Infrastructure as Code at UFST

Mar 5, 2023·
· 3 min read
Image credit:
Abstract
Adopting Infrastructure as Code (IaC) offers automation, consistency, and scalability in IT management but also introduces challenges such as version control, security compliance, and integration with existing workflows. Key issues include preventing configuration drift, adhering to evolving security standards, and managing the learning curve of new tools. Effective planning, continuous monitoring, and cross-functional collaboration are essential to fully realize IaC’s benefits while mitigating its risks.
Type
Publication
How the danish taxes got a brand new shiny cloud infrastructure (as code).

At Udviklings- og Forenklingsstyrelsen, Sébastien Requiem was brought in to address key challenges in a delayed real estate valuation program. His role focused on architecting and implementing a modern, cloud-based infrastructure to replace an outdated and failed refactoring attempt. Working closely with multiple stakeholders, Sébastien executed a comprehensive migration plan and drove significant infrastructure improvements.

Key Tasks and Initiatives:

  1. Infrastructure Migration:

    • Planned, defined, and implemented a seamless migration from an outdated on-premise setup to a cloud-based infrastructure.
    • Ensured smooth cooperation between diverse stakeholders throughout the migration process.

  2. Cross-Team Collaboration:

    • Architected strategies to enable efficient collaboration between multiple teams.
    • Developed a robust system for inter-team communication using AWS services like SQS, S3, and Lambda.

  3. Kubernetes CI/CD Pipeline:

    • Architected and implemented a state-of-the-art Kubernetes installation for internal developer tools.
    • Established a complete CI/CD pipeline, including K8s audit, monitoring, and logging for various stakeholders.

  4. Database Refactoring:

    • Refactored SQL databases to AWS RDS Postgres for enhanced performance and reliability.

  5. Best Practices Implementation:

    • Provided best practices for infrastructure and code management to a team of 15+ members.
    • Ensured adherence to standards for git usage, pull requests, patches, and versioning.

  6. Team Training:

    • Conducted extensive training sessions for technical teams, fostering a culture of continuous learning and improvement.

Key Achievements:

  1. Redesigned Infrastructure as Code:

    • Completely redesigned the approach to infrastructure as code, ensuring a more streamlined and efficient setup.

  2. On-Time Migration:

    • Executed an on-time migration from the old infrastructure code base to the new cloud-based solution.
    • Managed dependencies and inter-team communication with automated security rules and templates.

  3. Key Component Migrations:

    • Successfully migrated critical components, including EC2 instances, Lambda functions, network configurations, and VPC peering with cross-account policies.

  4. Comprehensive CI/CD Solution:

    • Implemented a comprehensive CI/CD solution based on Kubernetes and Jenkins, featuring scalable worker pods, internal/external load balancer management, automatic SSL generation/renewal, and cluster monitoring using Prometheus, Grafana, and Loki.
    • Ensured high availability with three K8s masters in multiple availability zones and up to 15 workers.

  5. Event-Based Antivirus Solution:

    • Designed, planned, and implemented an innovative event-based antivirus solution using AWS S3, Docker, and AWS SQS.

  6. Enhanced Collaboration and Security:

    • Architected a secure and efficient system for component intercommunication via a combination of AWS SQS queues, S3 buckets, and IAM permissions.

Technologies and Tools Used:

  • Cloud Providers: AWS (Amazon Web Services)
  • Orchestration and Containerization: Kubernetes, Docker
  • CI/CD Tools: Jenkins in K8s, scalable Jenkins workers pods
  • Infrastructure as Code: Terraform, Terraform Cloud
  • Monitoring and Logging: Prometheus, Grafana, Loki
  • Database Solutions: AWS RDS (Postgres)
  • Communication Services: AWS SQS, AWS Lambda, AWS S3
  • Load Balancing: AWS ELB (Elastic Load Balancer)
  • Other Tools: Git, AWS IAM (Identity and Access Management), Ansible

Skills:

  • Infrastructure Migration
  • Cross-Team Collaboration
  • Kubernetes and CI/CD Pipeline Implementation
  • Database Refactoring and Management
  • Best Practices in Infrastructure and Code Management
  • Team Training and Development
  • Advanced Cloud Computing Techniques (AWS)

Through these efforts, Sébastien Requiem demonstrated his exceptional ability to lead complex infrastructure migrations, optimize cloud-based systems, and foster team collaboration, all while maintaining rigorous standards for security and performance. His work at UFST stands as a testament to his technical expertise and leadership skills in the DevOps field.

Devops Terraform AWS Networking
Authors
DevOps freelance