Recommended
Recommended
More Related Content
Similar to Infrastructure as Code Presentation v5.pptx
Similar to Infrastructure as Code Presentation v5.pptx (20)
Recently uploaded
Recently uploaded (20)
Infrastructure as Code Presentation v5.pptx
- 1. Infrastructure as Code in: 15 minutes
- 2. Agenda • Traditional infrastructure deployment • What is Infrastructure as Code (a.k.a IaC) • Benefits of IaC • Imperative vs Declarative • IaC with Terraform • IaC in DevOps Pipelines • Sample Setup • Q&A
- 3. Traditional infrastructure deployment • Graphical user interface • Scripts (platform specific) Limitations • Manual and time-consuming process • Error-prone • Inconsistency • Configuration drift • Difficulty to keep multiple environments in lockstep • Scalability • Difficult to document
- 4. What is Infrastructure as Code? • Managing and provisioning of infrastructure through code: • Allows for automation of the creation and modification of infrastructure • Can be imperative or declarative (more on this later)
- 5. Benefits of IaC • Automation in one and across multi-cloud • Speed and efficiency • Repeatable and consistent (Dev, SIT, UAT, Prod) • Source control and versioning • Team collaboration (CI) • CI/CD Pipelines • Simplify, standardize, and scale at ease • Static Application Security Testing (SAST) Dev Variables Prod Variables SIT Variables Infrastructure as Code UAT Variables Dev Environment SIT Environment UAT Environment Prod Environment
- 6. Imperative vs Declarative • Forward 1 mile • Turn right • Forward 2 miles • Turn left • Forward 3 miles • Arrive at pizza restaurant • Go to the pizza restaurant What to do. What is wanted.
- 7. Imperative vs Declarative • Starting point matters • Difficult to audit • Difficult to detect drift • No version control • Not repeatable • Requires complex logic • Changes to destination requires significant modifications • Starting point does not matter • Engine determines how to get to destination • Idempotent property • Repeatable in a pipeline • Easy to validate and detect drift • Can be version controlled • Changes to destination automatically handled What to do. What is wanted.
- 8. IaC with Terraform • Declarative language • Cloud agnostic / Multi-cloud support • Large list of providers available • Source control with Git or Terraform Cloud • RBAC workspaces • Policy as code (approve and reject automation) main.tf output.tf provider.tf terraform.tfstate variables.tf terraform.tfvars
- 9. IaC with DevOps Pipelines • Leverage DevOps methodology with CI/CD pipelines to deploy infrastructure • Seamless integration of software development and IT operations teams • Integrate as a component of a pipeline for software development • Full automation through build, test, and deploy stages • Support for multiple release strategies such as blue/green, canary or rolling releases Terraform Code Check the code into GitHub Run the build pipeline Resources get deployed SQL VM Network Storage 1. git clone 2. Install terraform on the build agent 3. Initialize Terraform 4. Select Environment 5. Validate Terraform Code 6. Terraform Dry Run 7. Create deployment artifact 8. Deploy to cloud
- 10. Sample Setup Prerequisites • Jenkins installed • Install Jenkins Terraform Plugin • GitHub Repo with Terraform deployment code • Service Principal (IAM) for Jenkins Configure Jenkins • Create Jenkins pipeline • Parameterize the Jenkins pipeline • Add the pipeline code • Build pipeline Run the build pipeline Resources get deployed SQL VM Network Storage 1. git clone 2. Install terraform on the build agent 3. Initialize Terraform 4. Terraform Plan 5. Create deployment artifact 6. Deploy to Azure cloud terraform.tfstate main.tf output.tf provider.tf terraform.tfvars variables.tf main.tf output.tf provider.tf terraform.tfvars variables.tf
- 11. Prerequisites • Jenkins installed • Install Jenkins Terraform Plugin • GitHub Repo with Terraform deployment code • Service Principal (IAM) for Jenkins
- 12. Create Jenkins pipeline • Configure stage to obtain Terraform deployment code • Configure stage to initialize Terraform • Configure stage to apply Terraform
- 13. Parameterize the Jenkins pipeline • Create a choice parameter named “action” • Configure the choices for “apply” and “destroy” • Configure a description for the action: “Choose the action you would like to perform – Terraform Apply or Destroy?”
- 14. Add the pipeline code • Add the pipeline code to Jenkins pipeline pipeline { agent any stages { stage('Checkout') { steps { checkout([$class: 'GitSCM', branches: [[name: '*/main']], extensions: [], userRemoteConfigs: [[url: 'https://github.com/terenceluk/tf- iac-az-repo']]]) } } stage ("terraform init") { steps { sh ('terraform init') } } stage ("terraform plan") { steps { sh ('terraform plan') } } stage ("terraform Action") { steps { echo "Terraform action is --> ${action}" sh ('terraform ${action} --auto-approve') } } } }
- 15. Build Pipeline • Navigate to Build with Parameters and initiate build of infrastructure
- 16. Questions and Comments? Thank you for your time!
Editor's Notes
- Intro Good afternoon everyone and thank you for attending this presentation. The topic I will be presenting is Infrastructure as Code in 15 minutes.
- Agenda The agenda today will begin with a look at how we traditionally deploy infrastructure, followed by What is Infrastructure as Code, also known as IaC. Then the benefits of IaC, what is imperative vs declarative, IaC with Terraform, IaC in DevOps Pipelines, a sample setup and finally Q&A.
- Traditional infrastructure deployment The tools for infrastructure deployment has traditionally been through the use of a graphical user interface and scripts. As user friendly GUIs are, the obvious challenges is that it is very much a manual and time-consuming process and prone to the errors that the administrators performing the configuration can make. Attempting to maintain consistency is very difficult thus leading to configuration drift and trying to keep multiple environments that are meant to mirror one another in lockstep is challenging. Trying to scale the environment is cumbersome (e.g. deploy more instances of VMs or add new subnets). Lastly, there isn’t an easy way to easily document the environment other than screenshots and spreadsheets containing configuration values. Scripting adds a bit of automation but often difficult to maintain through time.
- What is Infrastructure as Code? Infrastructure as Code is the essentially managing and provisioning infrastructure through code. Leveraging code means that we can now introduce automation of the management of the infrastructure whether it is creating new resources or making modifications to them. Infrastructure of Code can be implemented as imperative or declarative, which is an important topic we will cover shortly.
- Benefits of IaC To further elaborate on the benefits of IaC, it is now possible to not only automate the deployment in one cloud but across multiple clouds such as GCP, Azure and AWS. The speed and efficiency of deployment can be greatly increased as the process eliminates the manual points and clicks of the administrator, the process is also repeatable and consistent allowing multiple environments to be deployed in lockstep. The code can easily be source controlled with versioning which will give way to team collaboration through Continuous Integration. CI/CD pipelines can be used to develop and deploy the infrastructure leveraging all the benefits of DevOps. Infrastructure management can simplified and standardized through policies and scale at ease – so think about tweaking a variable to scale from 1 to 100 rather than going into a GUI and deploying or cloning resources multiple times. Static application security testing, which is the process of reviewing source code and detecting vulnerabilities can now be performed rather than trying to comb through the deployment configuration documentation or GUI post deployment of the infrastructure. Manual labour is significantly reduced.
- Imperative vs Declarative One of the important aspects of IaC is the concept of imperative vs declarative. To put it in simple terms, let’s consider the end state or goal we want to achieve is to get to a pizza restaurant. Imperative can be described as “what to do” while declarative is “what is wanted.” So let’s say we hop into a taxi and want to get to this end state. An example of imperative instructions would be to tell the taxi driver to go: Forward 1 mile Turn right Forward 2 miles Turn left Forward 3 miles Arrive at pizza restaurant While declarative is: Go to the pizza restaurant.
- Let’s dissect the differences and outline them. With imperative, the starting point matters because we are explicitly calling out each action to get to the end state. This leads to difficulty in auditing the steps and trying to detect drift when changes are made. Version control is challenging if even possible, if the steps execute half way and stop due to error, you cannot repeat the steps without ending in a completely different state. The logic can get very complex as ordering matters and trying to change the destination state requires modifications to the steps. Declarative, on the other hand, allows the starting point to be anywhere because the engine delivering or carrying you to the end state will handle the directions. Declarative is idempotent in nature so you can run it as many times as you want without affecting the state. The code can also be repeatedly ran in a pipeline to create multiple environments in lockstep. Having removed the detailed imperative steps, we can easily validate and detect any drift and introduce version control. Lastly, we can change the destination without worrying about changing the steps.
- IaC with Terraform One of the popular IaC solutions currently on the market is Terraform. It is written and compiled in Go and is a declarative language known as HashiCorp Configuration Language (HCL) and has multi-cloud support. The way it handles deployments to multiple clouds is through the use of providers and there are approximately 1521 providers currently available on their site. Terraform is written in plain text and can be source controlled with Git or Terraform cloud. Security can be introduced through RBAC so multiple workspaces for different teams managing different environments or components of it can only make changes to their environments. Lastly, policies with automation can be introduced to provide control and governance.
- IaC with DevOps Pipelines What IaC enables, which I feel is the most powerful aspect, is the use of pipelines. With IaC we can now leverage the DevOps methodology with CI/CD pipelines to deploy infrastructure. Pipelines can be created to only deploy infrastructure or can incorporate the deployment of infrastructure as a part of an application., which means the IaC is only a small component of the pipeline. The flow diagram shown here is a simplified version depicting of the process as we can integrate many different stages into the pipelines such as security scans and testing. This unlocks true automation and different release strategies.
- Sample Setup To demonstrate how we can fully automate the deployment of cloud resources, I have prepared a simple sample configuration where I will go through the setup in the following slides.
- Prerequisites We will assume that Jenkins along with the Terraform plugin is deployed, a GitHub repot with terraform deployment code is created and a service principal (in this case Azure) will be setup for Jenkins so it can deploy resources. So as show in the screenshots, we’ll have Jenkins, the Terraform plugin installed, the GitHub repo where the Terraform code is pulled and finally the service principal created in Azure.
- Create Jenkins Pipeline First, we’ll write the following Jenkins pipeline 4 stages for the infrastructure deployment. The first stage is named: Checkout, which will checkout the code in the GitHub repo The second will be to initialize Terraform downloading the required provider Then Terraform plan will be executed so Terraform can perform a dry run which typically outputs to the console for the changes Then Terraform apply or destroy will be executed to either deploy or remove the infrastructure
- Parameterize the Jenkins pipeline This simple setup will require administration intervention by choosing either to apply or destroy so we’ll configure a choice parameter for the pipeline. Note that we can also use triggers to automatically initiate the build through commits.
- With the execution parameters setup, we will proceed to paste the code into the pipeline.
- Build Pipeline Then finally with the pipeline configured, we’ll initiate the pipeline build interactively by choosing apply, then we can view the progress as shown in the screenshot above. Once the build is complete, we should see the resources in Azure. This short demonstration only scratches the surface of what are the limitless possibilities of IaC with pipelines. Other examples could be that a pipeline deploys an application which will include the infrastructure build as a step for the target infrastructure.
- Ending This concludes my IaC in 15 minutes presentation. Thank you for attending and feel free to ask any questions or provide any comment.