Cisco Cloud Native Safety – Half 2, Provisioning the Infrastructure



In half 1 of this weblog collection, we overviewed the totally different instruments  that might be used as you go up the stack from infrastructure to software. On this weblog, we might be provisioning our Infrastructure as Code (IaC) utilizing Terraform, Ansible, Jenkins and GitHub. First, we’ll arrange our improvement atmosphere with all of the instruments wanted for this deployment. Then we’ll evaluation our Terraform configuration information and Ansible playbooks intimately.

As at all times, your improvement atmosphere might differ from what’s getting used on this collection, however all of the Dev instruments we might be utilizing can be found on Microsoft, Mac, and Linux working programs. In our case, we might be utilizing Ubuntu 20.04 to run all our DevOps instruments.

We are going to deploy the most recent variations of Terraform, Ansible, AWS CLI, Docker, Jenkins and kubectl on our DevBox. Then we create a GitHub repository for supply code administration and model management of our infrastructure. We might be utilizing the Cloud Native Safety SPOT-ON Sequence repository on this collection. The very first thing we’re going to do is create a characteristic department referred to as infra. We’re going to use characteristic branches to merge our code into the most important department, which is our manufacturing department. When modifications are made to the most important department, the construct might be triggered by Jenkins. For every SPOT-On episode that we create, there might be a characteristic department related to it. For instance, within the subsequent episode we’ll deploy our functions, so we’ll create one other characteristic department named apps and merge into most important.

Cloud native security

Video demo for “Establishing the Dev Surroundings”

Within the subsequent part we can have an in depth take a look at the set up. I’ve additionally created a demo video for these of you preferring to observe as a substitute of learn. For individuals who choose my detailed written directions, you’ll discover them under. Additionally, don’t fear, this isn’t the final episode within the collection! Subsequent up, we’ll use GitOps and CI/CD to construct and deploy the cloud infrastructure. For now, right here’s my demo video for this Half 2:

Cisco Safe Cloud Native Safety – Half 2.1 – Establishing the Dev Surroundings

Detailed Directions

If you’re studying this, it means you have an interest to be taught the main points of this arrange. Let’s bounce proper in! First, allow us to take a look at Jenkins. We are going to create a multibranch pipeline named Spot On. We are going to use the Cloud Native Safety SPOT ON Sequence as our Department Supply and can uncover all branches.

Secure Cloud Native

The Construct Configuration might be outlined by the Jenkinsfile. The Jenkinsfile is the directions of the pipeline itself. We are going to dive deeper into the Jenkinsfile within the subsequent part.

Secure Cloud Native

After we save the pipeline job, Jenkins will scan the GitHub repository and discover the branches we created. When a construct is run it’s going to pull down the code from this repository.

Secure Cloud Native

Now that we’ve our pipeline built-in with our supply code repository, allow us to take a look at the infrastructure as code. Trying on the construction of our infra department we see a Jenkinsfile, which is our Pipeline as Code. We additionally see Terraform information most,, and These Terraform configuration information are set on the root of the undertaking, referred to as the Root Module. There’s additionally a modules/infra listing which additionally has a bunch of Terraform information. This module listing incorporates the code that can provision the infrastructure.

Secure Cloud Native

Like we stated beforehand, the Jenkinsfile is our Pipeline as Code and offers all of the directions for constructing our pipeline. Trying on the Jenkinsfile first we outline the pipeline brokers. On this case we’re simply utilizing the Jenkins grasp, however we may have an outlined agent for every stage if we want. Subsequent, we set the atmosphere variables. Right here we set the atmosphere identify and ID, the AWS entry and secret keys, in addition to the area, availability zones, SSH key and FTD credentials.

Secure Cloud Native

As you possibly can see a few of these variables are outlined right here on the Jenkinsfile, however among the variables are referencing the syntax credentials(). Jenkins’ declarative Pipeline makes use of this helper methodology which helps secret textual content, username, and password, in addition to secret file credentials. We set these variables in Jenkins on the Handle Jenkins > Handle Credentials web page. This manner we will cross these secret variables to Terraform securely.

Secure Cloud Native

The following part of the Jenkinsfile is the place our phases are outlined. For proper now, we solely have one stage which is Construct Surroundings. Inside every stage we’ve a number of steps. Step one is simply echoing Constructing Surroundings on the construct output. The second step might be a terraform get –replace, which is used to replace any new Terraform suppliers added to the undertaking. The third step will initialize all of the suppliers configured within the undertaking. The fourth step will apply the Terraform configuration passing all of the variables wanted to provision the atmosphere.

Secure Cloud Native

Allow us to take a look at the Terraform configuration information. The primary file to dive into is most This file is about on the root of the undertaking, which means it’s within the root module. On this file we outline one other module named Infrastructure which is sourced from ./modules/infra. You may consider a module as a operate in different programming languages. On this case we create a module to deploy our infrastructure and cross the mandatory atmosphere variables to this module. Why would we do that? For instance, let’s say we’ve a number of environments, similar to Dev, Take a look at, QA, and Prod. We wish the deploy every atmosphere with the identical precise sources, however the atmosphere variables similar to IP addresses, subnets, areas, and zones ought to be totally different. We additionally set our Terraform Suppliers right here in most

Secure Cloud Native

There’s additionally a file positioned within the root module. These are the identical variables we’re passing from Jenkins as proven above, we’re simply declaring them in Terraform.

Then we’ve the modules/infra listing which is the place the infrastructure module config information are positioned. On this listing we see one other most and information. This will likely appear redundant however consider this like how we set international variables and native variables in different programming languages. On this case we’re defining variables within the root module and passing them to the infra module, which might be the identical as declaring variables globally and passing them variables as arguments to the operate.

There are additionally configuration information for the,, and Every considered one of these information provisions their respective configurations. We may put all these configurations into one file however breaking it up makes it simpler to learn and extra modular. There’s additionally a file named We use this Terraform configuration file to run our Ansible playbooks in a Docker container. These Ansible playbooks are used to configure the Safe Firewall coverage we’ve deployed on considered one of our EC2 cases.

Secure Cloud Native    Secure Cloud Native

Keep tuned

Within the subsequent episode of this collection, we’ll use GitOps and CI/CD to construct and deploy the cloud infrastructure. Hope to see you again once more!

Please let me know if in case you have any questions, both within the “feedback” part under, or by way of the GitHub points.


We’d love to listen to what you assume. Ask a query or go away a remark under.
And keep related with Cisco DevNet on social!

LinkedIn | Twitter @CiscoDevNet | Fb Developer Video Channel





Please enter your comment!
Please enter your name here