Scribd
Upload
42 views20 pages

ACE IaC Update 10172022

Uploaded by

Aung Kyaw Thu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
42 views20 pages

ACE IaC Update 10172022

Uploaded by

Aung Kyaw Thu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 20

ACE IaC

INFRASTRUCTURE AS CODE

Developed by Network Engineers

www.aviatrix.com
Aviatrix Certified Engineer – Infrastructure as Code

Topics

Lecture Module

Walkthrough of Lab Guides (Overview)

Walkthrough of Lab 1 (Day 0)

Walkthrough of Lab 2 (Day 1)

Walkthrough of Lab 3 (Day 2)

End

1
Network Engineers = Developers Incognito

● Repeatability in provisioning has historically been achieved via:

● Shell scripts

● Perl scripts

● Python scripts

● Expect/Tcl scripts

● Screen-scraping

● But how do you improve/maintain that code?

● How do you share that code with others?

● How does your organization mitigate risk if something happens to you?

● Git solves all of these problems

2
DevOps Overview

● What is DevOps?

● Software development practices with the goal of shortening SDLC while providing great quality

● Comprises, among many other things:

● CI/CD pipelines

● Version Control Systems (VCS)

● Why should you care?

● Apps started moving from on-prem DCs to public cloud

● Network and security teams were slow to respond to apps

● Networking teams need to respond with the same speed and agility that enterprises expect from being
in the Public Cloud

3
CI/CD and VCS for Network Engineers

● What is a CI/CD pipeline?

● Continuous integration (CI) à Whenever a developer checks in code to the source repository, a build
is automatically triggered, e.g., Jenkins

● Continuous Delivery à Automates the delivery of applications to selected infrastructure


environments. Every change is proven to be deployable at any time.

● CI/CD pipeline is an iterative process that automates software delivery using CI and CD

● What is a Version Control System (VCS)?

● Tool that helps manage changes to files (such as source code or documentation)

● Best example is Git

● GitHub is a cloud-based hosting service for managing Git repositories.

● Why should you care?

● You can build Infrastructure as Code (IaC) in accordance with DevOps practices (Terraform Cloud)

4
Practical GitHub Workflow for Network Engineers

1. Create remote repository on GitHub in one of the following ways:

● From scratch OR

● By forking an existing repository (great for open source projects)

2. Clone a repository

● Downloads a repository that serves as a local working development copy

● Allows you to work in IDE of your choice (vi, emacs, Visual Studio Code, Sublime, Atom, etc.)

3. Use the default branch (Main*)

4. After editing your files, ‘save it’ with the following 3-step process:

a) Issue a git add – stage the file

b) Issue a git commit – create a snapshot of the stage with a log message
Can be combined
c) Issue a git push – push the commit to the remote repository on GitHub

* Formerly known as Master (https://github.blog/changelog/2020-10-01-the-default-branch-for-newly-created-repositories-is-now-main/)

5
Infrastructure as
Code

www.aviatrix.com
What it is

● The management of infrastructure (networks, virtual machines, load balancers, and connection topology) in a
descriptive model, using the same versioning as DevOps team uses for source code. Like the principle that the same
source code generates the same binary, an IaC model generates the same environment every time it is applied.
- https://docs.microsoft.com/en-us/azure/devops/learn/what-is-infrastructure-as-code

● Cloud-native IaC tools

● AWS – CloudFormation

● Azure – Azure Resource Manager

● GCP – Deployment Manager

● Re-tooling needed when going multi-cloud!

● Need a cloud-agnostic IaC tool à Terraform

7
Terraform

www.aviatrix.com
What it is

● Use Infrastructure as Code to provision and manage any cloud, infrastructure, or service

● Write Declarative configuration files

● Every file ending in .tf will be considered

● Define desired state through terraform plan

● Plan and predict changes

● Create reproducible infrastructure through terraform apply

● Idempotent – if resource already exists, it won’t recreate it

● Maintains knowledge of resources in a database called State

● State maps config to real world

9
Aviatrix Terraform Provider

● Multi-lingual entity responsible


for API interactions with CSPs

● Exposes resources in those CSPs


for any account/subscription that
has been onboarded

● Feature parity with Controller


code

10
Aviatrix Terraform Resources – Examples

● # Create an Aviatrix AWS Gateway ● # Create an Aviatrix Azure Gateway

resource "aviatrix_gateway" resource "aviatrix_gateway"


"test_gateway_aws" { "test_gateway_azure" {

cloud_type = 1 cloud_type = 8

account_name = "devops-aws" account_name = "devops-azure"

gw_name = "avtx-gw-1" gw_name = "avtx-gw-azure"

vpc_id = "vpc-abcdef" vpc_id = "gateway:test-gw-123"

vpc_reg = "us-west-1" vpc_reg = "West US"

gw_size = "t2.micro" gw_size = "Standard_D2"

subnet = "10.0.0.0/24" subnet = "10.13.0.0/24"

} }

11
Aviatrix Terraform Modules

● “Repeatable++”

● Similar to the concepts of


libraries, packages, or
modules found in most
programming languages,

● Provide many of the


same benefits.

● ~10X reduction in lines of


code

● Can be found on
Terraform Registry

12
Aviatrix Terraform Module – Example

● # Create a VPC and a set of Aviatrix transit gateways.

module "transit_aws_1" {

source = "terraform-aviatrix-modules/aws-transit/aviatrix"

version = "v3.0.0"

cidr = "10.1.0.0/20"

region = "eu-west-1"

account = "AWS"

● ha_gw set to true by default

13
Terraform Best Practices

● Put Developers and Network Engineers in the


same room!

● Store Terraform State remotely in a shared


environment

● E.g. S3 bucket or Blob storage

● Terraform Cloud – state locking

● Strategize making changes on Aviatrix UI as well


as in Terraform

● Ideally in one place

● Implement guard rails with Branch Protection

14
NetOps Example
of Egress Security

www.aviatrix.com
Egress Filtering – Stakeholders

● Software engineers

● Building applications that have egress requirements.

● Network engineers

● Responsible for provisioning and maintaining network infrastructure.

● Security engineers

● Responsible for ensuring that software and networks are secured.

16
Egress Filtering – Workflow

1. Create a Git Repository containing


Egress Filtering Infrastructure As
Code (IaC) with multiple branches

4. Upon approval, merge PRs to Network


the main branch
Engineers

3. Review Pull Requests and 2. Request changes to


approve/reject them Egress Filtering via Pull
Security Software Requests

Engineers Engineers

17
Egress Filtering – Automation

● Leveraging GitHub Actions and Terraform Cloud to automate the simulation of change (terraform plan) and
implementation of change (terraform apply)

terraform plan

Pull Request

Main Branch

terraform apply

18
Lab Time! - https://community.aviatrix.com/category/ace-iac

● ACE IaC Lab 1 - https://github.com/AviatrixSystems/ace-iac-day-zero

● ACE IaC Lab 2 – Builds on same repo as Lab 1

● ACE IaC Lab 3 - https://github.com/AviatrixSystems/ace-iac-day-two

19

You might also like