Implement fully-automated deployments

A fully automated system is a holistic approach to managing the IaC lifecycle. A fully automated infrastructure deployment system will be composed of Git-driven infrastructure changes, implemented through a CI/CD system, with automated tests and monitoring.

Fully automated systems build on the best practices of semi-automated systems (VSC, automation tools, audit). The following are additional best practices when you implement fully automated infrastructure.

Run Git-driven deployments through CI/CD

When you manage your IaC through Git-driven development, you combine your IaC management with interactions to your Git VCS and CI/CD. When you want to modify your infrastructure, such as standing up or tearing down a server, you must commit a change to your VCS, which will kick off a CI/CD job to change your infrastructure. This process ensures that every infrastructure modification goes through proper testing, security scanning, and validation before reaching production.

Using Git-driven development, you gain the following benefits:

• Ties code to infrastructure which gives you documentation as code.
• Audit trail of changes. The commit history provides a complete audit trail, showing who made what changes and when.
• Allows you to scale infrastructure efficiently.
• Automated infrastructure tests.

With HCP Terraform, you can use the built-in VCS workflow to automatically trigger runs based on changes to your VCS repositories. The CLI-driven workflow allows you to quickly iterate on your configuration and work locally, while the VCS-driven workflow enables collaboration within teams by establishing your shared repositories as the source of truth for infrastructure configuration.

You can manage your image creation with Git and CI/CD, similar to how you manage your other infrastructure. Once you commit a change to your Packer file, your CI/CD should trigger a Packer build. Upon completion, your CI/CD system should tag and upload your image to an image repository. You can use HCP Packer to store metadata about the images you build, including when you create the artifact, the associated platform, and which Git commit is associated with your build. HCP Packer allows your downstream processes, like Terraform, to consume these images efficiently.

You can learn more about using Git and GitOps with Learn how to implement a GitOps workflow.

Deploy self-service infrastructure

Application developers can utilize IaC and temporary infrastructure without writing IaC. You increase application development velocity by creating a process for developers to quickly and reliably build the infrastructure they need to run their application code.

HCP Waypoint is an internal developer platform (IDP) that allows platform teams to define golden patterns and workflows that enable a self-service experience for developers. Developers understand the requirements of their application, such as dependencies like MySQL and Redis, but they should not have to create and maintain the infrastructure on which their application runs.

Platform teams define golden workflows for actions such as building an application, deploying to production, performing a rollback, and other workflows. Developers can execute these workflows with a simple UX while being abstracted from the details. HCP Waypoint integrates with your existing CI/CD systems while providing a consistent abstraction layer.

Once developers deploy the templates to create infrastructure, they must maintain their application. HCP Waypoints actions allow developers to perform day 2 operations to maintain their application, such as rotating secrets, rebuilding a database index, or flushing an application's cache.

Use infrastructure monitoring and testing

Infrastructure monitoring and testing are important to help prevent outages, security breaches, and performance issues before they impact your business. By continuously monitoring your infrastructure, you gain real-time visibility into system health, resource utilization, and performance metrics, allowing you to detect and address issues proactively rather than reactively.

Testing complements monitoring by validating that your infrastructure works as intended before promoting it to production. Through comprehensive testing, including load testing, security scanning, and disaster recovery drills, you can verify that your infrastructure is not just running, but running correctly and securely.

You can use Terraform and Packer to install and deploy monitoring agents into your application images. By automating the installation of the monitoring agents and deploying the application image, you can ensure you will have visibility over the infrastructure your application runs on.

You can also use Terraform to configure cloud-native tools to monitor your cloud infrastructure stacks. You can create dashboards and alarms and automate responses to alerts.

Blue-green and canary deployments

Blue/green, canary, and rolling deployments all improve application reliability and reduce risk. While they share similar goals, each approach offers unique advantages that make it more suitable for certain types of applications or organizational needs. By choosing the most appropriate deployment method, companies can ensure smoother updates and reduce the likelihood of service disruptions.

• Blue/green deployments maintain two identical production environments concurrently. This method allows you to shift traffic from the current version (blue) to the upgraded version (green).
• Canary deployments introduce new versions incrementally to a subset of users. This approach lets you test upgrades with limited exposure, working alongside other deployment systems.
• Rolling deployments update applications gradually across multiple servers. This technique ensures only a portion of your infrastructure changes at once, reducing the risk of widespread issues.

You can learn more about these deployment methods in the Zero-downtime deployments document set.

HashiCorp resources:

• Learn how to use VCS-driven workflow with HCP Terraform
• Learn how to automate Packer with GitHub Actions
• Identify common metrics
• Learn how to setup monitoring agents
• Learn how to setup dashboards and alerts

External resources:

• What is GitOps?

Next steps

In this section of Process automation, you learned best practices for implementing fully-automated deployments. Implement fully-automated deployments is part of the Define and automate processes pillar.

You can learn to get with Packer and Waypoint in the following documents:

• What is HCP Packer?
• What is HCP Terraform?
• Get started with HCP Waypoint