Infrastructure as Code - a Summary

Adhere to DORA's Accelerate research, track Delivery lead time, Deployment frequency, Change fail percentage and Mean Time to Restore. Prioritize speed and quality by continuously deliver infrastructure changes through code and automated pipelines.


Define everything as code. Continuously test and deliver all work in progress. Build small, simple pieces that you can change independently.

You need a Cloud Age mindset, exploiting speed to improve quality and building quality in to gain speed. Automating your infrastructure takes work, but doing it helps you make changes (and build better systems from scratch).

Assume that systems are unreliable. Make everything reproducible. Avoid snowflake systems that you dare not touch. Create disposable things. Minimize variation to simplify maintenance, even if you dockerize everything. Ensure that you can repeat any action.

Minimize configuration. If you need radically different stacks/environments/instances, define a different project/template that describes a majority of those differences.

Avoid creating unnecessary stages in your pipeline, as each stage adds time and cost to your delivery process. Only add tests that deliver value. Consider that you can test different things during different stages of your pipeline and that tests get more valuable as they test more components. Tests should focus on common issues, variable outcomes and combinations of code.

Use sound software development practices when developing infrastructure as code. Refactor components so that they can be isolated. Use mock services when needed to isolate a component for testing. If your tooling supports it, use role inheritance to define a common base set of features and then create specializations from those.

Don't keep your test environments around. Rebuild them continuously.

Things have a habit of changing on a server when you aren't paying attention. Be especially wary of "quick changes" that we're sure won't break anything, and therefore don't remember making. Patching a server is an anti-pattern. Rebuild it instead.

Managed Kubernetes Clusters are not a Cloud Abstraction Layer. Applications need to access other resources, such as storage and networking, which will be provided differently by different platforms. Also consider other services such as monitoring, identity and secrets management. Again, these are much easier to cope with when they're tied into your cloud infrastructure, which adds to the difficulty of moving a K8s application from one provider to another.

The goal of modularity is to make it easier and safer to make changes to a system.

Reuse increases coupling.

Maintain small, focused source code repositories. Optimize for change and for domain concepts. Instead of maintaining a file with all firewall rules, maintain settings close to its consumer (e.g. firewall rules for this particular application).

Through IaaC practices, infrastructure code can be designed, reviewed and reused across multiple environments and systems. You don't need a lengthy design, review and signoff exercise for each new server or environment, if you use code that has already been through that process.

Your code creates environments far more consistently than humans, even if they try to follow checklists.

Automated testing, including for governance concerns like security and compliance, gives people working on infrastructure code fast feedback. They can correct many problems as they work, without needing to involve specialists for routine issues.

People who aren't specialists can make changes to the code for potentially sensitive reas of infrastructure such as networking and security policies, having specialists sanity check and review these changes in code.

The infrastructure codebase and pipelines used to deliver changes to production instances can be organised based on their governance requirements so a security policy change goes through a review and signoff step not necessarily required for changes to less sensitive areas.

Make small changes and continually apply these changes through a pipeline. Refactor your infrastructure code in order to create seams. Feature toggles are a powerful technique to introduce changes. 

When making a change, consider expanding your API surface to accommodate the new functionality, shift traffic over to the new resources and then remove old resources.

Plan for failure. Make up a rudimentary plan where you address what you can come up with. Little is better than nothing. Then iterate.


Comments

Post a Comment

Popular posts from this blog

Auto Mapper and Record Types - will they blend?

Image
TL;DR: Yes, they will. Thank you for your time. 😄 Background At Redgate, engineers enjoy a great benefit in that we get are expected to spend 10% of our time to improve on our craft.  Having suffered this week with manually having to copy a bunch of properties from a domain object to its HTTP representation, I decided to spend this week's 10% time to see if I could answer the following questions: Can use AutoMapper to simplify mapping between two types?  Does it also allow me to map between a regular type and a record type? What about the other way around? Can I use this to reduce the maintenance burden in my product? Mapping between two types [automapper fundamentals] To started and get a basic mapping done, created a .NET 5 ASP.NET Web API project, added the below package references and configured automapper : < PackageReference Include ="AutoMapper" Version ="10.1.1" /> < PackageReference Include ="AutoMapper.Extensions.Microsoft.DependencyInj
Read more

Unit testing your Azure functions - part 2: Queues and Blobs

In our last installment , we discovered how to start unit testing our Azure Functions, looking at the HTTP Trigger (and evaulating the function's HTTP response). This time, we'll take a look at using the QueueTrigger, getting supporting data from table storage and outputting Blobs. Yup, I'm tossing you into the deep end! What are we trying to accomplish? This time, we will test a function that performs some arbitrary business logic on bank accounts. The function responds to a storage queue request, logs each command and ensures that each received command is executed exactly once. Almost like a real-world function, huh? ;-) In the function above, we are introduced to three types that we need to deal with in our unit tests - the IQueryable interface, IAsyncCollector and the CloudBlockBlob concrete type. IQueryable is easy enough to work with: Introducing the Testable Async Collector When I first started exploring this topic, I figured I could just use my favourit
Read more

Testing WCF services with user credentials and binary endpoints

Image
This article discusses the following error messages that you might receive from a WCF service An error occurred when verifying security for the message HTTP/1.1 415 Cannot process the message because the content type 'application/soap+xml;charset=UTF-8;action="..."' was not the expected type 'application/soap+msbin1' When doing analysis work on existing services, invoking them in a safe test environment is a handy way of getting an understanding of their operations, especially if the documentation has gone missing (or was never written). SoapUI is a tool that can be used to test WCF Services, but did you know that Visual Studio also comes with its own set of tools? Let's start with SoapUI, which is available from  http://www.soapui.org/ . Its operations are quite straight-forward; however, you might run into issues when trying to access services that are protected by user credentials, or when accessing services with binary endpoints. I
Read more