As an Amazon Associate I earn from qualifying purchases from

Cisco Cloud Native Safety – Half 2, Provisioning the Infrastructure

In half 1 of this weblog sequence, we overviewed the totally different instruments  that may be used as you go up the stack from infrastructure to software. On this weblog, we shall be provisioning our Infrastructure as Code (IaC) utilizing Terraform, Ansible, Jenkins and GitHub. First, we are going to arrange our improvement setting with all of the instruments wanted for this deployment. Then we are going to assessment our Terraform configuration information and Ansible playbooks intimately.

As at all times, your improvement setting could differ from what’s getting used on this sequence, however all of the Dev instruments we shall be utilizing can be found on Microsoft, Mac, and Linux working programs. In our case, we shall be utilizing Ubuntu 20.04 to run all our DevOps instruments.

We are going to deploy the newest variations of Terraform, Ansible, AWS CLI, Docker, Jenkins and kubectl on our DevBox. Then we create a GitHub repository for supply code administration and model management of our infrastructure. We shall be utilizing the Cloud Native Safety SPOT-ON Collection repository on this sequence. The very first thing we’re going to do is create a function department referred to as infra. We’re going to use function branches to merge our code into the primary department, which is our manufacturing department. When adjustments are made to the primary department, the construct shall be triggered by Jenkins. For every SPOT-On episode that we create, there shall be a function department related to it. For instance, within the subsequent episode we are going to deploy our purposes, so we are going to create one other function department named apps and merge into primary.

Cloud native security

Video demo for “Organising the Dev Setting”

Within the subsequent part we could have an in depth have a look at the set up. I’ve additionally created a demo video for these of you preferring to look at as an alternative of learn. For many who choose my detailed written directions, you’ll discover them under. Additionally, don’t fear, this isn’t the final episode within the sequence! Subsequent up, we are going to use GitOps and CI/CD to construct and deploy the cloud infrastructure. For now, right here’s my demo video for this Half 2:

Cisco Safe Cloud Native Safety – Half 2.1 – Organising the Dev Setting

Detailed Directions

If you’re studying this, it means you have an interest to be taught the main points of this arrange. Let’s bounce proper in! First, allow us to have a look at Jenkins. We are going to create a multibranch pipeline named Spot On. We are going to use the Cloud Native Safety SPOT ON Collection as our Department Supply and can uncover all branches.

Secure Cloud Native

The Construct Configuration shall be outlined by the Jenkinsfile. The Jenkinsfile is the directions of the pipeline itself. We are going to dive deeper into the Jenkinsfile within the subsequent part.

Secure Cloud Native

After we save the pipeline job, Jenkins will scan the GitHub repository and discover the branches we created. When a construct is run it’ll pull down the code from this repository.

Secure Cloud Native

Now that we’ve got our pipeline built-in with our supply code repository, allow us to have a look at the infrastructure as code. Wanting on the construction of our infra department we see a Jenkinsfile, which is our Pipeline as Code. We additionally see Terraform information,, and These Terraform configuration information are set on the root of the venture, referred to as the Root Module. There’s additionally a modules/infra listing which additionally has a bunch of Terraform information. This module listing accommodates the code that can provision the infrastructure.

Secure Cloud Native

Like we mentioned beforehand, the Jenkinsfile is our Pipeline as Code and supplies all of the directions for constructing our pipeline. Wanting on the Jenkinsfile first we outline the pipeline brokers. On this case we’re simply utilizing the Jenkins grasp, however we might have an outlined agent for every stage if we wish. Subsequent, we set the setting variables. Right here we set the setting title and ID, the AWS entry and secret keys, in addition to the area, availability zones, SSH key and FTD credentials.

Secure Cloud Native

As you’ll be able to see a few of these variables are outlined right here on the Jenkinsfile, however among the variables are referencing the syntax credentials(). Jenkins’ declarative Pipeline makes use of this helper technique which helps secret textual content, username, and password, in addition to secret file credentials. We set these variables in Jenkins on the Handle Jenkins > Handle Credentials web page. This manner we will go these secret variables to Terraform securely.

Secure Cloud Native

The following part of the Jenkinsfile is the place our levels are outlined. For proper now, we solely have one stage which is Construct Setting. Inside every stage we’ve got a number of steps. Step one is simply echoing Constructing Setting on the construct output. The second step shall be a terraform get –replace, which is used to replace any new Terraform suppliers added to the venture. The third step will initialize all of the suppliers configured within the venture. The fourth step will apply the Terraform configuration passing all of the variables wanted to provision the setting.

Secure Cloud Native

Allow us to have a look at the Terraform configuration information. The primary file to dive into is This file is about on the root of the venture, which means it’s within the root module. On this file we outline one other module named Infrastructure which is sourced from ./modules/infra. You possibly can consider a module as a operate in different programming languages. On this case we create a module to deploy our infrastructure and go the mandatory setting variables to this module. Why would we do that? For instance, let’s say we’ve got a number of environments, akin to Dev, Check, QA, and Prod. We would like the deploy every setting with the identical precise assets, however the setting variables akin to IP addresses, subnets, areas, and zones must be totally different. We additionally set our Terraform Suppliers right here in

Secure Cloud Native

There’s additionally a file positioned within the root module. These are the identical variables we’re passing from Jenkins as proven above, we’re simply declaring them in Terraform.

Then we’ve got the modules/infra listing which is the place the infrastructure module config information are positioned. On this listing we see one other and information. This will appear redundant however consider this like how we set world variables and native variables in different programming languages. On this case we’re defining variables within the root module and passing them to the infra module, which might be the identical as declaring variables globally and passing them variables as arguments to the operate.

There are additionally configuration information for the,, and Every certainly one of these information provisions their respective configurations. We might put all these configurations into one file however breaking it up makes it simpler to learn and extra modular. There’s additionally a file named We use this Terraform configuration file to run our Ansible playbooks in a Docker container. These Ansible playbooks are used to configure the Safe Firewall coverage we’ve got deployed on certainly one of our EC2 situations.

Secure Cloud Native    Secure Cloud Native

Keep tuned

Within the subsequent episode of this sequence, we are going to use GitOps and CI/CD to construct and deploy the cloud infrastructure. Hope to see you again once more!

Please let me know if in case you have any questions, both within the “feedback” part under, or by way of the GitHub points.


We’d love to listen to what you assume. Ask a query or go away a remark under.
And keep linked with Cisco DevNet on social!

LinkedIn | Twitter @CiscoDevNet | Fb Developer Video Channel



We will be happy to hear your thoughts

Leave a reply

Enable registration in settings - general
Compare items
  • Total (0)
Shopping cart