February 8, 2022 By Jared Killoran
Raj Cherchattil
5 min read

Integrating Tekton Pipelines to deploy infrastructure reference architecture Terraform patterns using Infrastructure as Code (IaC).

Clients all around the world working with IBM Cloud need to establish or expand their cloud environments. Their goal is to provide robust connectivity, scalability and security while decreasing the costs of their production and non-production compute resources (e.g., Kubernetes clusters). To succeed with their cloud-based deployments, they also need to incorporate day 2 patterns for monitoring, maintenance and troubleshooting to keeps apps, services and hosts up and running. It is important that our clients can establish such a framework with agility and accuracy across multiple projects.

This article describes an automated approach for enterprises to establish environments for their programs and projects in a rapid, replicable manner using the principles of Infrastructure as Code (IaC). Key benefits of this approach are as follows:

  • Accelerated time-to-value on cloud
  • Standardization of deployment practices on cloud across the enterprise
  • Rapid deployment of environments for projects

What are infrastructure architectural reference patterns?

A reference infrastructure pattern and/or framework is a pre-built architectural pattern with pre-configured controls and guardrails to help achieve security and compliance with prescriptive deployments. Using these patterns will enable you to stand up your environment as securely as possible. If you have not already created Terraform scripts for your environment, the teams at IBM Cloud have created pre-defined Terraform scripts and toolchains for rapid implementations, allowing you to jump right into using IBM Cloud without having to learn and build from scratch.

Typically for a client situation, the architectural design pattern will be a copy of their environment, including their existing data centers, cloud brokerages and other third-party environments, such as databases. It is, therefore, important to map and automate the inter-connectivity across these environments. Creating and implementing these patterns of your network and data security also help provide due consideration to High Availability within a Cloud Region using Availability Zones and Multi-Region configurations, such as Active-Standby or Active-Active architectures.

It is also key to consider the CI/CD environment required to realize quick time-to-deploy for rapid realization of business benefits to our clients. Another key aspect is the day 2 architecture that will establish data collection, analysis, monitoring, predictive analytics and trouble management to radically reduce mean-time-to-repair.

The diagram below illustrates IBM Cloud-based patterns using OpenShift managed services that cover the above-described aspects in a reference pattern:

What are the building blocks of infrastructure automation?

Infrastructure as Code and Terraform

Infrastructure as Code (IaC) allows you to manage your deployment environment from the code level instead of manually through the GUI. This allows for faster, more secure deployments and thereby reduces human error since the desired state is defined within code. Using Terraform, you can provision your infrastructure safely, securely and faster — at enterprise scale.

Terraform allows you to create immutable desired state code workflows to build out your deployments while providing repeatable, reusable, standardized modules and objects that provide greater compliance and easier management. Terraform can be used for most cloud and on-premises deployments. You can check for a list of the “providers” available here.

IBM has created a lot of the individual Terraform modules needed to stand up resources and services. These can be leveraged as needed, or you can use your existing Terraform configuration files to deploy to IBM Cloud.

Sample code for creation of Management VPC:

module "management_vpc" {
  source = "github.com/cloud-native-toolkit/terraform-ibm-vpc?ref=v1.11.3"

  resource_group_id    = module.mgmt_resource_group.id
  resource_group_name  = module.mgmt_resource_group.name
  region               = var.region
  name                 = var.management_vpc_name
  name_prefix          = var.mgmt_name_prefix
  ibmcloud_api_key     = var.ibmcloud_api_key
  provision            = var.management_vpc_provision
  address_prefix_count = var.management_vpc_address_prefix_count
  address_prefixes     = var.management_vpc_address_prefixes == null ? null : jsondecode(var.management_vpc_address_prefixes)
}

Sample code for creation of transit gateway:

module "ibm_transit_gateway" {
   source = "github.com/cloud-native-toolkit/terraform-ibm-transit-gateway?ref=v0.1.0"

   resource_group_name = module.cs_resource_group.name
   connections         = [module.workload_vpc.crn, module.management_vpc.crn]
   region              = var.region
   name                = var.ibm_transit_gateway_name
   name_prefix         = var.name_prefix
   ibmcloud_api_key    = var.ibmcloud_api_key #remove this if version is 0.2.2
   #provision          = var.ibm_transit_gateway_provision #only put this if version is 0.2.2
}

Toolchains and pipelines

From a high level, a toolchain is part of a DevOps approach to create and deploy reliable code and then manage that code through the lifecycle of development or deployment. A toolchain allows you to create multiple pipelines that can be defined as workflows within the toolchain, allowing you to separate specific tasks into different sections while maintaining structure, automation and security. Some common pipeline tasks within a Toolchain could be Plan, Create, Verify, Package, Release/Deploy, Configure and Monitor in the development world.

Toolchains can also be shared within companies to create automation pipelines for Infrastructure as Code (IaC). This allows them to create standards and compliance for all deployments, thereby reducing security risks, deployment times and overall management time needed for your infrastructure when making changes or deploying new workload environments.

Example of a toolchain on IBM Cloud:

IBM-managed Tekton CI/CD pipelines

Tekton is an open-source, vendor-neutral framework for creating continuous integration and delivery (CI/CD) systems. Tekton runs in any Kubernetes environment, but IBM has integrated Tekton pipelines as a managed service within IBM Cloud. From here, you can create Tekton toolchains and pipelines within your own environment that can be triggered manually or automatically through “commits” on the attach repository. This allows you to deliver applications and automations across multiple cloud providers or on-premises and monitor all the environments from a single control plane/dashboard.

IBM Cloud also integrates code risk analysis (CRA) into Tekton pipelines, allowing you more secure and regulatory compliant control checks in real time before the infrastructure is deployed.

Example of pipeline workflow with CRA on IBM Cloud:

Linking it all together to create automated deployments

Now that you understand some of the individual components, we can discuss how to create rapid automation deployments of the infrastructure on IBM Cloud.

Using either IBM reference architecture Terraform pattern samples or your own existing Terraform code, you can copy/fork the code as necessary to your own GitHub. You are then able to modify the specific infrastructure, variables and validation you need for your specific environment. Once completed, you are now able to create a toolchain “link” that connects that GitHub Repository directly into the IBM Managed Tekton service. Doing this allows you to start creating and running automation pipelines for different aspects of the infrastructure.    

From this point, you can securely run the different deployment pipeline workflows, either through manually triggering them in the UI or using GitHub Commit trigger integrations, allowing the environment to be Terraform “planned,” “applied” or “destroyed” through automation — all while being able to see the status of all your deployments from a single dashboard.

Example of resource list from a deployment:

Learn more

In summary, we hope that the approach described in this article helps you understand how to establish repeatable, automated environments on IBM Cloud for your projects with speed and accuracy. As described, the patterns will help you to establish the DevOps capability, run time environment and day 2 operational environment using proven and repeatable framework.

Was this article helpful?
YesNo

More from Cloud

Fortressing the digital frontier: A comprehensive look at IBM Cloud network security services

6 min read - The cloud revolution has fundamentally transformed how businesses operate. Its superior scalability, agility and cost-effectiveness have made it the go-to platform for organizations of all sizes. However, this shift to the cloud has introduced a new landscape of ever-evolving security threats. Data breaches and cyberattacks continue to hit organizations, making robust cloud network security an absolute necessity. IBM®, a titan in the tech industry, recognizes this critical need, provides a comprehensive suite of tools and offers unmatched expertise to fortify…

How well do you know your hypervisor and firmware?

6 min read - IBM Cloud® Virtual Private Cloud (VPC) is designed for secured cloud computing, and several features of our platform planning, development and operations help ensure that design. However, because security in the cloud is typically a shared responsibility between the cloud service provider and the customer, it’s essential for you to fully understand the layers of security that your workloads run on here with us. That’s why here, we detail a few key security components of IBM Cloud VPC that aim…

New IBM study: How business leaders can harness the power of gen AI to drive sustainable IT transformation

3 min read - As organizations strive to balance productivity, innovation and environmental responsibility, the need for sustainable IT practices is even more pressing. A new global study from the IBM Institute for Business Value reveals that emerging technologies, particularly generative AI, can play a pivotal role in advancing sustainable IT initiatives. However, successful transformation of IT systems demands a strategic and enterprise-wide approach to sustainability. The power of generative AI in sustainable IT Generative AI is creating new opportunities to transform IT operations…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters