Deployment Concept

CodeFloe is fully committed to using “Infrastructure as Code” (IaC) for all parts of its infrastructure. OpenTofu and Ansible are being used to provision resources and configure such. Both tools are the de-facto standard for IaC and configuration management.

Besides a “local apply” concept, which is primarily aimed to be used for development and rescue purposes, the main development and apply workflow is done through (public) CI/CD workflows. This allows for transparency and organized, ideally also reviewed, deployment flow across different environments.

Transparency and Security

“Isn’t it risky to publicly share the full infrastructure concept including IPs”?

Valid question! It can be, it should not 😉️

If the infra is properly designed, with respect to security-related aspects, such as access control and automated CVE patching, the risk is very small. And in no way substantially higher than for non-transparent environments.

Surely, a fully disclosed architecture makes it a bit easier for malicious actors to probe certain parts. Yet, it also allows “white hats” to do so and report on possible leaks before a potential abuse takes place.

In the end, the biggest threat to IT systems is humans making mistakes during manual actions and planning. This happens on a daily basis, be it in a direct way by applying a faulty config or by being unaware of side-effects of a specific change. The goal is to avoid such manual actions by minimizing the need for them and not fearing possible attacks from unknowns.

Last but not least, we believe that more transparency related to infrastructure and IT architecture is needed globally to improve the overall understanding of it in the community. Public code sharing already has its place. It is time to also find a place to share/show public IT architectures 🚀️.