SlideShare une entreprise Scribd logo

Infrastructure as Code Patterns

Kris Buytaert
Kris Buytaert

StackConf 2022 Talk about The Different Patterns and AntiPatterns we've seen over the past decade of Automation

Technologie
1  sur  53
Télécharger pour lire hors ligne
Kris Buytaert @krisbuytaert Infrastructure as Code Patterns StackConf 2022, Berlin
• I used to be a developer • Then I became an Ops person • Chief Trolling/Travel/Technical Officer @ Inuits.eu • Chief Yak Shaver @ o11y.eu • Organiser of #devopsdays, #cfgmgmtcamp, #loadays, ... • Everything is a Freaking DNS Problem • Cofounder of all of the above • DNS : devops needs sushi • @krisbuytaert on twitter/github Who am I ? @krisbuytaert
Devops origins @krisbuytaert
A global movement to improve the quality of software delivery leveraging Open Source experiences , started in Gent in 2009 Devops definition @krisbuytaert
We love running in circles @krisbuytaert
• 1996 : Manual installation • 2001 : Mondo Rescue (reproducable single instance) • 2003 : System Imager , fast reproducable "identical" Infrastructure • Image Sprawl • "Overrides" • 2005 : JeOS + Early IAC (CfEngine / Kickstart / FAI) • 2010 : Desired State infrastructure as code , Puppet, Chef etc • 2015 : Cloud provisioning , Terraform etc .. Deploying an Infrastructure @krisbuytaert
• 1 (Snowflake) server • Multiple (snowflake) servers (cluster nodes) • Virtualization • Cloud • Containers 20+ years of changes @krisbuytaert
• Manual error • Differences in nodes due to manual changes • Not reproducable • Humans • Scale Some of The problems @krisbuytaert
Config Drift @krisbuytaert
• Manually Crafted Snowflake • Copied and modified • Copied and modified • Impossible to trace origin • Impossible to reproduce • Patching / Security nightmare Image Sprawling & Golden Images vs JeOS @krisbuytaert
FROM ubuntu RUN apt-get update RUN apt-get install -y git RUN git clone git@github.com:prometheus/prometheus.git RUN make install What's wrong with this GW-Basic code ? @krisbuytaert
Infrastructure as What ? @krisbuytaert
• Treat configuration automation as Code • Model your infrastructure • Development best practices • Model your infrastructure • Pipeline your Code • Test your Code Infrastructure as Code @krisbuytaert
• Reproducable Environments • You never deploy 1x • Local Test environments • Development / User Acceptance / Testing / Shadow / Production / DR • HA <- Keep cluster configuration in sync • Prevent Configuration drift • Cheap Disaster recovery • ... Infrastructure as Code Goals @krisbuytaert
3 types of tools needed • Provisioning • Desired state • Orchestration 2022 IaC Requirements @krisbuytaert
• Create me an instance of application X • Container instance • VM instance • Service X configuration via API e.g Terraform , Pulumi Provisioning @krisbuytaert
• Ensure that this file present / service is running • With these permissions • Always / Verified e.g Chef, Puppet, Salt Desired state @krisbuytaert
• Non frequent • Trigger action X on resource Y based on characteristics A,B and or C • First do X here then do Y there • One off actions e.g Ansible, Salt, Puppet Bolt Orchestration @krisbuytaert
• In computing, an idempotent operation is one that has no additional effect if it is called more than once with the same input parameters. • Not idempotent : echo “root=disabled” >> /etc/someconfigfile Idempodency @krisbuytaert
Frequent enforcing desired state with reporting = Automated population of a CMDB (Single source of truth) , with up to date data Side Effect : Having a single source from where to generate dynamic configuration eg. reverse proxy , firewall rules, monitoring configuration, backup configuration IaC & CMDB @krisbuytaert
• Do you want a reproducible infrastructure ? • Do you want to reduce manual error ? • Do you want to achieve desired state ? • Do you want to have automated configuration for monitoring, metrics, backups, security etc ? • Do you want to trivially spin up different identical environments (dev/uat/prod/dr) • Do you want to be able to detect and prevent config drift ? • Do you want to prevent image sprawl ? Questions to ask : @krisbuytaert
The Patterns @krisbuytaert
• Code is not in source control • Bolt / Ansible / Terraform is triggered from the admin's local machine • Works for individual admin • Doesn't Scale • Prevents Collaboration Pattern: It works from my homedir @krisbuytaert
Improvement over $prev, but still doesn't Scale Collaboration has been improved. Pattern: It works from my workstation but its in git @krisbuytaert
• Just the operating System • Maybe some basic services • Application is untouched • Partial source of maybes • Not suitable for derived configuration • Kill your Silos Pattern: We only automate the OS @krisbuytaert
• Operating System • Middle Ware • Application Pattern: We automate all the things @krisbuytaert
• Package • Config • Service Pattern: PCS @krisbuytaert
• PCS • Non Functional Requirements • Monitoring • Backups • External dependencies • Metrics • ... Pattern: PCS NFR @krisbuytaert
• Package • Config Files • User Generated Data Pattern: PCS UGC @krisbuytaert
Pattern: Reproducable and Scalable Infrastructure @krisbuytaert
• Ops use Chef but Devs use Java templating tool or • Terraform but Manual changes from UI. Variants: • Non centralized code base, people run code from local forks undoing changes made by colleagues • Templating tool is not idempotent (ruby sort ? / XML) • Bonus points if the tool restarts a service on a change Pattern: Multiple tools overwrite changes @krisbuytaert
• Code is checked into a git repository • The only way to apply is by central user Pattern: Centralised apply , from source control @krisbuytaert
• Tool is run once at deploy time then yolo • manual changes afterwards are not identified or reversed • State is not enforced, people are afraid to rerun playbooks • Now we don't dare to update anymore Orchestraition only mode, no desired state AKA Yolo or Integrator mode Pattern: We haven't run it for 6 months @krisbuytaert
• Reporting says it's broken, we are not going to fix it • Its been disabled for weeks, local modifications break it • See Config Drift Pattern: It's broken anyhow . @krisbuytaert
• X < 120 • Periodically we run ensure the state of our Infrastructure • We prevent config Drift • We actively monitor broken runs • We actively monitor change frequency We have achieved desired state of our infra. Pattern: We run it every X minutes @krisbuytaert
• We setup everything, it worked for a while • Then we broke service A , • Then something unrelated broke service B • Automation got blamed • We are not allowed to enable it again • Team X doesn't trust automation, • Often Team X = Security • We manually make the changes now , but we have visibility on drift. • We have semi desired state Pattern: We run it in nooop now @krisbuytaert
Pattern: We have a pipeline @krisbuytaert
What is an Environment , a stack, a platform ? A logically split of set of servers that together offer a service, Typically existing in dev/uat/prod flavours Environments @krisbuytaert
• Limiting Blast radius • Easy to spin up multiple variants • Feature flagged code introduction • And promotion of features • Clear line of ownership (team bound) • Same code , different config per environment • Easier release management Pattern : Using Environments @krisbuytaert
• Huge blast radius • Potential Scaling issues • Difficult to "promote" changes • Upgrade everthing or write host based if then case spaghetti • Code duplication : role_app_dev, role_app_uat, role_app_prod Pattern : Not using environments @krisbuytaert
• Typically with no environments • Environment specific config is hardcoded • See Config drift Pattern: Config is hardcoded in the code @krisbuytaert
• The same codebase is used • Only the config data differs • Multiple Environments possible Pattern: Config Data defines config per environment @krisbuytaert
• Code is run • We will see the errors when they happen • Code is not tested Pattern: It we don't test @krisbuytaert
• Every config run • Collect information of the run, • Store that information • Be able to query a central source with live, correctly, machine generated data • Reconfigure services based on changes in that data • Full lifecycle • Decomission instance => Automatically Clean out the data Pattern: Single source of truth @krisbuytaert
SSOT : e.g Puppet Exported Resources @krisbuytaert
• Our Ansible playbook does a git commit to a config repo • That repo gets checked out on the monitoring server • Humans also modify this config • Information is scattered over different tools • you can't leverage the real power of automation , no dynamic reconfiguration of resources therefore configuration is often done manually , but through a tool Pattern: No single source of truth @krisbuytaert
We have one repo with all • code • passwords • software binaries Pattern: One repo for all the things @krisbuytaert
"Blue printing" Building a UI on top of a provisioning framework is typically an intermediate step before people realize they either need to build in all AAA functionality and buy a bloated tool. Or realize git + Terraform solves these problems in a better way. Pattern: Provisioning from a UI @krisbuytaert
• We have written all code in house ? • What do you mean there are modules on github to manage apache ? • We spent about 3 months building our own Pattern: we ignore the existing codebase group @krisbuytaert
• Aka We do NOT understand Continuous Integration • We have mapped our environments to git branches • Obviously they are long running • We are cherry picking changes from uat to prod • We don't test those combinations • We are in merge hell now Puppet r10k is an antipattern. So is running your gitops from multiple branches. Pattern: We love Branching @krisbuytaert
Puppet & Chef Terraform & Pulumi Pattern: We want a full language @krisbuytaert
• All of these people say they are doing infrastructure as Code • Some with 0 real benefit • Find the patterns you like / dislike • Implement or remove the ones you please • My preferences might not fit your use case Lessons Learned @krisbuytaert
Kris Buytaert @krisbuytaert kris@inuits.eu Essensteenweg 31 2930 Brasschaat Belgium Contact: info@inuits.eu +32-3-8082105

Recommandé

How to Shift to a Serverless Mindset
How to Shift to a Serverless MindsetHow to Shift to a Serverless Mindset
How to Shift to a Serverless Mindset
UXDXConf
 
Infrastructure as Code for Beginners
Infrastructure as Code for BeginnersInfrastructure as Code for Beginners
Infrastructure as Code for Beginners
David Völkel
 
Nasuni Cloud NAS
Nasuni Cloud NASNasuni Cloud NAS
Nasuni Cloud NAS
Nasuni
 
Sécurisez votre software supply chain avec SLSA, Sigstore et Kyverno
Sécurisez votre software supply chain avec SLSA, Sigstore et KyvernoSécurisez votre software supply chain avec SLSA, Sigstore et Kyverno
Sécurisez votre software supply chain avec SLSA, Sigstore et Kyverno
Mohamed Abdennebi
 
10+ Deploys Per Day: Dev and Ops Cooperation at Flickr
10+ Deploys Per Day: Dev and Ops Cooperation at Flickr10+ Deploys Per Day: Dev and Ops Cooperation at Flickr
10+ Deploys Per Day: Dev and Ops Cooperation at Flickr
John Allspaw
 
DevOps Best Practices
DevOps Best PracticesDevOps Best Practices
DevOps Best Practices
Giragadurai Vallirajan
 
18 Months to Migrate 800 Applications: State Farm’s Transformation Journey
18 Months to Migrate 800 Applications: State Farm’s Transformation Journey18 Months to Migrate 800 Applications: State Farm’s Transformation Journey
18 Months to Migrate 800 Applications: State Farm’s Transformation Journey
VMware Tanzu
 
Azure DevOps CI/CD For Beginners
Azure DevOps CI/CD For BeginnersAzure DevOps CI/CD For Beginners
Azure DevOps CI/CD For Beginners
Rahul Nath
 

Recommandé

How to Shift to a Serverless Mindset
How to Shift to a Serverless MindsetHow to Shift to a Serverless Mindset
How to Shift to a Serverless Mindset
UXDXConf
 
Infrastructure as Code for Beginners
Infrastructure as Code for BeginnersInfrastructure as Code for Beginners
Infrastructure as Code for Beginners
David Völkel
 
Nasuni Cloud NAS
Nasuni Cloud NASNasuni Cloud NAS
Nasuni Cloud NAS
Nasuni
 
Sécurisez votre software supply chain avec SLSA, Sigstore et Kyverno
Sécurisez votre software supply chain avec SLSA, Sigstore et KyvernoSécurisez votre software supply chain avec SLSA, Sigstore et Kyverno
Sécurisez votre software supply chain avec SLSA, Sigstore et Kyverno
Mohamed Abdennebi
 
10+ Deploys Per Day: Dev and Ops Cooperation at Flickr
10+ Deploys Per Day: Dev and Ops Cooperation at Flickr10+ Deploys Per Day: Dev and Ops Cooperation at Flickr
10+ Deploys Per Day: Dev and Ops Cooperation at Flickr
John Allspaw
 
DevOps Best Practices
DevOps Best PracticesDevOps Best Practices
DevOps Best Practices
Giragadurai Vallirajan
 
18 Months to Migrate 800 Applications: State Farm’s Transformation Journey
18 Months to Migrate 800 Applications: State Farm’s Transformation Journey18 Months to Migrate 800 Applications: State Farm’s Transformation Journey
18 Months to Migrate 800 Applications: State Farm’s Transformation Journey
VMware Tanzu
 
Azure DevOps CI/CD For Beginners
Azure DevOps CI/CD For BeginnersAzure DevOps CI/CD For Beginners
Azure DevOps CI/CD For Beginners
Rahul Nath
 
Getting Started with Azure DevOps
Getting Started with Azure DevOpsGetting Started with Azure DevOps
Getting Started with Azure DevOps
Jessica Deen
 
Azure DevOps Presentation
Azure DevOps PresentationAzure DevOps Presentation
Azure DevOps Presentation
InCycleSoftware
 
Microsoft azure backup overview
Microsoft azure backup overviewMicrosoft azure backup overview
Microsoft azure backup overview
Sumantro Mukherjee
 
MS_Azure_Migrate_L300_Refreshed_-_To_be_published.pptx
MS_Azure_Migrate_L300_Refreshed_-_To_be_published.pptxMS_Azure_Migrate_L300_Refreshed_-_To_be_published.pptx
MS_Azure_Migrate_L300_Refreshed_-_To_be_published.pptx
ssuser80bfe1
 
Azure automation
Azure automationAzure automation
Azure automation
Tariq Younas
 
Azure DevOps
Azure DevOpsAzure DevOps
Azure DevOps
Surasuk Oakkharaamonphong
 
La gestion de projets agile avec SAFe [webinaire]
La gestion de projets agile avec SAFe [webinaire]La gestion de projets agile avec SAFe [webinaire]
La gestion de projets agile avec SAFe [webinaire]
Technologia Formation
 
Continues Integration and Continuous Delivery with Azure DevOps - Deploy Anyt...
Continues Integration and Continuous Delivery with Azure DevOps - Deploy Anyt...Continues Integration and Continuous Delivery with Azure DevOps - Deploy Anyt...
Continues Integration and Continuous Delivery with Azure DevOps - Deploy Anyt...
Janusz Nowak
 
Scrum
ScrumScrum
Scrum
Diego Pacheco
 
Azure Backup と Azure Site Recovery
Azure Backup と Azure Site RecoveryAzure Backup と Azure Site Recovery
Azure Backup と Azure Site Recovery
Junji Yamamoto
 
What is agile?
What is agile?What is agile?
What is agile?
Rohana K Amarakoon
 
Azure Boards.pptx
Azure Boards.pptxAzure Boards.pptx
Azure Boards.pptx
Nitin Sethi
 
Agile software development
Agile software development Agile software development
Agile software development
saurabh goel
 
Enterprise Agile Transformation
Enterprise Agile TransformationEnterprise Agile Transformation
Enterprise Agile Transformation
Pooja Wandile
 
Steampipe - use SQL to retrieve data from cloud, platforms and files (Code Ca...
Steampipe - use SQL to retrieve data from cloud, platforms and files (Code Ca...Steampipe - use SQL to retrieve data from cloud, platforms and files (Code Ca...
Steampipe - use SQL to retrieve data from cloud, platforms and files (Code Ca...
Lucas Jellema
 
Disaster Recovery using Azure Services
Disaster Recovery using Azure ServicesDisaster Recovery using Azure Services
Disaster Recovery using Azure Services
Anoop Nair
 
LDP lecture 1
LDP lecture 1LDP lecture 1
LDP lecture 1Vladimir Kotov
 
Agility from First Principles
Agility from First PrinciplesAgility from First Principles
Agility from First Principles
Tathagat Varma
 
[SC06] Windows と Azure、2つの Information Protection をディープに解説!
[SC06] Windows と Azure、2つの Information Protection をディープに解説![SC06] Windows と Azure、2つの Information Protection をディープに解説!
[SC06] Windows と Azure、2つの Information Protection をディープに解説!
de:code 2017
 
Microsoft Azure and Windows Application monitoring
Microsoft Azure and Windows Application monitoringMicrosoft Azure and Windows Application monitoring
Microsoft Azure and Windows Application monitoring
Site24x7
 
Make It Cooler: Using Decentralized Version Control
Make It Cooler: Using Decentralized Version ControlMake It Cooler: Using Decentralized Version Control
Make It Cooler: Using Decentralized Version Control
indiver
 
Que nos espera a los ALM Dudes para el 2013?
Que nos espera a los ALM Dudes para el 2013?Que nos espera a los ALM Dudes para el 2013?
Que nos espera a los ALM Dudes para el 2013?
Bruno Capuano
 

Contenu connexe

Tendances

Getting Started with Azure DevOps
Getting Started with Azure DevOpsGetting Started with Azure DevOps
Getting Started with Azure DevOps
Jessica Deen
 
Azure DevOps Presentation
Azure DevOps PresentationAzure DevOps Presentation
Azure DevOps Presentation
InCycleSoftware
 
Microsoft azure backup overview
Microsoft azure backup overviewMicrosoft azure backup overview
Microsoft azure backup overview
Sumantro Mukherjee
 
MS_Azure_Migrate_L300_Refreshed_-_To_be_published.pptx
MS_Azure_Migrate_L300_Refreshed_-_To_be_published.pptxMS_Azure_Migrate_L300_Refreshed_-_To_be_published.pptx
MS_Azure_Migrate_L300_Refreshed_-_To_be_published.pptx
ssuser80bfe1
 
Azure automation
Azure automationAzure automation
Azure automation
Tariq Younas
 
Azure DevOps
Azure DevOpsAzure DevOps
Azure DevOps
Surasuk Oakkharaamonphong
 
La gestion de projets agile avec SAFe [webinaire]
La gestion de projets agile avec SAFe [webinaire]La gestion de projets agile avec SAFe [webinaire]
La gestion de projets agile avec SAFe [webinaire]
Technologia Formation
 
Continues Integration and Continuous Delivery with Azure DevOps - Deploy Anyt...
Continues Integration and Continuous Delivery with Azure DevOps - Deploy Anyt...Continues Integration and Continuous Delivery with Azure DevOps - Deploy Anyt...
Continues Integration and Continuous Delivery with Azure DevOps - Deploy Anyt...
Janusz Nowak
 
Scrum
ScrumScrum
Scrum
Diego Pacheco
 
Azure Backup と Azure Site Recovery
Azure Backup と Azure Site RecoveryAzure Backup と Azure Site Recovery
Azure Backup と Azure Site Recovery
Junji Yamamoto
 
What is agile?
What is agile?What is agile?
What is agile?
Rohana K Amarakoon
 
Azure Boards.pptx
Azure Boards.pptxAzure Boards.pptx
Azure Boards.pptx
Nitin Sethi
 
Agile software development
Agile software development Agile software development
Agile software development
saurabh goel
 
Enterprise Agile Transformation
Enterprise Agile TransformationEnterprise Agile Transformation
Enterprise Agile Transformation
Pooja Wandile
 
Steampipe - use SQL to retrieve data from cloud, platforms and files (Code Ca...
Steampipe - use SQL to retrieve data from cloud, platforms and files (Code Ca...Steampipe - use SQL to retrieve data from cloud, platforms and files (Code Ca...
Steampipe - use SQL to retrieve data from cloud, platforms and files (Code Ca...
Lucas Jellema
 
Disaster Recovery using Azure Services
Disaster Recovery using Azure ServicesDisaster Recovery using Azure Services
Disaster Recovery using Azure Services
Anoop Nair
 
Agility from First Principles
Agility from First PrinciplesAgility from First Principles
Agility from First Principles
Tathagat Varma
 
[SC06] Windows と Azure、2つの Information Protection をディープに解説!
[SC06] Windows と Azure、2つの Information Protection をディープに解説![SC06] Windows と Azure、2つの Information Protection をディープに解説!
[SC06] Windows と Azure、2つの Information Protection をディープに解説!
de:code 2017
 
Microsoft Azure and Windows Application monitoring
Microsoft Azure and Windows Application monitoringMicrosoft Azure and Windows Application monitoring
Microsoft Azure and Windows Application monitoring
Site24x7
 

Tendances (20)

Getting Started with Azure DevOps
Getting Started with Azure DevOpsGetting Started with Azure DevOps
Getting Started with Azure DevOps
 
Azure DevOps Presentation
Azure DevOps PresentationAzure DevOps Presentation
Azure DevOps Presentation
 
Microsoft azure backup overview
Microsoft azure backup overviewMicrosoft azure backup overview
Microsoft azure backup overview
 
MS_Azure_Migrate_L300_Refreshed_-_To_be_published.pptx
MS_Azure_Migrate_L300_Refreshed_-_To_be_published.pptxMS_Azure_Migrate_L300_Refreshed_-_To_be_published.pptx
MS_Azure_Migrate_L300_Refreshed_-_To_be_published.pptx
 
Azure automation
Azure automationAzure automation
Azure automation
 
Azure DevOps
Azure DevOpsAzure DevOps
Azure DevOps
 
La gestion de projets agile avec SAFe [webinaire]
La gestion de projets agile avec SAFe [webinaire]La gestion de projets agile avec SAFe [webinaire]
La gestion de projets agile avec SAFe [webinaire]
 
Continues Integration and Continuous Delivery with Azure DevOps - Deploy Anyt...
Continues Integration and Continuous Delivery with Azure DevOps - Deploy Anyt...Continues Integration and Continuous Delivery with Azure DevOps - Deploy Anyt...
Continues Integration and Continuous Delivery with Azure DevOps - Deploy Anyt...
 
Scrum
ScrumScrum
Scrum
 
Azure Backup と Azure Site Recovery
Azure Backup と Azure Site RecoveryAzure Backup と Azure Site Recovery
Azure Backup と Azure Site Recovery
 
What is agile?
What is agile?What is agile?
What is agile?
 
Azure Boards.pptx
Azure Boards.pptxAzure Boards.pptx
Azure Boards.pptx
 
Agile software development
Agile software development Agile software development
Agile software development
 
Enterprise Agile Transformation
Enterprise Agile TransformationEnterprise Agile Transformation
Enterprise Agile Transformation
 
Steampipe - use SQL to retrieve data from cloud, platforms and files (Code Ca...
Steampipe - use SQL to retrieve data from cloud, platforms and files (Code Ca...Steampipe - use SQL to retrieve data from cloud, platforms and files (Code Ca...
Steampipe - use SQL to retrieve data from cloud, platforms and files (Code Ca...
 
Disaster Recovery using Azure Services
Disaster Recovery using Azure ServicesDisaster Recovery using Azure Services
Disaster Recovery using Azure Services
 
LDP lecture 1
LDP lecture 1LDP lecture 1
LDP lecture 1
 
Agility from First Principles
Agility from First PrinciplesAgility from First Principles
Agility from First Principles
 
[SC06] Windows と Azure、2つの Information Protection をディープに解説!
[SC06] Windows と Azure、2つの Information Protection をディープに解説![SC06] Windows と Azure、2つの Information Protection をディープに解説!
[SC06] Windows と Azure、2つの Information Protection をディープに解説!
 
Microsoft Azure and Windows Application monitoring
Microsoft Azure and Windows Application monitoringMicrosoft Azure and Windows Application monitoring
Microsoft Azure and Windows Application monitoring
 

Similaire à Infrastructure as Code Patterns

Make It Cooler: Using Decentralized Version Control
Make It Cooler: Using Decentralized Version ControlMake It Cooler: Using Decentralized Version Control
Make It Cooler: Using Decentralized Version Control
indiver
 
Que nos espera a los ALM Dudes para el 2013?
Que nos espera a los ALM Dudes para el 2013?Que nos espera a los ALM Dudes para el 2013?
Que nos espera a los ALM Dudes para el 2013?
Bruno Capuano
 
Migrating big data
Migrating big dataMigrating big data
Migrating big data
lauraxthomson
 
Microservices: The Best Practices
Microservices: The Best PracticesMicroservices: The Best Practices
Microservices: The Best Practices
Pavel Mička
 
GitOps , done Right
GitOps , done RightGitOps , done Right
GitOps , done Right
Kris Buytaert
 
The Rocky Cloud Road
The Rocky Cloud RoadThe Rocky Cloud Road
The Rocky Cloud Road
Gert Drapers
 
Devops For Drupal
Devops For DrupalDevops For Drupal
Devops For Drupal
Kris Buytaert
 
How Percolate uses CFEngine to Manage AWS Stateless Infrastructure
How Percolate uses CFEngine to Manage AWS Stateless InfrastructureHow Percolate uses CFEngine to Manage AWS Stateless Infrastructure
How Percolate uses CFEngine to Manage AWS Stateless Infrastructure
Percolate
 
Continuous Integration, the minimum viable product
Continuous Integration, the minimum viable productContinuous Integration, the minimum viable product
Continuous Integration, the minimum viable product
Julian Simpson
 
Database as a Service (DBaaS) on Kubernetes
Database as a Service (DBaaS) on KubernetesDatabase as a Service (DBaaS) on Kubernetes
Database as a Service (DBaaS) on Kubernetes
ObjectRocket
 
Evolving for Kubernetes
Evolving for KubernetesEvolving for Kubernetes
Evolving for Kubernetes
Chris McEniry
 
Deploying your SaaS stack OnPrem
Deploying your SaaS stack OnPremDeploying your SaaS stack OnPrem
Deploying your SaaS stack OnPrem
Kris Buytaert
 
Detecting secrets in code committed to gitlab (in real time)
Detecting secrets in code committed to gitlab (in real time)Detecting secrets in code committed to gitlab (in real time)
Detecting secrets in code committed to gitlab (in real time)
Chandrapal Badshah
 
Operating Consul as an Early Adopter
Operating Consul as an Early AdopterOperating Consul as an Early Adopter
Operating Consul as an Early Adopter
Nelson Elhage
 
Automation: The Good, The Bad and The Ugly with DevOpsGuys - AppD Summit Europe
Automation: The Good, The Bad and The Ugly with DevOpsGuys - AppD Summit EuropeAutomation: The Good, The Bad and The Ugly with DevOpsGuys - AppD Summit Europe
Automation: The Good, The Bad and The Ugly with DevOpsGuys - AppD Summit Europe
AppDynamics
 
DevOpsGuys - DevOps Automation - The Good, The Bad and The Ugly
DevOpsGuys - DevOps Automation - The Good, The Bad and The UglyDevOpsGuys - DevOps Automation - The Good, The Bad and The Ugly
DevOpsGuys - DevOps Automation - The Good, The Bad and The Ugly
DevOpsGroup
 
Hosting Ruby Web Apps
Hosting Ruby Web AppsHosting Ruby Web Apps
Hosting Ruby Web Apps
Michael Reinsch
 
DevOps: Automate all the things
DevOps: Automate all the thingsDevOps: Automate all the things
DevOps: Automate all the things
Mat Mannion
 
Getting Started with Serverless Architectures
Getting Started with Serverless ArchitecturesGetting Started with Serverless Architectures
Getting Started with Serverless Architectures
Amazon Web Services
 
OSMC 2021 | Pipeline your Dashboards as Code
OSMC 2021 | Pipeline your Dashboards as CodeOSMC 2021 | Pipeline your Dashboards as Code
OSMC 2021 | Pipeline your Dashboards as Code
NETWAYS
 

Similaire à Infrastructure as Code Patterns (20)

Make It Cooler: Using Decentralized Version Control
Make It Cooler: Using Decentralized Version ControlMake It Cooler: Using Decentralized Version Control
Make It Cooler: Using Decentralized Version Control
 
Que nos espera a los ALM Dudes para el 2013?
Que nos espera a los ALM Dudes para el 2013?Que nos espera a los ALM Dudes para el 2013?
Que nos espera a los ALM Dudes para el 2013?
 
Migrating big data
Migrating big dataMigrating big data
Migrating big data
 
Microservices: The Best Practices
Microservices: The Best PracticesMicroservices: The Best Practices
Microservices: The Best Practices
 
GitOps , done Right
GitOps , done RightGitOps , done Right
GitOps , done Right
 
The Rocky Cloud Road
The Rocky Cloud RoadThe Rocky Cloud Road
The Rocky Cloud Road
 
Devops For Drupal
Devops For DrupalDevops For Drupal
Devops For Drupal
 
How Percolate uses CFEngine to Manage AWS Stateless Infrastructure
How Percolate uses CFEngine to Manage AWS Stateless InfrastructureHow Percolate uses CFEngine to Manage AWS Stateless Infrastructure
How Percolate uses CFEngine to Manage AWS Stateless Infrastructure
 
Continuous Integration, the minimum viable product
Continuous Integration, the minimum viable productContinuous Integration, the minimum viable product
Continuous Integration, the minimum viable product
 
Database as a Service (DBaaS) on Kubernetes
Database as a Service (DBaaS) on KubernetesDatabase as a Service (DBaaS) on Kubernetes
Database as a Service (DBaaS) on Kubernetes
 
Evolving for Kubernetes
Evolving for KubernetesEvolving for Kubernetes
Evolving for Kubernetes
 
Deploying your SaaS stack OnPrem
Deploying your SaaS stack OnPremDeploying your SaaS stack OnPrem
Deploying your SaaS stack OnPrem
 
Detecting secrets in code committed to gitlab (in real time)
Detecting secrets in code committed to gitlab (in real time)Detecting secrets in code committed to gitlab (in real time)
Detecting secrets in code committed to gitlab (in real time)
 
Operating Consul as an Early Adopter
Operating Consul as an Early AdopterOperating Consul as an Early Adopter
Operating Consul as an Early Adopter
 
Automation: The Good, The Bad and The Ugly with DevOpsGuys - AppD Summit Europe
Automation: The Good, The Bad and The Ugly with DevOpsGuys - AppD Summit EuropeAutomation: The Good, The Bad and The Ugly with DevOpsGuys - AppD Summit Europe
Automation: The Good, The Bad and The Ugly with DevOpsGuys - AppD Summit Europe
 
DevOpsGuys - DevOps Automation - The Good, The Bad and The Ugly
DevOpsGuys - DevOps Automation - The Good, The Bad and The UglyDevOpsGuys - DevOps Automation - The Good, The Bad and The Ugly
DevOpsGuys - DevOps Automation - The Good, The Bad and The Ugly
 
Hosting Ruby Web Apps
Hosting Ruby Web AppsHosting Ruby Web Apps
Hosting Ruby Web Apps
 
DevOps: Automate all the things
DevOps: Automate all the thingsDevOps: Automate all the things
DevOps: Automate all the things
 
Getting Started with Serverless Architectures
Getting Started with Serverless ArchitecturesGetting Started with Serverless Architectures
Getting Started with Serverless Architectures
 
OSMC 2021 | Pipeline your Dashboards as Code
OSMC 2021 | Pipeline your Dashboards as CodeOSMC 2021 | Pipeline your Dashboards as Code
OSMC 2021 | Pipeline your Dashboards as Code
 

Plus de Kris Buytaert

Years of (not) learning , from devops to devoops
Years of (not) learning , from devops to devoopsYears of (not) learning , from devops to devoops
Years of (not) learning , from devops to devoops
Kris Buytaert
 
Observability will not fix your Broken Monitoring ,Ignite
Observability will not fix your Broken Monitoring ,IgniteObservability will not fix your Broken Monitoring ,Ignite
Observability will not fix your Broken Monitoring ,Ignite
Kris Buytaert
 
From devoops to devops 13 years of (not) learning
From devoops to devops 13 years of (not) learningFrom devoops to devops 13 years of (not) learning
From devoops to devops 13 years of (not) learning
Kris Buytaert
 
Pipeline all the Dashboards as Code
Pipeline all the Dashboards as CodePipeline all the Dashboards as Code
Pipeline all the Dashboards as Code
Kris Buytaert
 
Help , My Datacenter is on fire
Help , My Datacenter is on fireHelp , My Datacenter is on fire
Help , My Datacenter is on fire
Kris Buytaert
 
Devops is Dead, Long live Devops
Devops is Dead, Long live DevopsDevops is Dead, Long live Devops
Devops is Dead, Long live Devops
Kris Buytaert
 
10 years of #devopsdays, but what have we really learned ?
10 years of #devopsdays, but what have we really learned ? 10 years of #devopsdays, but what have we really learned ?
10 years of #devopsdays, but what have we really learned ?
Kris Buytaert
 
Continuous Infrastructure First
Continuous Infrastructure FirstContinuous Infrastructure First
Continuous Infrastructure First
Kris Buytaert
 
Is there a Future for devops ?
Is there a Future for devops ? Is there a Future for devops ?
Is there a Future for devops ?
Kris Buytaert
 
10 Years of #devopsdays weirdness
10 Years of #devopsdays weirdness10 Years of #devopsdays weirdness
10 Years of #devopsdays weirdness
Kris Buytaert
 
ADDO 2019: Looking back at over 10 years of Devops
ADDO 2019: Looking back at over 10 years of DevopsADDO 2019: Looking back at over 10 years of Devops
ADDO 2019: Looking back at over 10 years of Devops
Kris Buytaert
 
Can we fix dev-oops ?
Can we fix dev-oops ?Can we fix dev-oops ?
Can we fix dev-oops ?
Kris Buytaert
 
Continuous Infrastructure First Ignite Edition
Continuous Infrastructure First Ignite EditionContinuous Infrastructure First Ignite Edition
Continuous Infrastructure First Ignite Edition
Kris Buytaert
 
Continuous Infrastructure First
Continuous Infrastructure FirstContinuous Infrastructure First
Continuous Infrastructure First
Kris Buytaert
 
Open Source Monitoring in 2019
Open Source Monitoring in 2019 Open Source Monitoring in 2019
Open Source Monitoring in 2019
Kris Buytaert
 
Migrating to Puppet 5
Migrating to Puppet 5Migrating to Puppet 5
Migrating to Puppet 5
Kris Buytaert
 
Repositories as Code
Repositories as CodeRepositories as Code
Repositories as Code
Kris Buytaert
 
Devops is a Security Requirement
Devops is a Security RequirementDevops is a Security Requirement
Devops is a Security Requirement
Kris Buytaert
 
Is there a future for devops ?
Is there a future for devops ?Is there a future for devops ?
Is there a future for devops ?
Kris Buytaert
 
Looking back at 5 years of #cfgmgmtcamp
Looking back at 5 years of #cfgmgmtcampLooking back at 5 years of #cfgmgmtcamp
Looking back at 5 years of #cfgmgmtcamp
Kris Buytaert
 

Plus de Kris Buytaert (20)

Years of (not) learning , from devops to devoops
Years of (not) learning , from devops to devoopsYears of (not) learning , from devops to devoops
Years of (not) learning , from devops to devoops
 
Observability will not fix your Broken Monitoring ,Ignite
Observability will not fix your Broken Monitoring ,IgniteObservability will not fix your Broken Monitoring ,Ignite
Observability will not fix your Broken Monitoring ,Ignite
 
From devoops to devops 13 years of (not) learning
From devoops to devops 13 years of (not) learningFrom devoops to devops 13 years of (not) learning
From devoops to devops 13 years of (not) learning
 
Pipeline all the Dashboards as Code
Pipeline all the Dashboards as CodePipeline all the Dashboards as Code
Pipeline all the Dashboards as Code
 
Help , My Datacenter is on fire
Help , My Datacenter is on fireHelp , My Datacenter is on fire
Help , My Datacenter is on fire
 
Devops is Dead, Long live Devops
Devops is Dead, Long live DevopsDevops is Dead, Long live Devops
Devops is Dead, Long live Devops
 
10 years of #devopsdays, but what have we really learned ?
10 years of #devopsdays, but what have we really learned ? 10 years of #devopsdays, but what have we really learned ?
10 years of #devopsdays, but what have we really learned ?
 
Continuous Infrastructure First
Continuous Infrastructure FirstContinuous Infrastructure First
Continuous Infrastructure First
 
Is there a Future for devops ?
Is there a Future for devops ? Is there a Future for devops ?
Is there a Future for devops ?
 
10 Years of #devopsdays weirdness
10 Years of #devopsdays weirdness10 Years of #devopsdays weirdness
10 Years of #devopsdays weirdness
 
ADDO 2019: Looking back at over 10 years of Devops
ADDO 2019: Looking back at over 10 years of DevopsADDO 2019: Looking back at over 10 years of Devops
ADDO 2019: Looking back at over 10 years of Devops
 
Can we fix dev-oops ?
Can we fix dev-oops ?Can we fix dev-oops ?
Can we fix dev-oops ?
 
Continuous Infrastructure First Ignite Edition
Continuous Infrastructure First Ignite EditionContinuous Infrastructure First Ignite Edition
Continuous Infrastructure First Ignite Edition
 
Continuous Infrastructure First
Continuous Infrastructure FirstContinuous Infrastructure First
Continuous Infrastructure First
 
Open Source Monitoring in 2019
Open Source Monitoring in 2019 Open Source Monitoring in 2019
Open Source Monitoring in 2019
 
Migrating to Puppet 5
Migrating to Puppet 5Migrating to Puppet 5
Migrating to Puppet 5
 
Repositories as Code
Repositories as CodeRepositories as Code
Repositories as Code
 
Devops is a Security Requirement
Devops is a Security RequirementDevops is a Security Requirement
Devops is a Security Requirement
 
Is there a future for devops ?
Is there a future for devops ?Is there a future for devops ?
Is there a future for devops ?
 
Looking back at 5 years of #cfgmgmtcamp
Looking back at 5 years of #cfgmgmtcampLooking back at 5 years of #cfgmgmtcamp
Looking back at 5 years of #cfgmgmtcamp
 

Dernier

GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
Postman
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Jeffrey Haguewood
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Wask
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 

Dernier (20)

GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 

Infrastructure as Code Patterns

  • 1. Kris Buytaert @krisbuytaert Infrastructure as Code Patterns StackConf 2022, Berlin
  • 2. • I used to be a developer • Then I became an Ops person • Chief Trolling/Travel/Technical Officer @ Inuits.eu • Chief Yak Shaver @ o11y.eu • Organiser of #devopsdays, #cfgmgmtcamp, #loadays, ... • Everything is a Freaking DNS Problem • Cofounder of all of the above • DNS : devops needs sushi • @krisbuytaert on twitter/github Who am I ? @krisbuytaert
  • 4. A global movement to improve the quality of software delivery leveraging Open Source experiences , started in Gent in 2009 Devops definition @krisbuytaert
  • 5. We love running in circles @krisbuytaert
  • 6. • 1996 : Manual installation • 2001 : Mondo Rescue (reproducable single instance) • 2003 : System Imager , fast reproducable "identical" Infrastructure • Image Sprawl • "Overrides" • 2005 : JeOS + Early IAC (CfEngine / Kickstart / FAI) • 2010 : Desired State infrastructure as code , Puppet, Chef etc • 2015 : Cloud provisioning , Terraform etc .. Deploying an Infrastructure @krisbuytaert
  • 7. • 1 (Snowflake) server • Multiple (snowflake) servers (cluster nodes) • Virtualization • Cloud • Containers 20+ years of changes @krisbuytaert
  • 8. • Manual error • Differences in nodes due to manual changes • Not reproducable • Humans • Scale Some of The problems @krisbuytaert
  • 10. • Manually Crafted Snowflake • Copied and modified • Copied and modified • Impossible to trace origin • Impossible to reproduce • Patching / Security nightmare Image Sprawling & Golden Images vs JeOS @krisbuytaert
  • 11. FROM ubuntu RUN apt-get update RUN apt-get install -y git RUN git clone git@github.com:prometheus/prometheus.git RUN make install What's wrong with this GW-Basic code ? @krisbuytaert
  • 12. Infrastructure as What ? @krisbuytaert
  • 13. • Treat configuration automation as Code • Model your infrastructure • Development best practices • Model your infrastructure • Pipeline your Code • Test your Code Infrastructure as Code @krisbuytaert
  • 14. • Reproducable Environments • You never deploy 1x • Local Test environments • Development / User Acceptance / Testing / Shadow / Production / DR • HA <- Keep cluster configuration in sync • Prevent Configuration drift • Cheap Disaster recovery • ... Infrastructure as Code Goals @krisbuytaert
  • 15. 3 types of tools needed • Provisioning • Desired state • Orchestration 2022 IaC Requirements @krisbuytaert
  • 16. • Create me an instance of application X • Container instance • VM instance • Service X configuration via API e.g Terraform , Pulumi Provisioning @krisbuytaert
  • 17. • Ensure that this file present / service is running • With these permissions • Always / Verified e.g Chef, Puppet, Salt Desired state @krisbuytaert
  • 18. • Non frequent • Trigger action X on resource Y based on characteristics A,B and or C • First do X here then do Y there • One off actions e.g Ansible, Salt, Puppet Bolt Orchestration @krisbuytaert
  • 19. • In computing, an idempotent operation is one that has no additional effect if it is called more than once with the same input parameters. • Not idempotent : echo “root=disabled” >> /etc/someconfigfile Idempodency @krisbuytaert
  • 20. Frequent enforcing desired state with reporting = Automated population of a CMDB (Single source of truth) , with up to date data Side Effect : Having a single source from where to generate dynamic configuration eg. reverse proxy , firewall rules, monitoring configuration, backup configuration IaC & CMDB @krisbuytaert
  • 21. • Do you want a reproducible infrastructure ? • Do you want to reduce manual error ? • Do you want to achieve desired state ? • Do you want to have automated configuration for monitoring, metrics, backups, security etc ? • Do you want to trivially spin up different identical environments (dev/uat/prod/dr) • Do you want to be able to detect and prevent config drift ? • Do you want to prevent image sprawl ? Questions to ask : @krisbuytaert
  • 23. • Code is not in source control • Bolt / Ansible / Terraform is triggered from the admin's local machine • Works for individual admin • Doesn't Scale • Prevents Collaboration Pattern: It works from my homedir @krisbuytaert
  • 24. Improvement over $prev, but still doesn't Scale Collaboration has been improved. Pattern: It works from my workstation but its in git @krisbuytaert
  • 25. • Just the operating System • Maybe some basic services • Application is untouched • Partial source of maybes • Not suitable for derived configuration • Kill your Silos Pattern: We only automate the OS @krisbuytaert
  • 26. • Operating System • Middle Ware • Application Pattern: We automate all the things @krisbuytaert
  • 27. • Package • Config • Service Pattern: PCS @krisbuytaert
  • 28. • PCS • Non Functional Requirements • Monitoring • Backups • External dependencies • Metrics • ... Pattern: PCS NFR @krisbuytaert
  • 29. • Package • Config Files • User Generated Data Pattern: PCS UGC @krisbuytaert
  • 30. Pattern: Reproducable and Scalable Infrastructure @krisbuytaert
  • 31. • Ops use Chef but Devs use Java templating tool or • Terraform but Manual changes from UI. Variants: • Non centralized code base, people run code from local forks undoing changes made by colleagues • Templating tool is not idempotent (ruby sort ? / XML) • Bonus points if the tool restarts a service on a change Pattern: Multiple tools overwrite changes @krisbuytaert
  • 32. • Code is checked into a git repository • The only way to apply is by central user Pattern: Centralised apply , from source control @krisbuytaert
  • 33. • Tool is run once at deploy time then yolo • manual changes afterwards are not identified or reversed • State is not enforced, people are afraid to rerun playbooks • Now we don't dare to update anymore Orchestraition only mode, no desired state AKA Yolo or Integrator mode Pattern: We haven't run it for 6 months @krisbuytaert
  • 34. • Reporting says it's broken, we are not going to fix it • Its been disabled for weeks, local modifications break it • See Config Drift Pattern: It's broken anyhow . @krisbuytaert
  • 35. • X < 120 • Periodically we run ensure the state of our Infrastructure • We prevent config Drift • We actively monitor broken runs • We actively monitor change frequency We have achieved desired state of our infra. Pattern: We run it every X minutes @krisbuytaert
  • 36. • We setup everything, it worked for a while • Then we broke service A , • Then something unrelated broke service B • Automation got blamed • We are not allowed to enable it again • Team X doesn't trust automation, • Often Team X = Security • We manually make the changes now , but we have visibility on drift. • We have semi desired state Pattern: We run it in nooop now @krisbuytaert
  • 37. Pattern: We have a pipeline @krisbuytaert
  • 38. What is an Environment , a stack, a platform ? A logically split of set of servers that together offer a service, Typically existing in dev/uat/prod flavours Environments @krisbuytaert
  • 39. • Limiting Blast radius • Easy to spin up multiple variants • Feature flagged code introduction • And promotion of features • Clear line of ownership (team bound) • Same code , different config per environment • Easier release management Pattern : Using Environments @krisbuytaert
  • 40. • Huge blast radius • Potential Scaling issues • Difficult to "promote" changes • Upgrade everthing or write host based if then case spaghetti • Code duplication : role_app_dev, role_app_uat, role_app_prod Pattern : Not using environments @krisbuytaert
  • 41. • Typically with no environments • Environment specific config is hardcoded • See Config drift Pattern: Config is hardcoded in the code @krisbuytaert
  • 42. • The same codebase is used • Only the config data differs • Multiple Environments possible Pattern: Config Data defines config per environment @krisbuytaert
  • 43. • Code is run • We will see the errors when they happen • Code is not tested Pattern: It we don't test @krisbuytaert
  • 44. • Every config run • Collect information of the run, • Store that information • Be able to query a central source with live, correctly, machine generated data • Reconfigure services based on changes in that data • Full lifecycle • Decomission instance => Automatically Clean out the data Pattern: Single source of truth @krisbuytaert
  • 45. SSOT : e.g Puppet Exported Resources @krisbuytaert
  • 46. • Our Ansible playbook does a git commit to a config repo • That repo gets checked out on the monitoring server • Humans also modify this config • Information is scattered over different tools • you can't leverage the real power of automation , no dynamic reconfiguration of resources therefore configuration is often done manually , but through a tool Pattern: No single source of truth @krisbuytaert
  • 47. We have one repo with all • code • passwords • software binaries Pattern: One repo for all the things @krisbuytaert
  • 48. "Blue printing" Building a UI on top of a provisioning framework is typically an intermediate step before people realize they either need to build in all AAA functionality and buy a bloated tool. Or realize git + Terraform solves these problems in a better way. Pattern: Provisioning from a UI @krisbuytaert
  • 49. • We have written all code in house ? • What do you mean there are modules on github to manage apache ? • We spent about 3 months building our own Pattern: we ignore the existing codebase group @krisbuytaert
  • 50. • Aka We do NOT understand Continuous Integration • We have mapped our environments to git branches • Obviously they are long running • We are cherry picking changes from uat to prod • We don't test those combinations • We are in merge hell now Puppet r10k is an antipattern. So is running your gitops from multiple branches. Pattern: We love Branching @krisbuytaert
  • 51. Puppet & Chef Terraform & Pulumi Pattern: We want a full language @krisbuytaert
  • 52. • All of these people say they are doing infrastructure as Code • Some with 0 real benefit • Find the patterns you like / dislike • Implement or remove the ones you please • My preferences might not fit your use case Lessons Learned @krisbuytaert
  • 53. Kris Buytaert @krisbuytaert kris@inuits.eu Essensteenweg 31 2930 Brasschaat Belgium Contact: info@inuits.eu +32-3-8082105