Best Practices for Infrastructure as Code


A talk from the Pulumi 1.0 launch event, presented by Christian Theilemann, Senior Software Engineer at Solvvy.

Show video transcript
All right, everybody. So thank you. Um So I’m actually my name is Christian Timan. I’m a senior software engineer at so, and uh it was just like a big person startup. And as Eric was already saying, we are one of the relatively early customers of uh we started using it in August last year and we use it for almost everything on our infrastructure in the production since about January. And I just want to talk a little bit how we use it, why we use it and what are some of the best practices we had at the time? So about me, yeah, super soft engineer. I focus mostly on infrastructure platform. I make most of our tool decisions, uh provisional infrastructure and make the rest of our engineers a bit more efficient. But by background, I’m actually like a full engineer. I work a lot on web apps and stuff like that and I just happened to work a lot in the infrastructure last year. So um yeah, quickly about so obviously, so we have 50 groups to start up. We do a bunch of fish, our customer service, uh Some of our customers are picked up a link. Uh So when you got a website link and you ask a question here, uh it’s actually going to U I and our back end which is a bunch of personality and a bunch of websites to be, to know what his mother was for me. I mean, not answering some of these questions, our stack is primarily on GCP. Um And then the back end we use for the most part P and um and not for the infrastructure but also the application. So that’s, it’s kind of important we don’t like just um but we also deploy into a foster. You’re interesting about our stack in detail. You can actually um how do we, how and why do we use our money uh over anything else? Uh So in 2018, we started project to modernize our infrastructure because we had a lot of cost stability and velocity of deployment. And this was not just because we were, there was a lot of things wrong and we fought as right as two, which uh for the most part managed to be hands full and lots of custom bash, a bit of Jenkins and some steps which were documented or not in some way is great. Um A key decision at that time was it was beginning in 2008, so was fairly popular at the time. Uh So we wanted to do something which look very promising and that was, and to run. Uh We decided to use G PE on GCP because it’s, it takes away a lot of the man and the itself. Um And we started um yeah, setting up a bunch of GCP projects classes just using terraform and it looks kind of working fine for the basic things. However, where the things were a little bit more ambiguous applications into your classroom and we started using or using, we looked at when the audience actually has this out before and who of you actually likes it. So that’s kind of the feeling we have introduced a lot more complexity than problems it solves. In my opinion, we looked at which is conceptually great, but it is kind of awkward language. We would obviously Reflux even tried a terra and they, I think it’s not that great minutes and that we used to actually put one for which is like similar to scaffold containers, a bunch of and the poison, but it’s super opinionated and it can be really extended for more use cases. So in August, I found the little me, I tried it out and I was from the get go be impressed waiting on how good it was worth for a product. It literally just came out of private i two months ago. And it was honestly at that time, already looking better than a lot of the tools which she had been out there for 45 years and gave a lot of confidence in the company that this is like a good platform and completely, I think some of the, the the two key advantages that I personally seen for me is over what these tools is that it has removed the massive class from point. And one reason for that is like you look at the team, they have a bunch of folks which have been working for, for a couple of years, they have a lot worked a lot in language technology. And what they do is actually they auto generate a large part of the SDK uh by introspecting the open API spec from the and that’s when 1.60 comes out inducing, it’s very likely that it’s soon, very soon in bolo but not in a lot of the other. So uh I mean, just to give you like an example of, I actually put some links for something from also has, however, when the audience just change, you can see all the added now support it for a service. And somewhere down here they added support for employment and things like that in 2008 telephone provider did support deployment, which is so essential to anything to do with. So it was not prepped when they use it, they added it in the meantime. But you know, there’s always a large delay compared to uh because all riches every day, like hand code support for each resources. Um So, and, and the next, the other benefit is basically, yeah, the other big benefit. I just, I just touch it. Uh you can also spice it but we used to touch the of it and you know, it’s so easy, right? We have to know and use it already before. It’s not like we need to learn this, this like I’m a my, my background actually software engineer and I’m used to like building like nature high energy and when I started doing all this infrastructure stuff, I was like, why does everybody their own is is great and just leverage all the existing ecosystem. So they use for package management for support, you know, jobs well supported by any you get instead of and you also get to use a lot of libraries and a lot of those real libraries, they are not really written for usage, but sometimes it can get really handy. So if you just get to convert, for example, a toile in a file, you can actually be super easy job and then before it is file. Um and sometimes you have to use cases where you have an application where you need to your tunnel file runner. And yeah, most importantly, you can basically use the same tool and language both for the core infrastructure and the deployment of the applications. Um And in our case, even the application code itself. So basically using one language for often times three different things. Um So with that in mind, uh just wanted to talk a little bit about some of the practices that we established in our company over over the last couple of months on how you structure your uh projects and the positives. So typically speaking, what you have is a core infrastructure and clusters and some stuff like the database, basically kind of resources which are shared by a lot of your services and a lot of and I can actually show you how it looks. So this is actually this infrastructure and we have a bunch of subdirectories here. And for example, we have like a so death project here which underneath contains like a project which is actually a Pulumi project which creates the you see stuff and some iron rolls and things like that. And I remember how the project we had this API class of app, it actually set up a class and install a bunch of like common services. One such thing is, for example cloud, which actually you it’s just like a small uh which deploys a few external extension into the customer and you know, it looks very yum I but it’s, it’s, it’s kind of type skip, right? Um And uh I use actually this thing, this call manager class and all of our fosters and I just through and say, well, this has the main filter and that out. Um And this is actually manages our DNS for applications that we have to put into that. Um The next thing and I wanted to mention what issue the next thing is you should be aware of this feature called step reference in polo. So what you can actually do if you have multiple projects or stacks, which should somehow have some dependency in the group, you can actually pass using step reference information from one to another. And commonly, you have this, for example, in our case, we have like one project called serving based environment which sets off our database. And what I’m here exporting is actually like the IP address of the database and some connection strings for certain schema in the database. And then in our application report, I can just import that connection string in my application. And so that way I don’t have to when I somehow something changed, maybe I change the IP of the database server in the future. I don’t have to create another commit on top and gather A I just read it. I thought that that brings a new value from that and I don’t have to copy it around. And uh the next thing I want to talk about like um general speaking, you should create like your own video library for your internal usage. Uh which basically that’s a few certain best practice and and a few things that you often use. So in our case, we use so we a lot of the library stuff is around that. In fact, I actually just uh upload it kind of cleaned up. Let me just show you here. So basically we have this library, it’s actually really just an NBM package that we have. And this three years library, for example, has something called No App and it has the app. Let’s look at, let’s look at this one. So the app one actually is just a uh component resource uh which pulls together a bunch of things. For example, is a do, it builds a darker image, it uh creates a container, uh puts that container somewhere down here to deployment. It also creates like public documents if you are like specify arguments. Um and also creates service uh depending on if you have set, for example, the exposed to and like this kind of because this pattern happens very often we work with that, you need to build, create deployment and creating service on top. We have just forwarded that into this box and inside our, you know, applications, we just import this class and for the sake of time we got to skip but we have some GKE utilities uh which are actually pretty handy. Um But I’ve actually published the whole library on. So anyway, but in general, I will say don’t over engineer this library, don’t like to like, don’t wrap everything of into some giant class or something like that. Just we just always like once every once or two weeks, we add a new property to this library which have been used in our case of and doing that for other people. Um And last, but not least you have application of policy and those are basically your repositories where, you know, where is your or not or your I code happens to be deployed, you have as well. And you know, we actually use this to write so I can actually show you that real quick. Um And I, so for example, here, I’m actually a very small demo that if somebody could pull the microphone. So I’ve actually prepared that just not that application and I haven’t read any of that information for that yet, but I’m just gonna create the code to the lightest yet we are using at the moment. So the first thing I actually just create the younger, basically finds the time and the name of it. Um And now I’m actually creating a subdirectory here. So that’s kind of the convention with a free subdirectory in prime, which I’m I can see. Um And now I’m actually installing for me library. We publish this just on M PM. We won’t be able to access it. It’s a private MBM instance. But uh as I said, I publish and now I’m in for sub director, I’ve just create a small index where we say it. So you throw it out. It has a lot of for the default page. The only thing you need to actually is the context which is kind of the working directory from which we will build a image and last but last but on this, we also need a coffee image and I did go here and just create a dark image. But honestly the to me, so some of that a lot about this is that we put a bunch of files into that M PM package itself and I can actually just reference it by saying, you know, no, no. And then reporting that the, and this is that predefined and last, but not least, the only thing I need to do is to which to, I wanted to play a team. Which question one? Yeah, for OK. That is basically everything I need to do I think. Crazy. Um II, I have to write it in the wrong place. So yeah, so last thing I did is that basically now I would, the only thing I need to do is like I need to run and now it’s actually one of the players get the play into her bus. It adds a bunch of very useful this condition and you can see the source graph here. So, so, so that’s basically what a down I guess. Um that’s one of these, you should really think about some naming conventions for your projects and stacks. So we, for example, always name our stacks, the dash environment name stash staging dash product. And you’ll use this convention, we introspect it in a lot of cases, the context of which stack we are in and depending on that we deal with some else branch. So um yeah, that’s one of these I think when you work with and also still with, you still have oftentimes have to deal with. And it’s actually very useful to know that you can convert the very quickly into uh Columbian contribution just by converting it to a javascript jason which he applied to the telescope file, you know, from that. So for example, if I wanna use, I don’t know, like let’s say this example here just pupping some random stuff from the internet. No, which you may, you probably often find examples in for, for uh for the and in order now to just use this in my sorry. So basically. No. Yeah. So I just use this kind of one liner which is a bit of Python uh to convert it into a javascript. Like I basically Jason and I can, I can save you, you uh K as for the five and basically, OK. And you know, basically this is not already. Um So that’s what I do actually, right? Last but not least, I think the last test, I had a good C I CD system. I’ve tried out about, I don’t know, 20 C I CD systems over the last 4.5 years. They all suck in one way or another, to be honest. Um And um the better ones like the some important feature is for me um to have that many pro so because we deploy everything, we have jobs sometimes when you want a production, you wanna have the man, like you wanna have the manual step, uh you get a manual, right? Um And last, but not least something called feature called environment tracking where the C I CD system has, you actually track which jobs have to, actually to do a production or a staging environment and then being able to roll them and some of the better C IC system since I’ve used the conjunction or give up C I as your works and certain C I now it’s actually the third C I, which is kind of an exotic one, but it actually works pretty great for us. Check it out if you have some curiosity and be satisfied with your system. And I think that is basically the essence of what I wanted to deliver today. I say it is the repository uh where it contains uh basically there’s library which I’ve shown before. Uh There’s a bunch of good goodies there that you can use your own company members. All right, thanks.

Learn more

Discover the getting started guides and learn about Pulumi concepts.

Explore the docs →

Pulumi AI

Generate Pulumi infrastructure-as-code programs in any language.

Try Pulumi AI →