2023-09-28-AWS Las Palmas UG - Dynamic Anti-Frigile Systems.pdf
0 likes16 views
The document discusses the evolution of DevOps practices focusing on transitioning from traditional server configurations to immutable infrastructure, addressing issues like configuration drift and the need for automation in scaling systems. It highlights various technologies and methodologies such as containers, orchestration, and GitOps, advocating for dynamic antifragile systems that enhance security and resilience. Potential future directions include exploring unikernels and serverless architectures as solutions for improved infrastructure management.
2023-09-28-AWS Las Palmas UG - Dynamic Anti-Frigile Systems.pdf
- 1. A DevOps Journey: From server configuration to immutable infrastructure AWS Las Palmas UG 2023-09-28
- 2. www.fivexl.io | hello@fivexl.io But infrastructure as code is not the end goal, right?
- 3. www.fivexl.io | hello@fivexl.io Typical business needs / problems Not able to ship changes fast enough Not able to scale system to meet demand Hard to manage / change large scale systems Disaster recovery / Fragile systems Security / compliance
- 4. Dynamic Antifragile Systems AWS Las Palmas UG 2023-09-28
- 5. www.fivexl.io | hello@fivexl.io Andrey Devyatkin Co-Host at DevSecOps Talks podcast Cloud Engineering Specialist AWS Community Builder Co-Founder at FivexL Happy Las Palmas resident
- 6. www.fivexl.io | hello@fivexl.io Dynamic Antifragile System Service discovery Immutable infrastructure as code Zero Trust
- 7. www.fivexl.io | hello@fivexl.io How do we end up with static and fragile infra in the first place? 🤔
- 8. www.fivexl.io | hello@fivexl.io Single server ClickOps Manage over ssh Install nginx with letsencrypt scp code https://cdn2.iconfinder.com/data/icons/amazon-aws-stencils/100/Compute__N etworking_copy_Amazon_EC2_Instance-512.png NewProd, 34.45.56.78 Stage, 34.45.58.11
- 9. www.fivexl.io | hello@fivexl.io NewProd? What happened to the old one?
- 10. www.fivexl.io | hello@fivexl.io Configuration Drift is the phenomenon where servers in an infrastructure become more and more different from one another as time goes on, due to manual ad-hoc changes and updates, and general entropy. Keif Morris http://kief.com/configuration-drift.html
- 11. www.fivexl.io | hello@fivexl.io Configuration changes are regularly needed to tweak the environment so that it runs efficiently and communicates properly with other systems. This requires some mix of command-line invocations, jumping between GUI screens, and editing text files. The result is a unique snowflake - good for a ski resort, bad for a data center. Martin Fowler https://martinfowler.com/bliki/SnowflakeServer.html
- 12. www.fivexl.io | hello@fivexl.io More traffic Move nginx to a separate server, static routing Add more servers Make sure that all servers have the same configuration scp code https://cdn2.iconfinder.com/data/icons/amazon-aws-stencils/100/Compute__N etworking_copy_Amazon_EC2_Instance-512.png NewProd, 34.45.56.78 Prod2, 34.45.60.23 Nginx, 34.44.23.67
- 13. www.fivexl.io | hello@fivexl.io More traffic More servers Consistency Management Need for automation https://www.lacisoft.com/blog/wp-content/uploads/2016/05/logo-amazon-elas tic-load-balancing.png NewProd, 34.45.56.78 Prod2, 34.45.60.23 ProdTmp, 34.45.80.72 Prod3, 34.50.57.71 Nginx, 34.44.23.67
- 14. www.fivexl.io | hello@fivexl.io First attempts at automation Tool-first thinking Replace bash with the specialized tool Kind of consistency Manual scaling https://www.lacisoft.com/blog/wp-content/uploads/2016/05/logo-amazon-elas tic-load-balancing.png NewProd, 34.45.56.78 Prod2, 34.45.60.23 ProdTmp, 34.45.80.72 Prod3, 34.50.57.71 Nginx, 34.44.23.67
- 15. www.fivexl.io | hello@fivexl.io Adding containers Start containers instead of copying code Some would do docker-compose Leap to orchestrators https://www.lacisoft.com/blog/wp-content/uploads/2016/05/logo-amazon-elas tic-load-balancing.png NewProd, 34.45.56.78 Prod2, 34.45.60.23 ProdTmp, 34.45.80.72 Prod3, 34.50.57.71 https://www.docker.com/sites/default/files/d8/2019-07/Moby-logo.png Nginx, 34.44.23.67
- 17. www.fivexl.io | hello@fivexl.io Configuration synchronization https://martinfowler.com/bliki/ConfigurationSynchronization.html
- 18. www.fivexl.io | hello@fivexl.io Can we do better?
- 19. www.fivexl.io | hello@fivexl.io Phoenix server
- 20. www.fivexl.io | hello@fivexl.io Phoenix server https://martinfowler.com/bliki/ImmutableServer.html
- 21. www.fivexl.io | hello@fivexl.io So if I kill my servers often enough and provision them with Ansible then I’m doing immutable configuration as code?
- 22. www.fivexl.io | hello@fivexl.io So if I kill my servers often enough and provision them with Ansible then I’m doing immutable configuration as code? Is it good enough?
- 23. www.fivexl.io | hello@fivexl.io Can we do better?
- 24. www.fivexl.io | hello@fivexl.io Immutable server https://martinfowler.com/bliki/ImmutableServer.html
- 25. www.fivexl.io | hello@fivexl.io Switch over to ASG Requires ready to use image Allows for scale in/out No ssh needed No pet names, dynamic https://tudip.com/wp-content/uploads/2018/12/autoscaling-group.png
- 26. www.fivexl.io | hello@fivexl.io Can we call ASG an orchestrator for VMs?
- 28. www.fivexl.io | hello@fivexl.io Can we take immutable VM to the next level?
- 30. www.fivexl.io | hello@fivexl.io AWS BottleRocket API access for configuring your system Updates based on partition flips, for fast and reliable system updates Modeled configuration that's automatically migrated through updates Security as a top priority Written in Rust https://github.com/bottlerocket-os/bottlerocket
- 32. www.fivexl.io | hello@fivexl.io Is there a next level for VMs?
- 33. www.fivexl.io | hello@fivexl.io MicroVM Unikernels Nanos Unikernel OSv includeOS MirageOS Unikernels are specialised single process operating systems.
- 37. www.fivexl.io | hello@fivexl.io ASG/Unikernel No containers No orchestrators No new abstractions No configuration drift https://tudip.com/wp-content/uploads/2018/12/autoscaling-group.png
- 38. www.fivexl.io | hello@fivexl.io Yeah, unikernels are dope But we are doing Kubernetes!
- 39. www.fivexl.io | hello@fivexl.io Wait! Are we back to configuration synchronization? https://miro.medium.com/max/1510/1*e4w0j0SUdsfx_U7hdHHpyw.png
- 40. www.fivexl.io | hello@fivexl.io GitOps Cloud config via GitOps Broken feedback loop Branching Configuration drift
- 42. www.fivexl.io | hello@fivexl.io How do we do immutable infra for K8S cluster? Time to time you have to take a step back to take two forward
- 43. www.fivexl.io | hello@fivexl.io Probably the best for today ContainerOS Containers Managed container orchestrator Automated scaling Auto Scaling Group
- 45. www.fivexl.io | hello@fivexl.io Typical business needs / problems Not able to ship changes fast enough Not able to scale system to meet demand Hard to manage / change large scale systems Disaster recovery / Fragile systems Security / compliance
- 46. www.fivexl.io | hello@fivexl.io Dynamic Antifragile System Service discovery Immutable infrastructure as code Zero Trust
- 47. Infrastructure as Code Challenges Server Sprawl Configuration Drift Snowflake Servers Goals IT infrastructure supports and enables change. Changes to the system are routine, without drama or stress for users or IT staff. IT staff spends their time on valuable things that engage their abilities. Users are able to define, provision, and manage the resources they need. Teams are able to easily and quickly recover from failures. Improvements are made continuously. Solutions to problems are proven through implementing, testing, and measuring. Fragile Infrastructure Automation Fear Erosion
- 48. www.fivexl.io | hello@fivexl.io Configuration Synchronization Still leaves the possibility of configuration drift A first good step comparing to doing it manually Slow scaling, far from dynamic Often used for bare-metal setups Apparently for K8S Might be a necessary evil https://www.oreilly.com/library/view/infrastructure-as-code/9781491924334/ch01.html
- 49. www.fivexl.io | hello@fivexl.io Immutable infrastructure Great for security Takes more work to implement Easy to recreate systems Resilient/self-healing dynamic systems Focus on business goals https://www.oreilly.com/library/view/infrastructure-as-code/9781491924334/ch01.html
- 50. www.fivexl.io | hello@fivexl.io Tomorrow? Immutable k8s? Unikernels/microvm? Serverless? https://www.oreilly.com/library/view/infrastructure-as-code/9781491924334/ch01.html