We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
Roc Alayo Arnabat & Sergi Rosell Ferrer - GitOps in Modern Security-Compliant Environments
Discover how a company achieved high security standards by implementing GitOps in a monorepo environment, using Terraform for IaC and GitHub pipelines, with automated testing, validation, and deployment of changes, and UTF-8 complaint.
- The presentation discuss GitOps in modern security-compliant environment, specifically in a company that required high security standards.
- The company opted for a monorepo approach using Terraform for infrastructure as code (IaC) and follows a similar pattern for application code with GitHub pipelines.
- The company created a centralized NAT gateway to manage internal traffic and uses IAM roles instead of static credentials.
- The security practices include tagging, naming conventions, access control, and versioning of infrastructure files.
- The company uses a pipeline-centric approach with automated testing, validation and deploying of changes to the infrastructure.
- Every change is tracked and logged, with Argo CD deploying changes detected by the pipeline.
- The platform is divided into three concepts: capsule (high-level abstraction), module (middle-level abstraction), and runtime (low-level abstract).
- The company uses Helm charts values versioning, but not for infrastructure yet.
- The security team is aligned and involved in the configuration process.
- Automatic testing is used to ensure deployment of changes without breaking dependencies.
- The company uses TerraForm test new functionality for testing TerraForm configurations.
- The presentation also discusses issues with versioning, especially related to Helm charts.
- The pipelines are run in GitHub, and the CI/CD flow is unified for the infrastructure across the company.
- The company is working with security to automate the process and include more checks and balances.
- Users can be testers in the company platform and participate in the UX experience.
- The company is using Istio for GRPC balancing in the Kubernetes cluster.