BASTA! 2025- Infrastruktur als Code und KI-gestützte Programmierassistenten -Eine passende Kombination?

Transcript

1. Infrastruktur als Code und KI-gestützte Programmierassistenten - Eine passende Kombination?

   PATRICK KOCH

2. Patrick Koch Email: [email protected] Blog: patrickkoch.dev LinkedIn: patkoch87 GitHub: patkoch

   BlueSky: @patkoch.bsky.social Mastodon: @[email protected] Cloud Adoption Engineer, AVL List GmbH Source icons: Microsoft, HashiCorp
3. None

4. Source: kleinezeitung.at – 01.04.2024

5. Content What is Infrastructure as Code? How does GenAI work?

   Why focusing on Infrastructure as Code? Usages of AI tools for Infrastructure as Code Conclusion

6. What is Infrastructure as Code?

7. What is Infrastructure as Code?  Infrastructure as Code (IaC)

   is a method of managing and provisioning computing infrastructure through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools. It's a key practice in DevOps and is used in conjunction with continuous delivery.  IaC allows developers to automate the process of setting up and managing infrastructure, which can lead to faster deployment times, more efficient use of resources, and more reliable and repeatable processes. It can be used to manage a wide range of services, including networks, virtual machines, load balancers, and connection topology. Source: GitHub Copilot

8. Example: Azure Kubernetes Cluster - Imperative code az group create

   --name my-demo-rg --location westeurope # Create AKS cluster with system-assigned managed identity az aks create \ --resource-group my-demo-rg \ --name my-demo-aks \ --node-count 1 \ --node-vm-size Standard_D2_v2 \ --enable-managed-identity \ --dns-name-prefix exampleaks1 \ --tags Environment=Production Azure Kubernetes Service Source Azure icons: Azure architecture icons: https://learn.microsoft.com/en-us/azure/architecture/icons/

9. Example: Azure Kubernetes Cluster - Declarative code resource "azurerm_resource_group" "demo-rg"

   { name = "my-demo-rg" location = "West Europe" } resource "azurerm_kubernetes_cluster" "demo-aks" { name = "my-demo-aks" location = azurerm_resource_group.demo-rg.location resource_group_name = azurerm_resource_group.demo-rg.name dns_prefix = "exampleaks1" default_node_pool { name = "default" node_count = 1 vm_size = "Standard_D2_v2" } identity { type = "SystemAssigned" } tags = { Environment = "Production" } } Source Azure icons: Azure architecture icons: https://learn.microsoft.com/en-us/azure/architecture/icons/ Source Terraform Icon: HashiCorp Brand Kit “In Azure, a declarative code approach is accomplished by using templates or modules” https://learn.microsoft.com/en-us/training/modules/terraform-introduction- to-infrastructure-as-code/2-what-infrastructure-code Azure Kubernetes Service

10. terraform { required_providers { azurerm = { source = "hashicorp/azurerm"

    version = "~>4.19.0" } } } provider "azurerm" { features {} } az login

11. What is GenAI and how does it work?

12. Source: https://terrateam.io/blog/using-llms-to-generate-terraform-code#what-is-a-large-language-model-llm “A Large Language Model (LLM) is an artificial

    intelligence model or program that generates text by “predicting” the next token in a sequence. These models are trained on massive datasets, requiring substantial parallel computing resources, such as GPUs, to process and learn from the vast amounts of text data..” “Developers can interact with the LLM by providing prompts or instructions, such as ‘ChatGPT, you are a developer…’ followed by a specific code generation request. The LLM then generates code snippets or functions based on the given prompt.”

13. Why focusing on IaC?

14. “LLMs are only as good as the data they're trained

    on. Terraform and IaC tools are relatively new …..That means the dataset the model was trained on (mostly from GitHub) is sparse. But most of all, most companies don't put their infra code on GitHub for security reasons. So the encoding space for this kind of code is sparse….” Source: https://www.anyshift.io/blog/navigating-ai-in-your-infrastructure-dos-don-ts-and-why-it-matters

15. Source: https://www.hashicorp.com/resources/the-story-of-hashicorp-terraform-with-mitchell-hashimoto

16. Comparing Terraform and Javascript in GitHub

17. “The exact number of GitHub repositories used to train GPT-4

    isn't publicly disclosed. However, GPT-4 was trained on a diverse dataset that includes a significant amount of code from various sources, including public repositories on GitHub. This extensive dataset helps the model understand and generate code effectively.” Source: https://github.blog/news-insights/octoverse/octoverse-2024/

18. Source: https://medium.com/@dlaytonj2/chatgpt-show-me-the-data-sources-11e9433d57e8

19. Tool LLM Sources GitHub Copilot Claude 3.5 Sonnet (Preview) /

    GPT-4o / o1 (Preview) Tabnine OpenAI GPT-3 [3][4] Replit OpenAI Codex [5][2] Mutable.ai OpenAI Codex [2][6] Google Cloud AI Code Generator Google PaLM [7][8] CodeWhisperer (Amazon) Amazon's proprietary LLM [12][11] Kite OpenAI GPT-3 [10][9] Codiga OpenAI Codex [2][6] DeepCode (Snyk) OpenAI GPT-3 [13][14] Qodo Custom LLM [15][16] References [3] ChatGPT vs. Tabnine: Why AI code assistants are so much more than LLMs [4] Tabnine | Discover AI use cases - GPT-3 Demo [5] Replit + Codex - Beta Release [6] Best Beginners guide to OpenAI Codex, with 5 practical examples [7] Generative AI code samples and sample applications - Google Cloud [8] Pathways Language Model (PaLM) | Generative AI on Vertex AI - Google Cloud [9] GPT-3 powers the next generation of apps - OpenAI [10] OpenAI Platform [11] Amazon CodeWhisperer, kostenlos für den individuellen Gebrauch, ist nun ... [12] Amazon CodeWhisperer, Free for Individual Use, is Now Generally ... [13] DeepCode AI | AI Code Review | AI Security for SAST - Snyk [14] AI code security improvements to DeepCode AI Fix - Snyk [15] Instead of openai can we use different local llm's through litellm ... [16] Getting Started with Qodo - Skillcurb AI Tools

20. AI and IaC Example usages of AI tools for Infrastructure

    as Code

21. Advices

22. I'd like to create a Terraform configuration from scratch, I’d

    like to apply best practice, which files, file types, and which naming convention would I need for Terraform?
23. None
24. None
25. None

26. Code Generation

27. None

28. Security

29. Example: Jumpbox (Terraform on Azure) Virtual Network Virtual Machine DNS

    Zone Application Gateway Container Registry Application Security Group Kubernetes Service Source Azure icons: Azure architecture icons: https://learn.microsoft.com/en-us/azure/architecture/icons/

30. I'd like to create a Ubuntu Virtual Machine on Azure

    using Terraform. This VM should serve as Jumpbox, to do administrative stuff within the virtual network. Can you please create a Terraform configuration for that?
31. None
32. None
33. None

34. Example: Jumpbox (Terraform on Azure) Virtual Network Virtual Machine DNS

    Zone Application Gateway Container Registry Application Security Group Kubernetes Service Source Azure icons: Azure architecture icons: https://learn.microsoft.com/en-us/azure/architecture/icons/ Bastion

35. Are my prompts retained?

36. Source (accessed 28.02.2025: https://copilot.github.trust.page/faq#privacy GitHub Copilot

37. Source (Accessed 28.02.2025): https://learn.microsoft.com/en-us/purview/retention-policies-copilot “After a retention policy is configured

    for AI app interactions, a timer job from the Exchange service periodically evaluates items in the hidden mailbox folder where these messages are stored. The timer job typically takes 1-7 days to run. When these items have expired their retention period, they're moved to the SubstrateHolds folder—another hidden folder that's in every user mailbox to store "soft-deleted" items before they're permanently deleted. Messages remain in the SubstrateHolds folder for at least 1 day, and then if they're eligible for deletion, the timer job permanently deletes them the next time it runs.” Microsoft Copilot

38. • Don‘t blindly trust your suggested IaC code • Especially

    double check for security related tasks • Determine which LLMs are behind the AI tools

39. THANK YOU! ☺