Cybric CTO: What is infrastructure as code & how do we build it?
This is a short but punchy guest post written for the Computer Weekly Developer Network by Mike Kail in his capacity as CTO of Cybric.
Described as a continuous application security platform, Cybric claims to be able to continuous integrate security provisioning, management and controls into the Continuous Integration (CI) Continuous Deployment (CD) loop and lifecycle.
Given that we now move to a world where software-defined everything becomes an inherent part of the DNA used in all codestreams, we are now at the point of describing infrastructure as code — but beyond our notions of what Infrastructure (IaaS) means in cloud computing spheres, what does infrastructure as code really mean?
Kail writes as follows…
By now, I’m sure most, if not all have at least heard the term “Infrastructure as Code” (IaC).
Below I succinctly define it and then provide some guidance on how to start evolving infrastructure and application deployments to leverage its benefits.
IaC is also a key practice in a DevOps culture, so if that evolution is part of your overall plan, this will be of use to you.
Infrastructure as Code replaces the use of manual tasks and processes to deploy IT infrastructure and instead is deployed and managed through code, which is also known as ‘programmable infrastructure’.
3 components of IaC
The three components of IaC are:
- Images – create a ‘golden master’ base image using a tool such as Packer.
- Blueprint – define the infrastructure using DSL (Domain Specific Language).
- Automation – leverage APIs to query/update infrastructure.
These components can be viewed as the initial logical steps in transitioning to IaC, but none of them should ever be considered “done”.
The image definition files will need to be updated as updates to the components of an image are released, the infrastructure blueprint will evolve as the solution scales and features/services are added, and there will certainly always be areas to automate further.
One thing to keep an eye on is making sure that no one bypasses the IaC pipeline and makes changes out-of-band as that will result in what is known as ‘configuration drift’, where portions of the infrastructure don’t match the rest and that often results in strange errors that are difficult to debug.
In closing, I’d also suggest one of the core tenets of the DevOps culture, measurement, be used so that teams can track improvements in deployment efficiency, infrastructure availability, and other KPIs.