Apr
05
2022

Everything as Code

everything-as-code-img

Everything as Code is the practice of treating all parts of the system as code. This literally means storing configuration, design, and other aspects of your applications/systems along with Source Code in a repository such as git. Let’s understand it one by one.

Infrastructure as Code – IaC

In this, infrastructure specification and creation commands written as code in a domain specific code. For example, if I’m targeting to create infrastructure on Google cloud, my IaC targeted to the Google cloud infrastructure creation. The code is then stored into the code repository for tracking different versions and environments via branches and versioning (tagging) mechanism. This code is then applied to the domain via APIs or other mechanisms to create/update/delete infrastructure.

It includes:

  • Infrastructure provisioning: declaratively create or modify resources
  • Infrastructure configuration: change state of the existing resources after provisioning

Declarative vs Imperative

Declarative means define the desired state of the infrastructure and configuration we want in the form of code, and the IaC tools will figure out how to create it on the targeted domain. For example, Terraform, Pulumi, etc. Advantages of declarative infrastructure are, it’s repeatable, trackable, versionable, etc.

Imperative means the old way, directly run commands or create infrastructure step by step manually using the UI. Here it’s difficult to reproduce the same infrastructure if it’s complex. Also, in case of ad-hoc update in the infrastructure, we lose track of complete picture of the infrastructure.

Configuration Management as Code – CMaC

When we are deploying complex application(s), it requires complicated configuration steps to be executed in the environment for the application(s) to run without any issue. These steps increased in the amount and complexity over the time and size of the application scale. Configuration Management as Code defines these complex steps to execute on the remote/local environments. Major configuration management tools are Chef, Ansible, Puppet, etc.

Pipeline as Code – PaC

It is the practice of defining CI/CD pipelines as code. These pipelines will define steps for CI/CD in a declarative way just like IaC. So ultimately, we will get the same benefit we are getting using the IaC. Jenkins is a great example of a CI/CD tool which supports pipeline as code.

Environment as Code – EnvaC

When we are setting up a development environment, there are lots of things involved. It involves lots of local dependencies (terraform can’t save us from that), also there are lots of debugging settings developers need to do as part of the development which is bespoke to each developer.

Need arises of Environment as Code. Companies started offering products like itiopia Spaces and here is a free test drive.

Policy/Compliance as Code – PaC

There are lots policies we embed in various stages of production deployment. Obviously, you can use RBAC and Pod security policy for your clusters, but what about infrastructure creation or the time when you are not using Kubernetes.

Efforts started back in 2016 to have a unifying policy tool, which supports most of the platform. Open Policy Agent is one such tool you can use to have a Policy as code. The Hashicorp also developed Sentinel framework to support PaC.

Encryption as Code – EaC

Encryption is essential practice for the production workloads nowadays. It’s a must step, so encryption as code is also embedded with the application code. Like TLS, or DB encryption, or encryption for data in transit is all part of Encryption as code.

There are many products which allow you to embed encryption in your code, like Ubiq or Protegrity.

Security as Code – SaC

It is the next evolution of DevOps. Using security as a code, you can minimize vulnerabilities and attacks. Quality gates, automated vulnerabilities scans in the DevOps pipeline, automated security checks using policy are some example implementations of Security as Code. It makes DevOps, a DevSecOps practices.

Observability/Monitoring as Code – OaC

Observability as Code, is to create observability/monitoring dashboards using code, alerts as code, etc. So along with the application deployment in production, these metrics and alerts were created using code. You can use various tools and templates to achieve it, like IaC tools (terraform, etc.) or CaC tools (Ansible, etc.).

Network as Code – NaC

It is a practice of writing code to perform network tasks such as network creation, firewall configuration, etc. So that all the benefits of IaC can also be gained by NaC.

Data as Code – DaC – DataOps

It is the practice to give data teams the ability to process, manage, consume and share data the same way developers code during software development. It’s a “shift left” for data. Sometime it’s also called DataOps. When an application needs to be deployed, we deployed it using CD pipeline, we build it using CI pipeline. When we need to share our code, we use repositories access to share it. What about data?

When do we need test data or data for analytics? The process is largely manual. We ask data people to provide us with data. Data lies withing various data stores in silos. We need data for testing, analytics, reporting, modeling, ML model training, etc. So, we create data pipelines, to place data in proper stores whenever required. Also, we do generate data, process data, merge data, split data, transform data, etc. Everything is achieved by Data as Code related to data.

Documentation as Code

It means to treat docs just like developers treat code. Embed documentation in code, so that using many tools out there you can generate documentation along with the code deployment. Like you can generate user guides, basic documentation of your application code, and flow, etc.