』のご案内
databricksjapan
2
160
Compose Compiler Metricsを使った実践的なコードレビュー
tomorrowkey
1
210
「スニダン」開発組織の構造に込めた意図 ~組織作りはパッションや政治ではない!~
rinchsan
3
430
アクセシビリティを考慮したUI/CSSフレームワーク・ライブラリ選定
yajihum
2
980
Google Cloud の AI を支える裏側のインフラを垣間見る!
maroon1st
0
320
少数チームで挑む: SwiftUI, TCA, KMPを用いた 新規動画配信アプリ 「ABEMA Live」の開発について
tomu28
0
610
プロトタイピングによる不確実性の低減 / Reducing Uncertainty through Prototyping
ohbarye
5
370
SPI原点回帰論:事業課題とFour Keysの結節点を見出す実践的ソフトウェアプロセス改善 / DevOpsDays Tokyo 2024
visional_engineering_and_design
4
1.8k
「手動オペレーションに定評がある」と言われた私が心がけていること / phpcon_odawara2024
blue_goheimochi
2
360

Featured

See All Featured
In The Pink: A Labor of Love
frogandcode
138
21k
Building a Scalable Design System with Sketch
lauravandoore
455
32k
The Invisible Side of Design
smashingmag
294
49k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
119
39k
The Pragmatic Product Professional
lauravandoore
24
5.8k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
273
13k
Designing for humans not robots
tammielis
248
25k
How GitHub Uses GitHub to Build GitHub
holman
468
290k
A Modern Web Designer's Workflow
chriscoyier
689
190k
Designing for Performance
lara
601
67k
Large-scale JavaScript Application Architecture
addyosmani
504
110k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
356
22k

Transcript

  1. Integrating Infrastructure as Code into a Continuous Delivery Pipeline Considerations,

    Best Practices & Patterns Adarsh Shah & Matt Kuritz Contino - Enterprise DevOps and Cloud Transformation Consultancy @ShahAdarsh & @_kuritz Deck: http://bit.ly/IaC-CD

  2. Who are we? Adarsh Shah Principal Consultant ShahAdarsh _kuritz Matt

    Kuritz Senior Consultant

  3. @ShahAdarsh @_kuritz Infrastructure as Code Infrastructure as Code (IaC) is

    the approach that takes proven coding techniques used by software systems and extends them to infrastructure.

  4. @ShahAdarsh @_kuritz Challenges without IaC • Configuration Issues • Repeatability

    • Human Error • Time to Complete

  5. @ShahAdarsh @_kuritz Continuous Delivery Continuous Delivery is the ability to

    get changes of all types—including new features, configuration changes, bug fixes and experiments—into production, or into the hands of users, safely and quickly in a sustainable way. - Jez Humble

  6. @ShahAdarsh @_kuritz Continuous Delivery

  7. @ShahAdarsh @_kuritz Considerations & best practices when integrating IaC to

    CD pipeline

  8. @ShahAdarsh @_kuritz Source Control

  9. @ShahAdarsh @_kuritz Source Control • Everything in source control •

    Code accessibility • Modularize • Collaboration!! • Code/test as documentation

  10. @ShahAdarsh @_kuritz Source Control

  11. @ShahAdarsh @_kuritz Infra as Code testing Static Analysis terraform validate,

    TFLint, puppet parser validate Unit bats, chefspec Smoke w/ dummy app Selenium Integration inspec, goss Brittle Cost Maintenance Infra as Code Test Pyramid Duration

  12. @ShahAdarsh @_kuritz Security Patterns • CIS benchmark automation • Building

    hardening policies • Static scanning

  13. @ShahAdarsh @_kuritz Security Considerations • Dynamic scanning • Secrets management

    • Artifact signing & verification

  14. @ShahAdarsh @_kuritz Compliance • Finance, Healthcare & other industries •

    SOX, PII, HIPPA, PCI • Compliance as Code - Code instead of Paperwork • Chef InSpec, HashiCorp Sentinel (Policy as Code)

  15. @ShahAdarsh @_kuritz Compliance as Code using HashiCorp Sentinel Ensure that

    modification of critical data can only be performed by authorized sysops with valid MFA

  16. @ShahAdarsh @_kuritz Patterns for Provisioning • Immutable VMs • Containerized

    Services • Base Image & App Pull

  17. @ShahAdarsh @_kuritz Immutable VMs • Infra Module - Multitier App

    w/ Cache Cluster • Loosely Coupled • App Image consumed by Infrastructure Module

  18. @ShahAdarsh @_kuritz Immutable VMs Infrastructure Application pull Ephemeral Environment Testing

    & Validation Ephemeral Environment Ephemeral Environment AMI Publish & Deploy AMI pull Security Int. Tests Compliance Continuous Integration Unit Tests Static Analysis Security App Tests Int. Tests

  19. @ShahAdarsh @_kuritz Containerized Services • Infra Module - Container Management

    System • Fully Decoupled from Apps • Apps are deployed with Container Management System specific tools

  20. @ShahAdarsh @_kuritz Containerized Services Infrastructure Application Publish & Deploy pull

    Scan Sign App Tests ECR Testing & Validation Ephemeral Environment Security Compliance Int. Tests Continuous Integration Unit Tests Static Analysis

  21. @ShahAdarsh @_kuritz Base Image & App Pull • Infra Module

    - App Servers • VMs pull app on deploy, or app update • Anti-Pattern: Allowing Long-Lived VMs

  22. @ShahAdarsh @_kuritz Base Image & App Pull Infrastructure Application pull

    pull Publish & Deploy AMI Testing & Validation Ephemeral Environment Security Int. Tests Ephemeral Environment Compliance Ephemeral Environment Security App Tests Continuous Integration Unit Tests Static Analysis

  23. @ShahAdarsh @_kuritz People & Process • Enables teams to interact

    • Infra, Security, Compliance, QA etc teams work together • Improvement in processes • Faster feedback

  24. @ShahAdarsh @_kuritz Infra Compliance Security Production Inspection

  25. @ShahAdarsh @_kuritz Building Quality In Infra Compliance Security Production

  26. @ShahAdarsh @_kuritz Summary • Infrastructure as Code • Continuous Delivery

    • Considerations & best practices when integrating IaC to CD • Source Control • Testing • Security • Compliance • Patterns for Provisioning • Build and Deploy pipelines • People & Process

  27. Questions Adarsh Shah & Matt Kuritz Contino - Enterprise DevOps

    and Cloud Transformation Consultancy @ShahAdarsh & @_kuritz Deck: http://bit.ly/IaC-CD