Infrastructure as Code, Patterns and Practices

Infrastructure as Code, Patterns and Practices

by Rosemary Wang
Released August 2022
Publisher(s): Manning Publications
ISBN: 9781617298295

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Use Infrastructure as Code (IaC) to automate, test, and streamline infrastructure for business-critical systems.

In Infrastructure as Code, Patterns and Practices you will learn how to:

  • Optimize infrastructure for modularity and isolate dependencies
  • Test infrastructure configuration
  • Mitigate, troubleshoot, and isolate failed infrastructure changes
  • Collaborate across teams on infrastructure development
  • Update infrastructure with minimal downtime using blue-green deployments
  • Scale infrastructure systems supporting multiple business units
  • Use patterns for provisioning tools, configuration management, and image building
  • Deliver secure infrastructure configuration to production

Infrastructure as Code, Patterns and Practices teaches you to automate infrastructure by applying changes in a codified manner. You’ll learn how to create, test, and deploy infrastructure components in a way that’s easy to scale and share across an entire organization. The book is full of flexible automation techniques that work whether you’re managing your personal projects or making live network changes across a large enterprise.

A system administrator or infrastructure engineer will learn essential software development practices for managing IaC, while developers will benefit from in-depth coverage of assembling infrastructure as part of DevOps culture. While the patterns and techniques are tool agnostic, you’ll appreciate the easy-to-follow examples in Python and Terraform.

About the Technology
Infrastructure as Code is a set of practices and processes for provisioning and maintaining infrastructure using scripts, configuration, or programming languages. With IaC in place, it’s easy to test components, implement features, and scale with minimal downtime. Best of all, since IaC follows good development practices, you can make system-wide changes with just a few code commits!

About the Book
Infrastructure as Code, Patterns and Practices teaches flexible techniques for building resilient, scalable infrastructure, including structuring and sharing modules, migrating legacy systems, and more. Learn to build networks, load balancers, and firewalls using Python and Terraform, and confidently update infrastructure while your software is running. You’ll appreciate the expert advice on team collaboration strategies to avoid instability, improve security, and manage costs.

What's Inside
  • Optimize infrastructure for modularity and isolate dependencies
  • Mitigate, troubleshoot, and isolate failed infrastructure changes
  • Update infrastructure with minimal downtime using blue-green deployments
  • Use patterns for provisioning tools, configuration management, and image building


About the Reader
For infrastructure or software engineers familiar with Python, provisioning tools, and public cloud providers.

About the Author
Rosemary Wang is an educator, contributor, writer, and speaker. She has worked on many infrastructure as code projects, and open source tools such as Terraform, Vault, and Kubernetes.

Quotes
Goes deep into fundamentals like reusability, idempotency, modularity, and evolvability while staying tool agnostic. A great read!
- Lucian Maly, Red Hat

Clear and comprehensive. Learn to automate your infrastructure in a reliable and replicable way.
- Cosimo Attanasi, ER Sistemi

Helps teams apply IaC best practices in real-world projects.
- David Krief, Altansia

Critical insights and practical knowledge. Th is book is a truly great resource!
- Jeremy Bryan, Anchore

Table of contents

  1. inside front cover
  2. Infrastructure as Code, Patterns and Practices
  3. Copyright
  4. contents
  5. front matter
    1. preface
    2. acknowledgments
    3. about this book
      1. Who should read this book?
      2. How this book is organized: A roadmap
      3. About the code
      4. liveBook discussion forum
      5. About the cloud provider
      6. Other online resources
    4. about the author
    5. about the cover illustration
  6. Part 1. First steps
  7. 1 Introducing infrastructure as code
    1. 1.1 What is infrastructure?
    2. 1.2 What is infrastructure as code?
      1. 1.2.1 Manual configuration of infrastructure
      2. 1.2.2 Infrastructure as code
      3. 1.2.3 What is not infrastructure as code?
    3. 1.3 Principles of infrastructure as code
      1. 1.3.1 Reproducibility
      2. 1.3.2 Idempotency
      3. 1.3.3 Composability
      4. 1.3.4 Evolvability
      5. 1.3.5 Applying the principles
    4. 1.4 Why use infrastructure as code?
      1. 1.4.1 Change management
      2. 1.4.2 Return on time investment
      3. 1.4.3 Knowledge sharing
      4. 1.4.4 Security
    5. 1.5 Tools
      1. 1.5.1 Examples in this book
      2. 1.5.2 Provisioning
      3. 1.5.3 Configuration management
      4. 1.5.4 Image building
    6. Summary
  8. 2 Writing infrastructure as code
    1. 2.1 Expressing infrastructure change
    2. 2.2 Understanding immutability
      1. 2.2.1 Remediating out-of-band changes
      2. 2.2.2 Migrating to infrastructure as code
    3. 2.3 Writing clean infrastructure as code
      1. 2.3.1 Version control communicates context
      2. 2.3.2 Linting and formatting
      3. 2.3.3 Naming resources
      4. 2.3.4 Variables and constants
      5. 2.3.5 Parametrize dependencies
      6. 2.3.6 Keeping it a secret
    4. Summary
  9. 3 Patterns for infrastructure modules
    1. 3.1 Singleton
    2. 3.2 Composite
    3. 3.3 Factory
    4. 3.4 Prototype
    5. 3.5 Builder
    6. 3.6 Choosing a pattern
    7. Summary
  10. 4 Patterns for infrastructure dependencies
    1. 4.1 Unidirectional relationships
    2. 4.2 Dependency injection
      1. 4.2.1 Inversion of control
      2. 4.2.2 Dependency inversion
      3. 4.2.3 Applying dependency injection
    3. 4.3 Facade
    4. 4.4 Adapter
    5. 4.5 Mediator
    6. 4.6 Choosing a pattern
    7. Summary
  11. Part 2. Scaling with your team
  12. 5 Structuring and sharing modules
    1. 5.1 Repository structure
      1. 5.1.1 Single repository
      2. 5.1.2 Multiple repositories
      3. 5.1.3 Choosing a repository structure
    2. 5.2 Versioning
    3. 5.3 Releasing
    4. 5.4 Sharing modules
    5. Summary
  13. 6 Testing
    1. 6.1 The infrastructure testing cycle
      1. 6.1.1 Static analysis
      2. 6.1.2 Dynamic analysis
      3. 6.1.3 Infrastructure testing environments
    2. 6.2 Unit tests
      1. 6.2.1 Testing infrastructure configuration
      2. 6.2.2 Testing domain-specific languages
      3. 6.2.3 When should you write unit tests?
    3. 6.3 Contract tests
    4. 6.4 Integration tests
      1. 6.4.1 Testing modules
      2. 6.4.2 Testing configuration for environments
      3. 6.4.3 Testing challenges
    5. 6.5 End-to-end tests
    6. 6.6 Other tests
    7. 6.7 Choosing tests
      1. 6.7.1 Module-testing strategy
      2. 6.7.2 Configuration testing strategy
      3. 6.7.3 Identifying useful tests
    8. Summary
  14. 7 Continuous delivery and branching models
    1. 7.1 Delivering changes to production
      1. 7.1.1 Continuous integration
      2. 7.1.2 Continuous delivery
      3. 7.1.3 Continuous deployment
      4. 7.1.4 Choosing a delivery approach
      5. 7.1.5 Modules
    2. 7.2 Branching models
      1. 7.2.1 Feature-based development
      2. 7.2.2 Trunk-based development
      3. 7.2.3 Choosing a branching model
    3. 7.3 Peer review
    4. 7.4 GitOps
    5. Summary
  15. 8 Security and compliance
    1. 8.1 Managing access and secrets
      1. 8.1.1 Principle of least privilege
      2. 8.1.2 Protecting secrets in configuration
    2. 8.2 Tagging infrastructure
    3. 8.3 Policy as code
      1. 8.3.1 Policy engines and standards
      2. 8.3.2 Security tests
      3. 8.3.3 Policy tests
      4. 8.3.4 Practices and patterns
    4. Summary
  16. Part 3. Managing production complexity
  17. 9 Making changes
    1. 9.1 Pre-change practices
      1. 9.1.1 Following a checklist
      2. 9.1.2 Adding reliability
    2. 9.2 Blue-green deployment
      1. 9.2.1 Deploying the green infrastructure
      2. 9.2.2 Deploying high-level dependencies to the green infrastructure
      3. 9.2.3 Using a canary deployment to the green infrastructure
      4. 9.2.4 Performing regression testing
      5. 9.2.5 Deleting the blue infrastructure
      6. 9.2.6 Additional considerations
    3. 9.3 Stateful infrastructure
      1. 9.3.1 Blue-green deployment
      2. 9.3.2 Update delivery pipeline
      3. 9.3.3 Canary deployment
    4. Summary
  18. 10 Refactoring
    1. 10.1 Minimizing the refactoring impact
      1. 10.1.1 Reduce blast radius with rolling updates
      2. 10.1.2 Stage refactoring with feature flags
    2. 10.2 Breaking down monoliths
      1. 10.2.1 Refactor high-level resources
      2. 10.2.2 Refactor resources with dependencies
      3. 10.2.3 Repeat refactoring workflow
    3. Summary
  19. 11 Fixing failures
    1. 11.1 Restoring functionality
      1. 11.1.1 Rolling forward to revert changes
      2. 11.1.2 Rolling forward for new changes
    2. 11.2 Troubleshooting
      1. 11.2.1 Check for drift
      2. 11.2.2 Check for dependencies
      3. 11.2.3 Check for differences in environments
    3. 11.3 Fixing
      1. 11.3.1 Reconcile drift
      2. 11.3.2 Reconcile differences in environments
      3. 11.3.3 Implement the original change
    4. Summary
  20. 12 Cost of cloud computing
    1. 12.1 Manage cost drivers
      1. 12.1.1 Implement tests to control cost
      2. 12.1.2 Automate cost estimation
    2. 12.2 Reduce cloud waste
      1. 12.2.1 Stop untagged or unused resources
      2. 12.2.2 Start and stop resources on a schedule
      3. 12.2.3 Choose the correct resource type and size
      4. 12.2.4 Enable autoscaling
      5. 12.2.5 Set a resource expiration tag
    3. 12.3 Optimize cost
      1. 12.3.1 Build environments on demand
      2. 12.3.2 Use multiple clouds
      3. 12.3.3 Assess data transfer between regions and clouds
      4. 12.3.4 Test in production
    4. Summary
  21. 13 Managing tools
    1. 13.1 Using open source tools and modules
      1. 13.1.1 Functionality
      2. 13.1.2 Security
      3. 13.1.3 Life cycle
    2. 13.2 Upgrading tools
      1. 13.2.1 Pre-upgrade checklist
      2. 13.2.2 Backward compatibility
      3. 13.2.3 Breaking changes in upgrades
    3. 13.3 Replacing tools
      1. 13.3.1 New tool supports import
      2. 13.3.2 No import capability
    4. 13.4 Event-driven IaC
    5. Summary
  22. Appendix A. Running examples
    1. A.1 Cloud providers
      1. A.1.1 Google Cloud Platform
      2. A.1.2 Amazon Web Services
      3. A.1.3 Microsoft Azure
    2. A.2 Python
      1. A.2.1 Install Python libraries
      2. A.2.2 Run Python
    3. A.3 HashiCorp Terraform
      1. A.3.1 JSON configuration syntax
      2. A.3.2 Initialize state
      3. A.3.3 Set credentials in your terminal
      4. A.3.4 Apply Terraform
      5. A.3.5 Clean up
  23. Appendix B. Solutions to exercises
  24. index
  25. inside back cover

Product information

  • Title: Infrastructure as Code, Patterns and Practices
  • Author(s): Rosemary Wang
  • Release date: August 2022
  • Publisher(s): Manning Publications
  • ISBN: 9781617298295