Infrastructure as code is the ability to provision and manage infrastructure using a configuration language. Infrastructure as code (IAC) brings the repeatability, transparency, and testing of modern software development to the management of infrastructure such as networks, load balancers, virtual machines, Kubernetes clusters, and monitoring. A primary goal of IAC is to reduce error and configuration drift, while allowing engineers to spend time on higher value tasks. IAC defines what the end state of your infrastructure looks like, instead of defining a series of steps to be executed - IAC tools like Terraform can be run multiple times against your infrastructure, producing the same desired result.
Using a cloud user-interface to create a managed Kubernetes cluster is a relatively straightforward process, however using infrastructure as code helps standardize cluster configuration and manage add-ons like network policy, maintenance windows, and Identity and Access Management (IAM) for cluster nodes and workloads.
To compare manual deployment vs. infrastructure as code, you can review this AWS video that demonstrates creating an EC2 instance.
Whereas you can review this Terraform walk-through that provides a basic start to creating an EC2 instance using code.
By making use of infrastructure as code with Kubernetes you’ll benefit in four areas:
Replace a point-and-click infrastructure configuration process with a reproducible and versioned, trackable representation that also documents important nuance of your infrastructure. More institutional knowledge can stay with your company even if employees do not, and IaC can help new employees get to know your infrastructure faster.
IaC and automation reduce human error and create predictable results. You can create new environments to test changes without impact to your production environment. When using code to update infrastructure across multiple environments, focus and attention to detail are less impacted compared to performing repetitive manual tasks.
When training new engineers, infrastructure code and comments can provide insight about the design considerations, and reduce the need to consult subject matter experts for background.
The repeatability of IaC is a considerable contribution to leveraging the elasticity of the cloud. It helps you create consistent infrastructure for testing or expanding to other regions much more rapidly, freeing up time to work on the next set of challenges like routing application traffic between multiple regions. Using code to represent infrastructure minimizes unique “snowflake” configurations in some environments, and configuration drift typically caused by unintentional difference in manual configuration or troubleshooting that was not cleaned up.
IaC also helps audit and track changes to infrastructure. When infrastructure is represented in a versioned repository like Git, commits to your Git repository can reflect who, when, and why changes were made. Your code provides a record of how environments were built and evolved. Other team members can review changes to code, increasing consensus and awareness of changes to infrastructure. You can consult your IaC repository and code before needing to ask your lead engineer “do you recall why we changed our whosit to send the whatsits through Europe?”
A disaster can create panic, reduce mental acuity, and put strain on single points of knowledge and experience. Disaster recovery (DR) is not the time anyone wants to be recalling important nuances configured in years passed, or staring-and-comparing user interfaces to manually create new infrastructure. The reliability of an application is impacted by the ability to pivot and the speed to redeploy. Infrastructure as code can help you know what the recovery process looks like, and to practice that process more often.
At Fairwinds, we are 100% Kubernetes focused and use infrastructure as code to ensure our managed Kubernetes customers achieve all of the benefits outlined above. We use IaC for prerequisite cloud resources like networks, Kubernetes clusters, monitoring and alerting, and tooling that runs on top of Kubernetes to manage DNS records, HTTP routing, and SSL certificates.