What is Bootstrapping?
Bootstrapping an environment refers to creating minimal resources that can be used to build, maintain, and scale the environment. This is typically done by creating credentials and minimal resources that tools like Terraform can use within a CI/CD system to develop networking, storage, and other infrastructure elements. The infrastructure code is committed to source control, reviewed, and then the CI/CD system is used to apply the changes. This allows for a more controlled and efficient process for managing the infrastructure.
It applies to most infrastructure, but we’ll cover the scenario where you just signed up for Azure and GitHub and need to create infrastructure for the rest of the engineering organization.
Why should we consider bootstrapping?
Bootstrapping is an invaluable technique for configuring an environment and makes it possible to take advantage of automation, source control, and CI/CD quickly. With bootstrapping, you can start using these capabilities right away! Here are some benefits:
- It simplifies the setup process. Bootstrapping requires minimal manual input, allowing for an efficient configuration that takes up far less time. Compare that to the amount of upfront planning needed to create initial resources manually and then the cost to rectify a mistake.
- It improves security since every change is reviewed and recorded in source control, providing some governance. Compare that to modifications made without any governance when everyone can do as they please in an environment.
- Ensure a consistent setup across all environments since the same scripts can be used repeatedly. Compare that to haphazard changes to the environment that are inconsistent and difficult to comprehend
- Better cost management since we can delete resources we don’t use and recreate them when needed. Every resource being created is accounted for
- Improves tracking, which helps with both governance and auditing reviews
- Reduces confusion and mistakes, which can result in a stable environment
- Improved documentation since we can treat code as documentation; when resources are created manually, additional effort is needed to write documentation
When to use Bootstrapping
Bootstrapping can be appropriate in a few scenarios.
- Creating new infrastructure from the ground up
- Introducing Infrastructure as Code (IaC) into an existing environment, particularly when paired with a CI/CD platform for orchestration
- Transitioning existing infrastructure to another cloud provider or region
- Migrating infrastructure during mergers, acquisitions, and divestment
- Introducing divergent product lines that share minimal infrastructure
How do you Bootstrap Azure and GitHub?
For our scenario, bootstrapping may involve the following steps:
- Register a privileged application in Azure AD with complete control over Azure AD and Subscriptions
- Deploy a Key Vault to store the credentials of this privileged app
- Create the GitHub Repository that will contain scripts to create infrastructure
- Register an app for GitHub Actions which can only read these credentials from the vault when necessary
- Deploy Azure functions that refresh stored credentials of privileged applications regularly
- Finally, let’s write some scripts that create infrastructure
Depending on the tooling you want to use, say Terraform, you’ll also want to create additional resources, like a storage account, so that it can store state.
Typically, bootstrapping is done by manual means. However, automation of this process can provide some benefits, such as the absence of individual handling of secrets. Additionally, it allows for repeatability, which can be helpful when bootstrapping multiple Azure clouds or when an organization has various product lines that don’t share any infrastructure except identity.
Not all tasks can be automated, as certain vendors do not offer APIs for their systems, and it’s sometimes cost-prohibitive. In those scenarios, one can automate as much as feasible, such as registering an application in Azure AD, storing the credentials in Key Vault, and then completing the configuration manually on the respective systems.
Spending too much time on bootstrapping incurs an opportunity cost. Do the minimum necessary to allow others to access the systems and automate the rest of the configuration through the CI/CD pipeline.
This post discussed bootstrapping, how you can do it, and being realistic. We’ll discuss automation in a later installment.