Cisco Cloud Native Safety – Half 2, Provisioning the Infrastructure

0/5 No votes

Report this app



In half 1 of this weblog collection, we overviewed the completely different instruments  that might be used as you go up the stack from infrastructure to utility. On this weblog, we can be provisioning our Infrastructure as Code (IaC) utilizing Terraform, Ansible, Jenkins and GitHub. First, we are going to arrange our improvement atmosphere with all of the instruments wanted for this deployment. Then we are going to overview our Terraform configuration information and Ansible playbooks intimately.

As at all times, your improvement atmosphere might differ from what’s getting used on this collection, however all of the Dev instruments we can be utilizing can be found on Microsoft, Mac, and Linux working methods. In our case, we can be utilizing Ubuntu 20.04 to run all our DevOps instruments.

We are going to deploy the newest variations of Terraform, Ansible, AWS CLI, Docker, Jenkins and kubectl on our DevBox. Then we create a GitHub repository for supply code administration and model management of our infrastructure. We can be utilizing the Cloud Native Safety SPOT-ON Collection repository on this collection. The very first thing we’re going to do is create a function department known as infra. We’re going to use function branches to merge our code into the fundamental department, which is our manufacturing department. When adjustments are made to the fundamental department, the construct can be triggered by Jenkins. For every SPOT-On episode that we create, there can be a function department related to it. For instance, within the subsequent episode we are going to deploy our purposes, so we are going to create one other function department named apps and merge into fundamental.

Cloud native security

Video demo for “Establishing the Dev Atmosphere”

Within the subsequent part we could have an in depth have a look at the set up. I’ve additionally created a demo video for these of you preferring to look at as a substitute of learn. For individuals who desire my detailed written directions, you’ll discover them under. Additionally, don’t fear, this isn’t the final episode within the collection! Subsequent up, we are going to use GitOps and CI/CD to construct and deploy the cloud infrastructure. For now, right here’s my demo video for this Half 2:

Cisco Safe Cloud Native Safety – Half 2.1 – Establishing the Dev Atmosphere

Detailed Directions

In case you are studying this, it means you have an interest to study the small print of this arrange. Let’s soar proper in! First, allow us to have a look at Jenkins. We are going to create a multibranch pipeline named Spot On. We are going to use the Cloud Native Safety SPOT ON Collection as our Department Supply and can uncover all branches.

Secure Cloud Native

The Construct Configuration can be outlined by the Jenkinsfile. The Jenkinsfile is the directions of the pipeline itself. We are going to dive deeper into the Jenkinsfile within the subsequent part.

Secure Cloud Native

Once we save the pipeline job, Jenkins will scan the GitHub repository and discover the branches we created. When a construct is run it would pull down the code from this repository.

Secure Cloud Native

Now that we’ve our pipeline built-in with our supply code repository, allow us to have a look at the infrastructure as code. Wanting on the construction of our infra department we see a Jenkinsfile, which is our Pipeline as Code. We additionally see Terraform information,, and These Terraform configuration information are set on the root of the undertaking, known as the Root Module. There’s additionally a modules/infra listing which additionally has a bunch of Terraform information. This module listing comprises the code that may provision the infrastructure.

Secure Cloud Native

Like we stated beforehand, the Jenkinsfile is our Pipeline as Code and gives all of the directions for constructing our pipeline. Wanting on the Jenkinsfile first we outline the pipeline brokers. On this case we’re simply utilizing the Jenkins grasp, however we might have an outlined agent for every stage if we want. Subsequent, we set the atmosphere variables. Right here we set the atmosphere title and ID, the AWS entry and secret keys, in addition to the area, availability zones, SSH key and FTD credentials.

Secure Cloud Native

As you possibly can see a few of these variables are outlined right here on the Jenkinsfile, however a few of the variables are referencing the syntax credentials(). Jenkins’ declarative Pipeline makes use of this helper methodology which helps secret textual content, username, and password, in addition to secret file credentials. We set these variables in Jenkins on the Handle Jenkins > Handle Credentials web page. This manner we are able to cross these secret variables to Terraform securely.

Secure Cloud Native

The following part of the Jenkinsfile is the place our levels are outlined. For proper now, we solely have one stage which is Construct Atmosphere. Inside every stage we’ve a number of steps. Step one is simply echoing Constructing Atmosphere on the construct output. The second step can be a terraform get –replace, which is used to replace any new Terraform suppliers added to the undertaking. The third step will initialize all of the suppliers configured within the undertaking. The fourth step will apply the Terraform configuration passing all of the variables wanted to provision the atmosphere.

Secure Cloud Native

Allow us to have a look at the Terraform configuration information. The primary file to dive into is This file is ready on the root of the undertaking, that means it’s within the root module. On this file we outline one other module named Infrastructure which is sourced from ./modules/infra. You possibly can consider a module as a perform in different programming languages. On this case we create a module to deploy our infrastructure and cross the required atmosphere variables to this module. Why would we do that? For instance, let’s say we’ve a number of environments, equivalent to Dev, Take a look at, QA, and Prod. We would like the deploy every atmosphere with the identical actual sources, however the atmosphere variables equivalent to IP addresses, subnets, areas, and zones ought to be completely different. We additionally set our Terraform Suppliers right here in

Secure Cloud Native

There’s additionally a file positioned within the root module. These are the identical variables we’re passing from Jenkins as proven above, we’re simply declaring them in Terraform.

Then we’ve the modules/infra listing which is the place the infrastructure module config information are positioned. On this listing we see one other and information. This may occasionally appear redundant however consider this like how we set world variables and native variables in different programming languages. On this case we’re defining variables within the root module and passing them to the infra module, which might be the identical as declaring variables globally and passing them variables as arguments to the perform.

There are additionally configuration information for the,, and Every certainly one of these information provisions their respective configurations. We might put all these configurations into one file however breaking it up makes it simpler to learn and extra modular. There’s additionally a file named We use this Terraform configuration file to run our Ansible playbooks in a Docker container. These Ansible playbooks are used to configure the Safe Firewall coverage we’ve deployed on certainly one of our EC2 situations.

Secure Cloud Native    Secure Cloud Native

Keep tuned

Within the subsequent episode of this collection, we are going to use GitOps and CI/CD to construct and deploy the cloud infrastructure. Hope to see you again once more!

Please let me know in case you have any questions, both within the “feedback” part under, or through the GitHub points.


We’d love to listen to what you assume. Ask a query or depart a remark under.
And keep related with Cisco DevNet on social!

LinkedIn | Twitter @CiscoDevNet | Fb Developer Video Channel




Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.