►
Description
A technical overview of GitLab's "Five Minute Production". Achieve Production-grade Infrastructure and DevSecOps in under five minutes with GitLab and AWS.
https://gitlab.com/gitlab-org/5-minute-production-app/deploy-template/-/blob/master/README.md
#fiveminuteproduction #gitlab #aws
A
A
A
A
It
could
be
a
ruby
on
rails,
application,
a
python
or
a
django
application.
Maybe
you
use
node.js
or
java.
It
really
does
not
matter
which
language
or
which
framework
you
use.
This
will
work
for
everything,
but
the
assumption
here
is
that
you
have
a
web
application
inside
a
git
repository
now.
What
we
will
do
is
we
will
try
to
achieve
perfect,
get
ops,
we'll
start
with
the
notion
that
every
branch
on
your
git
repo
should
translate
to
a
web
app
deployment
environment.
A
This
application
package
is
usually
in
the
form
of
a
container
image
which
gets
stored
inside
the
container
registry
of
your
gitlab
project,
then,
is
the
provision
step
where
terraform
skip
script
actually
gets
executed
and
it
provisions
all
sorts
of
hardware
or
not
hardware.
I
forgive
me.
It
creates
all
sort
of
infrastructure
resources
that
you
need
on
aws
and
finally,
is
the
deploy
stage
which
basically
takes
your
packaged
or
the
release
version
of
your
application,
and
then
it
takes
the
infrastructure
that
has
been
provisioned
and
actually
merges
to
do.
A
As
you
can
see
what
infrastructure
gets
created
we'll
go
into
details
a
bit
later,
but
this
is
the
rough
idea,
a
pipeline
which
will
build
provision
and
provision
and
deploy
your
application,
regardless
of
which
technology
you
use,
which
programming
language
you
use,
which
framework
you
use.
It
should
really
not
matter,
and
we
want
all
of
this
available
for
you
in
under
five
minutes.
A
A
A
A
A
A
Now
the
web
application
part,
it
can
be
any
language,
it
can
be
any
framework.
We
really
don't
care,
we
don't
care
as
long
as
it
can
be
containerized
or
as
long
as
it
can
be
packaged
with
heroku
built
backs
or
as
long
as
it
can
be
packaged
with
cloud
native
buildbacks
you
as
the
development
team
for
the
web
application.
A
A
I
will
be
showing
you
some
examples
and,
in
the
examples
we'll
go
with
the
containerized
application,
which
uses
a
simple
docker
file,
and
I
use
this
as
my
example,
because
it's
the
broadest
possible
broadest,
possible
source
or
means
of
creating
packages.
I
think
most
people
will
understand
docker
files,
so
it
would
be
very
well
or
easily
consumed
by
the
audience.
A
Let's
talk
about
the
automation
part
you've
heard
me
mention
gitlab,
ci,
cd
or
gitlab
pipelines
in
the
stock.
So
far.
What
is
that?
Every
time
you
create
a
git
event,
pipelines
are
triggered,
which
means
that
your
git
event
could
be
a
commit.
It
could
be
a
push,
it
could
be
a
merge,
it
could
be
a
rebase,
it
could
be
creating
a
tag
whatever.
Whatever
is
your
git
event,
it
triggers
a
series
of
automations
known
as
a
pipeline.
A
Let's
put
these
two:
together
we
get
the
five-minute
production
pipeline,
which
is
a
pipeline
that
lets
you
build
your
application
provision,
infrastructure
for
your
application
and
three
deploys
your
application
optionally.
You
can
also
run
step
four,
which
is
to
destroy
that
is
undeploy
your
application
and
destroy
all
provisioned
infrastructure
resources,
but
that's
an
optional
step.
We
don't
turn
it
on
by
default.
The
documentation
tells
you
how
you
can
turn
it
on.
If
you
need
to
so
I'll
switch
to
my
first
demo,
let's
have
a
look
at
the
gitlab
ci
aml.
A
A
A
A
A
A
That's
that
the
second
part
I'm
going
to
demo
to
you
is
the
branches.
So
you
see
that
I
have
a
get
repository
which
has
got
right
now:
five
branches,
five
active
branches,
they're,
probably
more
branches
which
were
created
in
the
past
or
which
were
which
are
no
longer
used.
But
this
is
just
a
quick
example
of
the
branching
flow.
A
A
The
third
thing
I
want
to
show
you
is
the
pipeline
itself,
so
I
switch
to
the
tab
here
and
you're,
seeing
an
example
of
the
five-minute
production
pipeline.
As
I
said,
it's
got
a
few
steps.
It's
got
a
build
step.
It's
got
an
optional
test
step.
In
this
case.
The
test
step
is
not
being
provided
by
five
minute
production.
It
is
being
provided
by
something
configured
particular
for
this
example
project.
So
just
ignore
the
test
step.
A
A
A
A
A
You
will
see
a
list
of
image
repositories
here
and
you
can
already.
If
you
look
at
the
name,
you
know
that
it's
got
a
container
folder
or
a
repository
for
every
branch.
If
I
look
at
the
container
images
built
for
my
master
branch,
you
will
see
it's
going
to
load
a
list
of
container
images
that
it's
been
built.
So
here
you
have
a
list
of
container
images
built
for
the
master
branch.
A
What
happens
during
the
provision
stage?
It
reads:
pre-configured
aws
keys,
so
the
access
key,
the
secret
key
and
the
default
region.
These
are
keys
that
you
have
defined
for
your
project.
So
it
just
reads
them
note
that
if
you
are
gdpr
sensitive,
you
can
define
the
default
region,
so
you
can
say
that
please
store
all
my
data,
all
my
applications.
Only
in
eu
west
2,
which
is
the
london
location
for
aws,
you
have
that
sort
of
control.
A
A
And,
of
course,
you
can
connect
to
this
environment
via
gitlab
pipelines
or,
if
you
wish,
you
can
also
connect
to
this
terraform
state
using
your
local
cli.
A
A
That
means
it
creates
a
vpc,
a
subnet
route
table,
etc,
etc.
It
creates
them
for
every
environment
within
that
environment.
Within
that
secure
network,
it
creates
a
relational
database.
It
uses
aws
rds
to
create
a
postgres
sql
database.
For
you,
this
database
has
got
daily
backups
enabled
and
each
backup
is
preserved
for
seven
days.
So
at
any
given
point
of
time,
you
have
daily
backups
for
up
to
seven
days
and,
of
course,
if
you
perform
the
terraform
destroy
snapshots
of
this
database
get
created.
A
A
A
A
This
also
lives
inside
a
vpc,
a
secure
network
which
contains
various
other
resources.
All
of
these
resources,
so
the
postgres
or
the
elastic
cache
or
the
s3
bucket,
or
the
simple
email
service
live
within
the
secure
network
and
the
ec2
instance
is
able
to
connect
to
them,
which
means
when
your
application
is
deployed
on
this
ec2
instance.
Your
application
can
also
access
these
resources,
while
the
rest
of
the
internet
cannot
access
them
and
just
want
to
highlight
daily
backups
being
enabled
for
your
postgresql.
A
A
Now,
now
that
we
have
the
infrastructure,
let's
talk
about
deploying
deployment.
What
are
the
preparation
steps
for
it?
The
first
is:
we
have
to
fetch
the
deployment
secrets
from
the
terraform
state.
How
can
we
connect
to
the
ec2
instance?
How
can
we
actually
deploy
our
applications
there?
Those
secrets,
those
secret
credentials-
are
available
in
the
terraform
state.
A
A
It
provides
your
web
application
with
credentials
for
the
postgres
database,
the
readers
cluster
credentials
required
to
send
out
emails,
credentials
required
to
access
the
s3
storage
and
any
other
environment
variables
that
you
would
like
to
provide,
as
you
saw
in
my
brief
example
earlier,
we
also
have
the
ability
to
create
post
deploy
triggers
and
in
my
example,
I
was
creating
a
trigger
to
actually
run
the
rails,
migration
I'll
just
refresh
your
memory.
Here's
an
example
of
a
trigger
being
used
to
run
this
command
after
the
deployment
process.
A
Finally,
what
we
do
for
you
is
we
set
up
an
ssl
certificate
with
certbot,
so
let's
encrypt
provides
you
ssl
certificates.
You
can
connect
your
domain,
so
you
can
just
define
a
domain
name
variable
which
connects
the
domain
and
ssl
certificates
get
created
for
your
domain
automatically.
A
A
Every
time
a
pipeline
gets
executed
for
these
branches.
It
looks
up
these
terraform
state
and
downloads
it
within
the
pipeline
and
actually
works
with
it.
So
we
completely
enable
stateful
application
deployments,
of
course,
through
your
terraform
cli,
you
can
connect
to
the
state
as
well
or
you
can
simply
download
the
json
and
do
whatever
you
want
to
the
second
thing
I'd
like
to
show
you
is
the
environment,
so
these
are
environments.
A
A
So
these
could
be
running
tests
for
your
application.
It
could
be
running
source
code,
quality
checks
on
your
project
source
code.
It
could
be
running
security
scans,
for
example,
static
analysis,
first
testing,
dependency,
scans
and
so
on,
or
you
want
to
perform
things
like
performance
tests
or
license
compliance.
A
So
you
have
all
of
these
reusable
pipeline
jobs
within
gitlab
part
of
the
auto
devops
bundle,
and
you
can
pick
and
choose
the
ones
you
like.
A
A
The
second
is,
this
can
be
a
learning
example
for
you
get
inspired,
create
your
own
infrared
code,
setup
use,
terraform,
use
the
wonderful
products.
Hashicorp
has
made
available
to
you
and
try
to
achieve
git
ops
in
the
true
sense,
which
means
your
source
code
and
your
infrastructure
live
in
the
same
repo,
and
I
would
like
to
leave
you
with
this
thought.
A
A
We
have
the
infrastructure
state.
That
is
the
terraform
state
inside
the
gitlab
repo,
and
we
actually
have
the
running
environments
with
the
with
all
the
configs
in
the
in
the
get
lab
repo
as
well.
So
every
aspect
of
your
application
is
in
one
place,
so
in
theory,
or
I
would
go
a
step
further,
at
least
in
my
experience
in
practice,
this
is
possibly
one
of
the
most
complete
examples
of
git
ops,
I've
seen
so
far
with
that
I'd
like
to
wish
you
to
a
great
day.
I
hope
you
are
a
little
inspired.
A
I
hope
you
have
the
necessary
inspiration
to
at
least
test
it
out
one
time
and
once
you
test
it
out,
of
course,
we're
happy
to
listen
to
feedback
like
most
or
like
almost
every
piece
of
gitlab
project
or
gitlab,
product
or
gitlab
solution.
This,
too
is
open
source.
So
please
access
it.
Please
use
it
and
please
share
your
feedback.