This is a 5 articles series on how to design and implement more scalable, agile-aligned, and futuristic “Devsecops”.
This is the 2nd article in the series.
Platform should be represented as a configuration, which dictates the configuration of the platform deployed. Platform configuration should give enough knobs to dictate the component configurations and deployment method.
Manifest files – Defines full platform in a single configuration.
*Deployment Flavours *
*Deployment Methods *
Disrupting - This is suitable for non-production deployment, where requirement is to deploy as fast and least costly as possible.
Non-disrupting or Make-before-break - This is suitable for production deployment, where there is a requirement to have no disruption or minimal disruption.
Component Versioning
This allows versioning of platform components that can be then independently tested and rolled into different deployments.
Global Deployment of Platforms
Global deployment, management and monitoring is sometime crucial for infrastructure devsecops. There are certain requirements that needs to be fulfilled for achieving that.
Centralized Management – Infrastructure devsecops should be able to manage all the platform from a single place. In this case manifest file is the source of truth and repo is that single place. Beside this platform component feature release and deployment will also be taken care by component versioning.
Centralized Monitoring – Each of your deployment should have monitoring components deployed that will feed into a central monitoring unit managed by SRE engineers 24x7. Automatically devsecops should deploy telemetry components and integrated this with centralized monitoring and alert.
Centralized Secret Management – All the platform secrets and states should also be centrally managed and controlled. Secret refreshments and updates are very much integral part of deployment.
Deployment Governance – Necessary deployment approval and review process should be integral part inbuilt into devsecops.
Top comments (0)