Thursday, December 1, 2022
HomeCloud ComputingCisco Cloud Native Safety - Half 2, Provisioning the Infrastructure

Cisco Cloud Native Safety – Half 2, Provisioning the Infrastructure


In half 1 of this weblog collection, we overviewed the totally different instruments  that might be used as you go up the stack from infrastructure to software. On this weblog, we will likely be provisioning our Infrastructure as Code (IaC) utilizing Terraform, Ansible, Jenkins and GitHub. First, we’ll arrange our growth setting with all of the instruments wanted for this deployment. Then we’ll overview our Terraform configuration recordsdata and Ansible playbooks intimately.

As all the time, your growth setting might differ from what’s getting used on this collection, however all of the Dev instruments we will likely be utilizing can be found on Microsoft, Mac, and Linux working techniques. In our case, we will likely be utilizing Ubuntu 20.04 to run all our DevOps instruments.

We’ll deploy the most recent variations of Terraform, Ansible, AWS CLI, Docker, Jenkins and kubectl on our DevBox. Then we create a GitHub repository for supply code administration and model management of our infrastructure. We will likely be utilizing the Cloud Native Safety SPOT-ON Collection repository on this collection. The very first thing we’re going to do is create a function department referred to as infra. We’re going to use function branches to merge our code into the essential department, which is our manufacturing department. When adjustments are made to the essential department, the construct will likely be triggered by Jenkins. For every SPOT-On episode that we create, there will likely be a function department related to it. For instance, within the subsequent episode we’ll deploy our functions, so we’ll create one other function department named apps and merge into essential.

Cloud native security

Video demo for “Establishing the Dev Atmosphere”

Within the subsequent part we may have an in depth take a look at the set up. I’ve additionally created a demo video for these of you preferring to look at as an alternative of learn. For many who choose my detailed written directions, you’ll discover them under. Additionally, don’t fear, this isn’t the final episode within the collection! Subsequent up, we’ll use GitOps and CI/CD to construct and deploy the cloud infrastructure. For now, right here’s my demo video for this Half 2:

Cisco Safe Cloud Native Safety – Half 2.1 – Establishing the Dev Atmosphere

Detailed Directions

If you’re studying this, it means you have an interest to study the main points of this arrange. Let’s soar proper in! First, allow us to take a look at Jenkins. We’ll create a multibranch pipeline named Spot On. We’ll use the Cloud Native Safety SPOT ON Collection as our Department Supply and can uncover all branches.

Secure Cloud Native

The Construct Configuration will likely be outlined by the Jenkinsfile. The Jenkinsfile is the directions of the pipeline itself. We’ll dive deeper into the Jenkinsfile within the subsequent part.

Secure Cloud Native

After we save the pipeline job, Jenkins will scan the GitHub repository and discover the branches we created. When a construct is run it is going to pull down the code from this repository.

Secure Cloud Native

Now that we’ve got our pipeline built-in with our supply code repository, allow us to take a look at the infrastructure as code. Trying on the construction of our infra department we see a Jenkinsfile, which is our Pipeline as Code. We additionally see Terraform recordsdata essential.tf, output.tf, and variables.tf. These Terraform configuration recordsdata are set on the root of the mission, referred to as the Root Module. There may be additionally a modules/infra listing which additionally has a bunch of Terraform recordsdata. This module listing comprises the code that can provision the infrastructure.

Secure Cloud Native

Like we mentioned beforehand, the Jenkinsfile is our Pipeline as Code and offers all of the directions for constructing our pipeline. Trying on the Jenkinsfile first we outline the pipeline brokers. On this case we’re simply utilizing the Jenkins grasp, however we may have an outlined agent for every stage if we want. Subsequent, we set the setting variables. Right here we set the setting identify and ID, the AWS entry and secret keys, in addition to the area, availability zones, SSH key and FTD credentials.

Secure Cloud Native

As you’ll be able to see a few of these variables are outlined right here on the Jenkinsfile, however a few of the variables are referencing the syntax credentials(). Jenkins’ declarative Pipeline makes use of this helper technique which helps secret textual content, username, and password, in addition to secret file credentials. We set these variables in Jenkins on the Handle Jenkins > Handle Credentials web page. This manner we will move these secret variables to Terraform securely.

Secure Cloud Native

The subsequent part of the Jenkinsfile is the place our levels are outlined. For proper now, we solely have one stage which is Construct Atmosphere. Inside every stage we’ve got a number of steps. Step one is simply echoing Constructing Atmosphere on the construct output. The second step will likely be a terraform get –replace, which is used to replace any new Terraform suppliers added to the mission. The third step will initialize all of the suppliers configured within the mission. The fourth step will apply the Terraform configuration passing all of the variables wanted to provision the setting.

Secure Cloud Native

Allow us to take a look at the Terraform configuration recordsdata. The primary file to dive into is essential.tf. This file is about on the root of the mission, that means it’s within the root module. On this file we outline one other module named Infrastructure which is sourced from ./modules/infra. You may consider a module as a perform in different programming languages. On this case we create a module to deploy our infrastructure and move the required setting variables to this module. Why would we do that? For instance, let’s say we’ve got a number of environments, reminiscent of Dev, Take a look at, QA, and Prod. We wish the deploy every setting with the identical precise sources, however the setting variables reminiscent of IP addresses, subnets, areas, and zones ought to be totally different. We additionally set our Terraform Suppliers right here in essential.tf.

Secure Cloud Native

There may be additionally a variables.tf file situated within the root module. These are the identical variables we’re passing from Jenkins as proven above, we’re simply declaring them in Terraform.

Then we’ve got the modules/infra listing which is the place the infrastructure module config recordsdata are situated. On this listing we see one other essential.tf and variables.tf recordsdata. This will likely appear redundant however consider this like how we set international variables and native variables in different programming languages. On this case we’re defining variables within the root module and passing them to the infra module, which might be the identical as declaring variables globally and passing them variables as arguments to the perform.

There are additionally configuration recordsdata for the vpc.tf, ftdv.tf, and eks.tf. Every one in every of these recordsdata provisions their respective configurations. We may put all these configurations into one file however breaking it up makes it simpler to learn and extra modular. There may be additionally a file named ftdv_ansible_deploy.tf. We use this Terraform configuration file to run our Ansible playbooks in a Docker container. These Ansible playbooks are used to configure the Safe Firewall coverage we’ve got deployed on one in every of our EC2 situations.

Secure Cloud Native    Secure Cloud Native

Keep tuned

Within the subsequent episode of this collection, we’ll use GitOps and CI/CD to construct and deploy the cloud infrastructure. Hope to see you again once more!

Please let me know when you’ve got any questions, both within the “feedback” part under, or through the GitHub points.

 


We’d love to listen to what you suppose. Ask a query or go away a remark under.
And keep related with Cisco DevNet on social!

LinkedIn | Twitter @CiscoDevNet | Fb Developer Video Channel

 

Share:



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments