Monday, January 13, 2020

Intro to TravisCI With Terraform

Picture-heavy walkthrough of building a TravisCI terraform pipeline. It does everything based on GitHub events.

  • On a new PR created/updated: run a terraform validate and plan, report status back to GitHub.
  • On a PR merge: run a terraform apply, deploy resources.

And it has a kickin' rainbow theme. What else could you ask for? Check it out:

Paywall bypass:

Friday, January 10, 2020

Azure DevOps YML Terraform Pipeline and Pre-Merge Pull Request Validation

tl;dr: Here’s YML code that will build an Azure DevOps pipeline that can be run automatically as part of pull request validation (pre-merge) and requires manual approval by definably admin groups in order to proceed to touch resources.

Microsoft’s Azure DevOps (ADO) is an incredibly powerful CI/CD platform that is being rapidly developed by $MSFT. However, as with any rapidly-evolving product, the documentation sometimes leaves something to be desired. I solved a few problems with the help of the Azure DevOps development team and I thought I’d share my solutions. Hope they help.

Bootstrapping Azure Cloud to Your Terraform CI/CD

Pairing Terraform with a CI/CD like Azure DevOps, Terraform Cloud, or GitHub Actions can be incredibly empowering. Your team can work on code simultaneously, check it into a central repo, and once code is approved it can be pushed out by your CI/CD and turned into resources in the cloud.

Intro to Cisco ASAv in AWS With Terraform

Cisco, the king of data center networking for 3 decades, is becoming increasingly less important in a cloud-first world. Cloud native networking at AWS, Azure, and Google Cloud (GCP) aren’t great — there’s tons of opportunity, but Cisco has yet to fully commit to bringing their products to a cloud-first world, despite their new moniker as a “cloud-first” company.

Intro to AWS CodeCommit, CodePipeline, and CodeBuild with Terraform

Image courtesy of AWS

AWS CodeCommit is one more CI/CD to enter the increasingly crowded competition for CI/CD products. AWS has provided an entire suite of products:

CodeCommit: A managed git repo. We’ll check our terraform code into a repo hosted in Codecommit. Enough said.

CodeBuild: A managed continuous integration service. It runs job definitions, dynamically spins up and down build servers, and can support your own tooling, i.e. terraform! We’ll write a deploy terraform build in CodeBuild.

CodeDeploy: A managed deployment service that helps push code from a repo to AWS services where it can be executed. This is the only CodeX service from AWS we won’t use.

CodePipeline: A managed deployment service that supports complex deployment processes including code testing, automated deployment all the way to production. We’ll write a pipeline to automate a PR merge → terraform deploy.

Scrape AWS Public IP Json + Ansible + Cisco Firewall

Every data center I’ve ever worked at has had some sort of egress internet filtering for security. This makes perfect sense in a world where partners have static IPs, or even when partners can provide the range of IPs they have registered with IANA. But in the cloud world? Not so much.

An Intro to GitHub Actions + Terraform + AWS

GitHub, the ever-present cloud code storage tool, entered the CI/CD market in mid-2019. Their killer feature is that your code is probably already stored in GitHub, so why not have them manage automatic actions natively, rather than relying on other more complex methods like webhooks, or web scraping?