Pages

Sunday, April 24, 2022

Infrastructure as Code in 15 Minutes PowerPoint Presentation

It’s finally April and this month is typically when I perform a bit of spring cleaning on my laptop to avoid having files and folders become too disorganized. One of the files I came across as I sorted away my documents folder is a PowerPoint I created a while back when I interviewed for a role where I was asked to create a presentation on a topic of my choice and present it to 5 interviewers. Rather than choosing a topic I was extremely fluent with, I decided to try my luck with something I was learning at the time and that was Infrastructure as Code with Terraform. I did not want the presentation to be too focused on a specific vendor so I spent most of the time talking about the benefits of IaC, then using Terraform as a solution. The window I had to work with was 30 minutes so I kept the presentation short to leave some time at the end for questions. The feedback I received was very positive as 3 of the 5 interviewers expressed how much they liked my presentation. Given that this presentation was created with my own personal time, I think it would be great to share it out in case anyone is looking for material to introduce an audience to IaC. This specific role I interviewed for had a special place in my heart because of the interviewers I had the opportunity to meet and how supportive everyone of them were. The marathon of interviews were long but extremely gratifying and I enjoyed the experience even though I wasn’t selected in the end.

Without further without further ado, the PowerPoint presentation can be downloaded here: https://docs.google.com/presentation/d/1v8X1e9RimDdkpiR01Rj5et_Mnip5n0u0/edit?usp=sharing&ouid=111702981669472586918&rtpof=true&sd=true

I will also paste the content of the presentation below along with the notes I used during the presentation. Enjoy!

image

Intro

Good afternoon everyone and thank you for attending this presentation. The topic I will be presenting is Infrastructure as Code in 15 minutes.

image

Agenda

The agenda today will begin with a look at how we traditionally deploy infrastructure, followed by What is Infrastructure as Code, also known as IaC. Then the benefits of IaC, what is imperative vs declarative, IaC with Terraform, IaC in DevOps Pipelines, a sample setup and finally Q&A.

image

Traditional infrastructure deployment

The tools for infrastructure deployment has traditionally been through the use of a graphical user interface and scripts. As user friendly GUIs are, the obvious challenges is that it is very much a manual and time-consuming process and prone to the errors that the administrators performing the configuration can make. Attempting to maintain consistency is very difficult thus leading to configuration drift and trying to keep multiple environments that are meant to mirror one another in lockstep is challenging. Trying to scale the environment is cumbersome (e.g. deploy more instances of VMs or add new subnets). Lastly, there isn’t an easy way to easily document the environment other than screenshots and spreadsheets containing configuration values.

Scripting adds a bit of automation but often difficult to maintain through time.

image

What is Infrastructure as Code?

Infrastructure as Code is the essentially managing and provisioning infrastructure through code. Leveraging code means that we can now introduce automation of the management of the infrastructure whether it is creating new resources or making modifications to them. Infrastructure of Code can be implemented as imperative or declarative, which is an important topic we will cover shortly.

image

Benefits of IaC

To further elaborate on the benefits of IaC, it is now possible to not only automate the deployment in one cloud but across multiple clouds such as GCP, Azure and AWS. The speed and efficiency of deployment can be greatly increased as the process eliminates the manual points and clicks of the administrator, the process is also repeatable and consistent allowing multiple environments to be deployed in lockstep. The code can easily be source controlled with versioning which will give way to team collaboration through Continuous Integration. CI/CD pipelines can be used to develop and deploy the infrastructure leveraging all the benefits of DevOps. Infrastructure management can simplified and standardized through policies and scale at ease – so think about tweaking a variable to scale from 1 to 100 rather than going into a GUI and deploying or cloning resources multiple times. Static application security testing, which is the process of reviewing source code and detecting vulnerabilities can now be performed rather than trying to comb through the deployment configuration documentation or GUI post deployment of the infrastructure. Manual labour is significantly reduced.

image

Imperative vs Declarative

One of the important aspects of IaC is the concept of imperative vs declarative. To put it in simple terms, let’s consider the end state or goal we want to achieve is to get to a pizza restaurant. Imperative can be described as “what to do” while declarative is “what is wanted.” So let’s say we hop into a taxi and want to get to this end state. An example of imperative instructions would be to tell the taxi driver to go:

  • Forward 1 mile
  • Turn right
  • Forward 2 miles
  • Turn left
  • Forward 3 miles
  • Arrive at pizza restaurant

While declarative is:

  • Go to the pizza restaurant.

image

Let’s dissect the differences and outline them.

With imperative, the starting point matters because we are explicitly calling out each action to get to the end state. This leads to difficulty in auditing the steps and trying to detect drift when changes are made. Version control is challenging if even possible, if the steps execute half way and stop due to error, you cannot repeat the steps without ending in a completely different state. The logic can get very complex as ordering matters and trying to change the destination state requires modifications to the steps.

Declarative, on the other hand, allows the starting point to be anywhere because the engine delivering or carrying you to the end state will handle the directions. Declarative is idempotent in nature so you can run it as many times as you want without affecting the state. The code can also be repeatedly ran in a pipeline to create multiple environments in lockstep. Having removed the detailed imperative steps, we can easily validate and detect any drift and introduce version control. Lastly, we can change the destination without worrying about changing the steps.

image

IaC with Terraform

One of the popular IaC solutions currently on the market is Terraform. It is written and compiled in Go and is a declarative language known as HashiCorp Configuration Language (HCL) and has multi-cloud support. The way it handles deployments to multiple clouds is through the use of providers and there are approximately 1521 providers currently available on their site. Terraform is written in plain text and can be source controlled with Git or Terraform cloud. Security can be introduced through RBAC so multiple workspaces for different teams managing different environments or components of it can only make changes to their environments. Lastly, policies with automation can be introduced to provide control and governance.

image

IaC with DevOps Pipelines

What IaC enables, which I feel is the most powerful aspect, is the use of pipelines. With IaC we can now leverage the DevOps methodology with CI/CD pipelines to deploy infrastructure. Pipelines can be created to only deploy infrastructure or can incorporate the deployment of infrastructure as a part of an application., which means the IaC is only a small component of the pipeline. The flow diagram shown here is a simplified version depicting of the process as we can integrate many different stages into the pipelines such as security scans and testing. This unlocks true automation and different release strategies.

image

Sample Setup

To demonstrate how we can fully automate the deployment of cloud resources, I have prepared a simple sample configuration where I will go through the setup in the following slides.

image

Prerequisites

We will assume that Jenkins along with the Terraform plugin is deployed, a GitHub repot with terraform deployment code is created and a service principal (in this case Azure) will be setup for Jenkins so it can deploy resources. So as show in the screenshots, we’ll have Jenkins, the Terraform plugin installed, the GitHub repo where the Terraform code is pulled and finally the service principal created in Azure.

image

Create Jenkins Pipeline

First, we’ll write the following Jenkins pipeline 4 stages for the infrastructure deployment. The first stage is named:

  • Checkout, which will checkout the code in the GitHub repo
  • The second will be to initialize Terraform downloading the required provider
  • Then Terraform plan will be executed so Terraform can perform a dry run which typically outputs to the console for the changes
  • Then Terraform apply or destroy will be executed to either deploy or remove the infrastructure

image

Parameterize the Jenkins pipeline

This simple setup will require administration intervention by choosing either to apply or destroy so we’ll configure a choice parameter for the pipeline. Note that we can also use triggers to automatically initiate the build through commits.

image

With the execution parameters setup, we will proceed to paste the code into the pipeline.

image

Build Pipeline

Then finally with the pipeline configured, we’ll initiate the pipeline build interactively by choosing apply, then we can view the progress as shown in the screenshot above. Once the build is complete, we should see the resources in Azure.

This short demonstration only scratches the surface of what are the limitless possibilities of IaC with pipelines. Other examples could be that a pipeline deploys an application which will include the infrastructure build as a step for the target infrastructure.

image

Ending

This concludes my IaC in 15 minutes presentation. Thank you for attending and feel free to ask any questions or provide any comment.

No comments: