Talk on the GitLab Commit 2020: Join us to learn how we helped one of the largest financial services institutions in the world shape their cloud strategy using GitLab and Terraform. Starting on a cloud journey brings so many questions around resource provisioning & management, security, compliance, how to enable the team with easy access to definitions, and keep everyone updated. As we know, the most reliable source of truth is the code, so the use of infrastructure as code paired with an inner-source process is a solid foundation.
2. 2#GitLabCommit
~:whoami_
Rodrigo S. Domingues Diego A. Camizotti
I am a Principal Architect for CI&T,
currently living in the Bay Area. I have more
than 15 years experience with software
development and design. Focusing on
Cloud and DevOps for the past 4 years.
What I like to do: Coding, Camping, Off Roading and guitars
:)
Favorite Language: Java forever! :)
Want to get in touch:
● rodrigosd@ciandt.com
● https://www.linkedin.com/in/rsdomingues/
I am a Master Engineer for CI&T, also living
in the Bay Area for the past year. I started
working with software development in
2007, and have been doing a lot of Cloud
and DevOps work in the past couple years.
What I like to do: Coding, playing video games, playing
guitars and riding my motorcycle
Favorite Language: Whichever gets the work done easier!
Want to get in touch:
● dcamizotti@ciandt.com
● https://www.linkedin.com/in/diegoantequera/
3. 3#GitLabCommit
Who is CI&T
2,800 +
strategists,
designers and
developers
75 NPS
Industry leading
client NPS
15+ Fortune
500 Brands
$200M in Annual
Revenue with 30%
Growth YOY
Global Presence
Offices in US, Canada,
Europe, LATAM & Asia
Top Technology
Partnerships
by the numbers
Certified
“Great Place to
Work”
14 consecutive years
via GPTW Institute
https://us.ciandt.com
5. 5#GitLabCommit#GitLabCommit
● Imagine a world wide Financial
Institution
What was the mission?
Worldwide presence
with more than 16k
employees
Fortune 500 company
on the financial
services business
7. 7#GitLabCommit#GitLabCommit
● Imagine a world wide Financial
Institution
● That needed to add a new cloud
provider
● And create a new way of
working with the cloud
What was the mission?
10. 10#GitLabCommit#GitLabCommit
● Security, Security, Security!
The challenge
Compliance,
Compliance,
Compliance!
1
Any resource
Have the ability to use any
resource to leverage cloud,
but with the ability to
enforce corporate patterns
2
Standard structure
Have the environments and
structure as standardized as
possible, allow customization.
11. 11#GitLabCommit#GitLabCommit
Only document what is
necessary
Reduce the time invested to evolve the
documentation for the infrastructure and
security pieces.
● Security, Security, Security!
● Compliance, Compliance,
Compliance!
The challenge
Have one
source of
truth
1
Have no special
access requirement
No need to manage multiple
access levels to different tools.
2
12. 12#GitLabCommit#GitLabCommit
The challenge
● Security, Security, Security!
● Compliance, Compliance,
Compliance!
● Have one source of truth
Make it easy
for teams to
adopt and
contribute
1
Easy to start
Make it so that a new team
can start using the new
model without previous
knowledge of the Google
Cloud or IaC.
2
Allow Contributions
Define a safe way to allow expert
team members suggest
modifications to the
infrastructure.
13. 13#GitLabCommit#GitLabCommit
● Security, Security, Security!
● Compliance, Compliance,
Compliance!
● Have one source of truth
● Make it easy for other teams to
adopt and contribute
The challenge Allow for small
incremental
changes and
corporation level
changes.
14. 14#GitLabCommit#GitLabCommit
● Security, Security, Security!
● Compliance, Compliance,
Compliance!
● Have one source of truth
● Make it easy for other teams to
adopt and contribute
● Allow for small incremental
changes and corporation level
changes.
The challenge
Allow for cost
management
18. 18#GitLabCommit 18
Code as Source
of Truth
(less documents to write,
phew!)
First Piece
Multi cloud Easy to start and
rollout
(once everything is set up)
✓ ✓ ✓
23. 23#GitLabCommit#GitLabCommit
● modules!
● enabling reuse and less
coding
● central "choke points"
● safer and reliable
information distribution
Terraform Structure
module/dns/main.tf
foundation/network/dev/outputs.tf
25. 25#GitLabCommit 25
SCM Strategy - Monorepo
Endless stream of new Projects
One single GitLab Repository
1
Modules Everything
Every new “project” depended on
modules
2
Easier to find things and
contribute
26. 26#GitLabCommit 26
GitLab-CI!
git add . &&
git commit -am "c" &&
git push --force*
triggers GitLab-CI
triggers Google Cloud
Build
[insert other Cloud here]
* We recommend only using --force if you are a Jedi Master
27. 27#GitLabCommit 27
GitLab-CI Lifecycle
Adds code & opens
Merge Request
Detects which workdir
is being changed,
what pipeline should
run and triggers GCP
Runs “Validate” job
Checks the job result
and Approves the MR
Detects which workdir
is being changed,
what pipeline should
run and triggers GCP
Runs “Apply” job
Pipeline 1
36. 36#GitLabCommit
Be aware of the origin of the terraform module
By default, terraform uses GitHub to lookup for modules added as
dependencies. We experienced a lot of issues during this specific
project. If needed, change it to your own infrastructure and use
it as the repository
Regarding the technology
Fix all versions on your terraform (and
modules)
Terraform is an amazing tool, and can solve a lot of issues. But in
our experience some repositories introduce a lot of changes on
new versions even bug fixing versions. Be aware!
37. 37#GitLabCommit
About the Code and CI/CD
If you want to do IaC, CI/CD is not a wish
On IaC, there is no development environment, all environments
are production, any change to the code can break an entire
environment, and not all changes can be rolled back. A good
CI/CD environment will help you prevent a lot of issues.
Terraform is not Java… :(
Infrastructure CI/CD is very different from the application
development. Validation and testing can take longer due to the
need of creating the environment. Sequencing can be trick, the
correct code structure will help a lot.