First in a series of posts about how CloudGeometry enables platform engineering
DevOps is a given in software development today; it's hard to imagine releasing any serious software without it. But even in its 15th year, DevOps is easier said than done.
At CloudGeometry, we have lived through these challenges daily for more than a decade. Having organized and optimized software delivery across hundreds of client engagements and workloads, we've seen important DevOps problems come up again and again. Over time, we've accumulated lessons learned to let us more easily streamline end-to-end software delivery, especially for cloud-native adoption, across our client base.
Recently, the industry has converged on the term "Platform Engineering," with a working definition established by the CNCF. While there are many ways to meet the aspirations of platform engineering, we at CloudGeometry have been refining a reference implementation designed to use the proven open-source technologies we have used on many client engagements. We are consolidating our successful best practices and known good solutions in a project we call CGDevX. You'll find our ongoing efforts in our repo at GitHub.
A key plank in any approach to platform engineering is in the infrastructure-as-code strategies known collectively as GitOps. Here's a video where we demonstrate how we put GitOps into action through CGDevX. You'll find a summary of the key elements of the demo below the video.
Video Highlights
In this demo, we illustrate our approach to leveraging GitOps to manage ongoing infrastructure changes more efficiently. We focus on standardizing workflows using Infrastructure as Code (IaC) with tools like Terraform and Atlantis, ensuring cloud-agnostic infrastructure within a structured GitOps workflow. Here's a summary highlighting the key aspects of the demonstration:
- Introduction to GitOps Infrastructure Management: We begin by outlining our objective to streamline infrastructure management for applications using the classic IaC approach, powered by Terraform. Our goal is to establish a cloud-agnostic infrastructure anchored in a well-structured GitOps workflow, enhancing IaC visibility and compliance through explicit audit logs.
- Setting Up GitOps Repository: We start with the GitOps repository we previously created, managing all core infrastructure and services around Kubernetes. This includes cloning the repo and making necessary changes for new applications, focusing on the 'registry' and 'terraform' directories for Helm charts and IaC.
- Resource Provisioning and User Accounts: We create a new branch for provisioning resources needed for our application, separating platform code from application code. This step includes setting up directories for application code and GitOps configurations. We then create user accounts, emphasizing the use of Vault for user authentication.
- Admin and Developer User Setup: We demonstrate how to add new admin and developer users by copying templates, updating credentials, and integrating them with Terraform. This includes managing global secrets with Vault for better environment management.
- Implementing Changes via Pull Request Automation: With the changes complete, we commit them and open a pull request. We use Atlantis for pull request automation, ensuring a code review approach to operations workflow. This process allows for catching errors in the Terraform plan and serves as an audit log for compliance.
- Applying and Monitoring Changes: Atlantis automatically picks up the pull request, adds a Terraform plan, and monitors changes in key IaC folders. We apply changes through comments, allowing Atlantis to merge and close the pull request automatically.
- Verification of Changes: We verify the creation of new repositories and users as specified in the GitOps repo. We also check the newly added user credentials and secrets in Vault, confirming limited access for new users.
- Integration with Argo CD: We conclude by logging into Argo CD using Vault as the identity provider, showcasing the seamless integration of user management and repository provisioning.
Bottom line: by using GitOps and IaC, combined with tools like Terraform and Atlantis, the approach we put in play in CGDevX can transform infrastructure management and DevOps. By enabling developer self-service and automating the application of changes, we ensure safe and secure infrastructure modifications. An important plus: it also streamlines the workflow but also enhances auditability and compliance, paving the way for a more efficient and controlled operational environment.