Use Infrastructure as Code (IaC) to automate, test, and streamline infrastructure for business-critical systems.
In Infrastructure as Code, Patterns and Practices you will learn how to:
• Optimize infrastructure for modularity and isolate dependencies
• Test infrastructure configuration
• Mitigate, troubleshoot, and isolate failed infrastructure changes
• Collaborate across teams on infrastructure development
• Update infrastructure with minimal downtime using blue-green deployments
• Scale infrastructure systems supporting multiple business units
• Use patterns for provisioning tools, configuration management, and image building
• Deliver secure infrastructure configuration to production
Infrastructure as Code, Patterns and Practices teaches you to automate infrastructure by applying changes in a codified manner. You’ll learn how to create, test, and deploy infrastructure components in a way that’s easy to scale and share across an entire organization. The book is full of flexible automation techniques that work whether you’re managing your personal projects or making live network changes across a large enterprise.
A system administrator or infrastructure engineer will learn essential software development practices for managing IaC, while developers will benefit from in-depth coverage of assembling infrastructure as part of DevOps culture. While the patterns and techniques are tool agnostic, you’ll appreciate the easy-to-follow examples in Python and Terraform.
About the technology
Infrastructure as Code is a set of practices and processes for provisioning and maintaining infrastructure using scripts, configuration, or programming languages. With IaC in place, it’s easy to test components, implement features, and scale with minimal downtime. Best of all, since IaC follows good development practices, you can make system-wide changes with just a few code commits!
About the book
Infrastructure as Code, Patterns and Practices teaches flexible techniques for building resilient, scalable infrastructure, including structuring and sharing modules, migrating legacy systems, and more. Learn to build networks, load balancers, and firewalls using Python and Terraform, and confidently update infrastructure while your software is running. You’ll appreciate the expert advice on team collaboration strategies to avoid instability, improve security, and manage costs.
what's inside
• Optimize infrastructure for modularity and isolate dependencies
• Mitigate, troubleshoot, and isolate failed infrastructure changes
• Update infrastructure with minimal downtime using blue-green deployments
• Use patterns for provisioning tools, configuration management, and image building
About the reader
For infrastructure or software engineers familiar with Python, provisioning tools, and public cloud providers.
About the author
Rosemary Wang is an educator, contributor, writer, and speaker. She has worked on many infrastructure as code projects, and open source tools such as Terraform, Vault, and Kubernetes.
Author(s): Rosemary Wang
Edition: 1
Publisher: Manning Publications
Year: 2022
Language: English
Commentary: Vector PDF
Pages: 400
City: Shelter Island, NY
Tags: Cloud Computing; Security; Python; Design Patterns; Refactoring; Continuous Delivery; Kubernetes; Unit Testing; Compliance; YAML; Git; Integration Testing; Testing; Complexity; Terraform; Infrastructure as Code; Cost Optimization; Dependency Injection; Version Control Systems; GitOps; Dependency Management; End-to-end Tests; Contract Tests; Policy as Code; Blue-green Deployment
Infrastructure as Code, Patterns and Practices
brief contents
contents
preface
acknowledgments
about this book
Who should read this book?
How this book is organized: A roadmap
About the code
liveBook discussion forum
About the cloud provider
Other online resources
about the author
about the cover illustration
Part 1 First steps
1 Introducing infrastructure as code
1.1 What is infrastructure?
1.2 What is infrastructure as code?
1.2.1 Manual configuration of infrastructure
1.2.2 Infrastructure as code
1.2.3 What is not infrastructure as code?
1.3 Principles of infrastructure as code
1.3.1 Reproducibility
1.3.2 Idempotency
1.3.3 Composability
1.3.4 Evolvability
1.3.5 Applying the principles
1.4 Why use infrastructure as code?
1.4.1 Change management
1.4.2 Return on time investment
1.4.3 Knowledge sharing
1.4.4 Security
1.5 Tools
1.5.1 Examples in this book
1.5.2 Provisioning
1.5.3 Configuration management
1.5.4 Image building
Summary
2 Writing infrastructure as code
2.1 Expressing infrastructure change
2.2 Understanding immutability
2.2.1 Remediating out-of-band changes
2.2.2 Migrating to infrastructure as code
2.3 Writing clean infrastructure as code
2.3.1 Version control communicates context
2.3.2 Linting and formatting
2.3.3 Naming resources
2.3.4 Variables and constants
2.3.5 Parametrize dependencies
2.3.6 Keeping it a secret
Summary
3 Patterns for infrastructure modules
3.1 Singleton
3.2 Composite
3.3 Factory
3.4 Prototype
3.5 Builder
3.6 Choosing a pattern
Summary
4 Patterns for infrastructure dependencies
4.1 Unidirectional relationships
4.2 Dependency injection
4.2.1 Inversion of control
4.2.2 Dependency inversion
4.2.3 Applying dependency injection
4.3 Facade
4.4 Adapter
4.5 Mediator
4.6 Choosing a pattern
Summary
Part 2 Scaling with your team
5 Structuring and sharing modules
5.1 Repository structure
5.1.1 Single repository
5.1.2 Multiple repositories
5.1.3 Choosing a repository structure
5.2 Versioning
5.3 Releasing
5.4 Sharing modules
Summary
6 Testing
6.1 The infrastructure testing cycle
6.1.1 Static analysis
6.1.2 Dynamic analysis
6.1.3 Infrastructure testing environments
6.2 Unit tests
6.2.1 Testing infrastructure configuration
6.2.2 Testing domain-specific languages
6.2.3 When should you write unit tests?
6.3 Contract tests
6.4 Integration tests
6.4.1 Testing modules
6.4.2 Testing configuration for environments
6.4.3 Testing challenges
6.5 End-to-end tests
6.6 Other tests
6.7 Choosing tests
6.7.1 Module-testing strategy
6.7.2 Configuration testing strategy
6.7.3 Identifying useful tests
Summary
7 Continuous delivery and branching models
7.1 Delivering changes to production
7.1.1 Continuous integration
7.1.2 Continuous delivery
7.1.3 Continuous deployment
7.1.4 Choosing a delivery approach
7.1.5 Modules
7.2 Branching models
7.2.1 Feature-based development
7.2.2 Trunk-based development
7.2.3 Choosing a branching model
7.3 Peer review
7.4 GitOps
Summary
8 Security and compliance
8.1 Managing access and secrets
8.1.1 Principle of least privilege
8.1.2 Protecting secrets in configuration
8.2 Tagging infrastructure
8.3 Policy as code
8.3.1 Policy engines and standards
8.3.2 Security tests
8.3.3 Policy tests
8.3.4 Practices and patterns
Summary
Part 3 Managing production complexity
9 Making changes
9.1 Pre-change practices
9.1.1 Following a checklist
9.1.2 Adding reliability
9.2 Blue-green deployment
9.2.1 Deploying the green infrastructure
9.2.2 Deploying high-level dependencies to the green infrastructure
9.2.3 Using a canary deployment to the green infrastructure
9.2.4 Performing regression testing
9.2.5 Deleting the blue infrastructure
9.2.6 Additional considerations
9.3 Stateful infrastructure
9.3.1 Blue-green deployment
9.3.2 Update delivery pipeline
9.3.3 Canary deployment
Summary
10 Refactoring
10.1 Minimizing the refactoring impact
10.1.1 Reduce blast radius with rolling updates
10.1.2 Stage refactoring with feature flags
10.2 Breaking down monoliths
10.2.1 Refactor high-level resources
10.2.2 Refactor resources with dependencies
10.2.3 Repeat refactoring workflow
Summary
11 Fixing failures
11.1 Restoring functionality
11.1.1 Rolling forward to revert changes
11.1.2 Rolling forward for new changes
11.2 Troubleshooting
11.2.1 Check for drift
11.2.2 Check for dependencies
11.2.3 Check for differences in environments
11.3 Fixing
11.3.1 Reconcile drift
11.3.2 Reconcile differences in environments
11.3.3 Implement the original change
Summary
12 Cost of cloud computing
12.1 Manage cost drivers
12.1.1 Implement tests to control cost
12.1.2 Automate cost estimation
12.2 Reduce cloud waste
12.2.1 Stop untagged or unused resources
12.2.2 Start and stop resources on a schedule
12.2.3 Choose the correct resource type and size
12.2.4 Enable autoscaling
12.2.5 Set a resource expiration tag
12.3 Optimize cost
12.3.1 Build environments on demand
12.3.2 Use multiple clouds
12.3.3 Assess data transfer between regions and clouds
12.3.4 Test in production
Summary
13 Managing tools
13.1 Using open source tools and modules
13.1.1 Functionality
13.1.2 Security
13.1.3 Life cycle
13.2 Upgrading tools
13.2.1 Pre-upgrade checklist
13.2.2 Backward compatibility
13.2.3 Breaking changes in upgrades
13.3 Replacing tools
13.3.1 New tool supports import
13.3.2 No import capability
13.4 Event-driven IaC
Summary
appendix A Running examples
A.1 Cloud providers
A.1.1 Google Cloud Platform
A.1.2 Amazon Web Services
A.1.3 Microsoft Azure
A.2 Python
A.2.1 Install Python libraries
A.2.2 Run Python
A.3 HashiCorp Terraform
A.3.1 JSON configuration syntax
A.3.2 Initialize state
A.3.3 Set credentials in your terminal
A.3.4 Apply Terraform
A.3.5 Clean up
appendix B Solutions to exercises
index
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
Infrastructure as Code, Patterns and Practices - back