Getty Images/iStockphoto
What it means to do 'everything as code' in IT operations
If the concept of 'everything as code' sounds overwhelming, don't worry. Learn what it means, how to get started and ways you might already be using it.
Those who work in IT or DevOps are probably familiar with infrastructure as code -- the practice of managing servers, cloud IaaS and other infrastructure resources with code.
But today's teams don't need to settle for infrastructure as code (IaC). Instead, they can take a code-based approach to managing their resources with a practice known as everything as code.
This article explores what everything as code is, benefits of the approach and which tools IT operations and DevOps teams can use to enact it.
What is everything as code?
Everything as code is an approach to IT operations and DevOps that uses code to define and manage resources of all types, including infrastructure.
Everything as code enables teams to use code-based configuration files to define security requirements for applications or to manage CI/CD processes across the software delivery pipeline.
Everything as code doesn't mean the code manages every resource or process. There will always be a need to perform some tasks manually. What this does mean is that a team commits to using code to manage resources and processes wherever possible.
In this sense, everything as code is arguably more of a philosophy than a specific practice -- although it does have roots in specific practices and tools, as we'll see below.
Examples of everything as code
Everything as code has existed as a conscious strategy since about 2019. However, some of the practices labeled as everything as code have been around longer under different names.
IaC is the most obvious example. IT operations teams have been using IaC for approximately a decade. In recent years, teams have begun to view IaC as one facet of a broader, code-centric approach to IT operations, rather than a standalone practice.
Cloud security posture management -- which uses code to define security requirements for cloud resources and to detect misconfigurations -- and cloud infrastructure entitlement management -- which does the same for access policies in the cloud -- are examples of operations that fall under the everything-as-code umbrella. These operations also existed before everything as code became a practice. Software test automation is another practice that relies on code-based configurations to define and manage complex processes.
Other examples of everything-as-code practices are more novel. Using a central policy engine to manage access control rules across different types of environments, such as a public cloud and an on-premises environment, for instance, has become a popular everything-as-code strategy.
Benefits of everything as code
There are several reasons why teams have embraced an everything-as-code approach to IT operations.
Consistency
Admins can apply uniform configurations across a large environment. Whether configuring infrastructure, CI/CD tools or cloud access control policies, everything as code helps engineers avoid the risk of inconsistent configurations.
Scalability
Admins can apply a given configuration to as many resources or processes as necessary. This benefits operations that scale up in size over time. If an IT team has code to define configurations for a given type of resource or process, they can add new instances without reconfiguring each one.
Version control
Admins can track how configurations change over time, similar to source code, and ensure they are version-controlled. This makes it easy to determine what changes, if any, were made before a problem occurred or to revert to an earlier configuration version if necessary.
Auditability
Admins can examine configuration resources automatically by auditing the code files. This is more efficient than checking individual resources to validate the configuration.
Portability
IT teams using everything as code will benefit from defining their configurations in vendor-neutral code, as opposed to managing them with various vendors' configuration tools.
For example, a software testing script written in Selenium, the open source test automation framework, is likely to run in any test automation framework. That means admins can move test environments from on premises to the cloud, or from one cloud to another, without having to learn a new set of tools or update the testing configurations for every migration.
Everything-as-code tools
Although a few tools are labeled for everything as code, several tools exist that enable an everything-as-code approach to DevOps or IT operations. To start, use an open source IaC tool that supports other types of automation beyond infrastructure as code.
Puppet and Ansible are good examples. Although these tools are often placed in the infrastructure automation category, they also manage application delivery, workflows and -- to a certain extent -- security operations using code.
Policy engines, such as Open Policy Agent, are also useful resources. Policy engines enable teams to define configurations for different types of systems using a central language and enforcement framework. Compared to tools like Puppet and Ansible, policy engines focus less on environments, applications and infrastructure and more on access control. Policy engines fill in some of the gaps other types of code-based automation tools cannot address.
For now, a universal everything-as-code tool does not exist. Admins must use multiple types of automation tools to implement everything as code across an IT environment.
By improving consistency, scalability and accuracy, everything as code provides benefits once restricted to certain domains, like infrastructure automation, to almost all aspects of IT operations. Although it's likely that DevOps and IT operations teams will always be stuck managing some workflows manually, expect to see more code-based automation as everything as code becomes a mainstream strategy.