My cloud tryouts — subjective blog on application and infrastructure development in a public cloud.
Welcome to a blog series on my cloud engineering trial and errors :) The main goal here is to document what I’ve been trying out (and why), to provide some observations on certain solutions, and more importantly, build out a reference library of things I was able to achieve in time. Focus is more on cloud infra and SDLC, and might evolve into more software engineering concepts in time. I’ll try to keep it technical enough so that anyone can grasp a piece of advice while reading thru.
All the work here is documented via GitHub repos. You can find me under @kusznerr
Feel free to provide your feedback either by contacting me directly, or by leaving comments below.
Let me provide some high-level assumptions I’ve made:
- The aim is to build a sample hello-cloud app build in Spring / maven leveraging an end-to-end pipeline to build, test, deploy across multiple environments.
- Not planning on sticking to certain tools and approaches too much, but to begin with, intend to build the following setup
- Local development — enable prod-like local dev environment with CI / CD / Kubernetes running on my Windows 10.
- Separate prod environment — separate from local setup Kubernetes cluster, interaction on it via code (ONLY!!!)
- Everything as code — where possible codify setup and demonstrate by frequent tearing things down
- Tools and platforms — this is a fun part. I’m planning on experimenting as I go. To begin with I’ll go with the following set to stick it all together :
✓ GitHub as VCS
✓ Rancher Desktop for local development
✓ CircleCI for CI pipelines and intend to run locally and of repo branches
✓ ArgoCD for CD and GitOps
✓ Terraform Cloud to manage infra-as-code
✓ GCP as an initial cloud provider to run prod-like environment in GKE
The big picture I’m hoping to achieve is following:
Detailed tech posts to accomplish “the big picture” :
This section is a placeholder for the end-to-end live demo, I’m planning on recording as I complete the full setup. Stay tuned ;)
Observations from the field and some loose thoughts…
- Keep on evolving — when I started the blog, I had a slightly different picture of what the result should be. This is perfectly fine! Even worse, after finishing the setup, now I have so much more in my head to accomplish! I even ended up putting a Trello Kanban board to capture my thoughts as they popped in time.
- Everything as Code — maybe not everything I did was codified, but I’d say most of it. And the beauty of this approach is full control, the ability to repeat failures, tare it all down, etc. without any worry that something will be lost. This mindset is just brilliant!
- Automate / Automate — somewhat related to above. Putting all the things together is exciting, but also prompts you to action if you want to automate everything. The DevOps “chicken & egg” problem of a setup bootstrap automation is very interesting and shows where the real-world challenge is. I did tackle some of it, for instance by including ArgoCD in GKE cluster setup (I could have run simple kubectl, right?) and enabling it for app-of-apps pattern. Some considerations like GCP bootstrap automation ( GCP Foundation Toolkit), Terraform Cloud workspace automation (I think there is K8s operator or Terraform provider for it), and so on…
- The precious CI/CD — while I did provide a skeleton CI and CD pipeline, I have not expanded on it. And similarly like with Automation, there is an entirely new world out there of local testing / UT / BDD / TDD /SAST / DAST / app layer / infra layer(s) / you name it!
- Security — quite purposely I didn’t put too much attention to it :) Security has become a driving factor to modern application and cloud engineering work. It has also evolved into a mastery of its own by leveraging threat-modeling and then applying multi-layers of security to any design. Very much linked to automation and the SDLC process. And it’s really hard to set it up end to end. This is why I’m planning on using the existing skeleton design to start hardening it. How to tackle secrets, SAST/DAST, enable sec patterns in GitHub, bootstrap app for security … It’ll be fun!
