SlideShare a Scribd company logo

DevOps as a Contract

S
Subhas Dandapani

The document discusses the evolution of DevOps practices at a travel ticket booking platform, highlighting the shift towards treating CI/CD and infrastructure management as contracts to improve efficiency and reduce complexity. It emphasizes the importance of defining clear contracts for continuous delivery, configuration management, and logging, thereby enabling teams to innovate without being bogged down by operational issues. The lessons learned include the necessity of robust contracts between teams, improving infrastructure quality through testing, and the continuous upgrade of systems for better usability.

Software
Related topics:
Cloud Computing InsightsInsights on Software Development
1 of 31
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
DevOps as a Contract Subhas Dandapani
- Travel ticket search and booking platform - 15 countries - 100k+ destinations - 800+ partners and providers - 20m+ monthly visitors GoEuro
50 to 150+ engineers 10 to 300+ services How many changes can we put in the user’s hands in a week? Centralization bottlenecks “Throw over the wall” from dev to qa to ops Exponential growth Huge infrastructure QoS requirements Making best use of available resources Doing changes fast Scaling without breaking Log/metrics explosion Challenges - circa 2017 Infrastructure Architecture All forms of integration: REST, SOAP, gRPC, Event-driven, DB-driven, File-driven, Metrics-driven Scala, Java, NodeJS, Golang, Python, ... Geo, Routing, Scheduling, Ticketing, Big Data, ... Delivery / DevOps
Probably only way forward Distribute infrastructure ownership
But...InfrastructureMaturity ServiceA ServiceB ServiceC ServiceD ServiceE ServiceF ServiceG ServiceH ServiceI ServiceJ ServiceK … … … …
Continuous Delivery is for infrastructure too!InfrastructureMaturity ServiceA ServiceB ServiceC ServiceD ServiceE ServiceF ServiceG ServiceH ServiceI ServiceJ ServiceK … … … …
CI as a Tool - Before: Jenkins-as-a-Tool - Huge, complex CI jobs - Partially configured by application teams and DevOps, no clear boundaries - Several dedicated release managers who needed to maintain a "mind map" of releases - Engineers having to ping DevOps teams for releases - Many CI plugins were installed for different teams - Every Jenkins or Jenkins-plugin upgrade broke random jobs - Agent configuration, auto-scaling, and job execution were also problematic - Tried JenkinsFile - but still, Jenkins as a tool! - Lots of copy-pasted config, shared functions, inability to change things as a whole from outside, code injection?, etc.
Jenkinsfile - Inability to instrument jobs as a whole and add global shared behavior - Cannot parse code and modify AST tree - Lots of copy-pasted config, shared functions - Inability to do continuous changes on those functions - Inability to prevent tie-in with internal plugins - It’s still Jenkins-as-a-tool
- Should be semantically understandable and instrumentable - Adopt a job definition contract - Dots (Isolated Jobs), Pipelines (Lists), or Graphs, just pick one and adopt a YAML contract CI as a Contract
image: jenkins-plain:latest unit-tests: stage: test script: test.sh master: script: release.sh deploy-qa: environment: name: qa script: deploy.sh deploy-preprod: deploy-prod: ... CI as a Contract
- Specify pipeline contract with container image, scripts, checkpoints, etc. - We take care of the implementation - Team adds everything else on top of this file - Build notifications, Caching, Agent allocation, Autoscaling, Analytics, Organizational context, Auditing, etc. CI as a Contract
CI as a Contract
- Minimal stack that we needed for every service - Artifact (JAR/WAR/Docker image/etc) - Service (shell script/initscript/systemd unit/docker container/etc) - + Supporting services (watchdogs, ancillary utilities, etc) - Configuration for different environments - Multiple Instances of the stack - Connected to traffic (networking, firewall, load balancer) - Stack as a unit - Let’s worry about post-deployment activities next Configuration Management
- Fulfilling the minimal package - Distribute chef cookbooks + librarian chef + chef apply - Or ansible playbooks + ansible galaxy + ansible apply - Or puppet/salt/... - Distribute terraform with strict credentials + terraform apply - Distribute <X> container orchestrator + apply - Distribute Kubernetes resources + kubectl apply - Core difference between these tools? Configuration Management
Kubernetes as a Contract Instance = Podspec Running unit = Container spec Multiple Instances = Deployment spec Configuration = ConfigMap spec Traffic = Service, Ingress spec All modeled as JSON or YAML, but has a standard contract/spec kind: Deployment metadata: name: {{ .Values.name }} namespace: {{ .Values.name }} spec: replicas: 5 … … … containers: - name: my-app image: my-container:latest resources: requests: cpu: … memory: … limits: cpu: … memory: … livenessProbe: httpGet: path: /_system/health env: ...
Application Stack Kubernetes API Server Open, Secure HTTPS Protocol Kubernetes responds to fulfil what has been applied Artifact = Docker image Instance = Pod Running unit = Container Multiple Instances = Deployment Configuration = ConfigMap Traffic = Service, Ingress All modeled as JSON or YAML, but has a standard Resource spec kubectl apply
API Proxy Validation, Linting, Org-wide standards, etc. Application Stack Stack spec kubectl apply Kubernetes API
Kubernetes as a Contract - Health checks must exist - CPU/memory must exist - Images must not be external - Entrypoint is for us, Script is for app - No alpha/beta stuff - Whitelisted resources, separate stateful & stateless clusters - Minimum 2 replicas - Similar for all resources kind: Deployment metadata: name: {{ .Values.name }} namespace: {{ .Values.name }} spec: replicas: 5 … … … containers: - name: my-app image: my-container:latest resources: requests: cpu: … memory: … limits: cpu: … memory: … livenessProbe: httpGet: path: /_system/health env: ...
API Proxy Validation, Linting, Org-wide standards, etc. Cloud Resources as a Contract Model your own contract e.g. Cloud Bucket as a YAML kubectl apply Kubernetes API / Custom controllers
Application Stack - Using Kubernetes since 1.2 and on 1.10 right now - Avoiding kubernetes API maze - “src” and “ops” in every repository, completely self-contained - Kubernetes upgrades go exactly as planned as we know what workloads are running, and how to orchestrate/change the workloads - Multiple features and standards rolled out to everyone who uses kubernetes clusters - Stateful and Stateless clusters separate from Day 1 - Not using kubernetes/helm as a tool, but as a contract
Application Stack
Logging as a Tool - Logstash as a tool - Hundreds of custom logstash transformations, pipelines, ports - Snowflake configs for different fields for each service - Slow, ticketed bootstrap process for new services - Explosion of indices - Multiple different ways to push logs from applications
Logging as a Contract - Print logs on STDOUT, and they will come up on Kibana - If it’s JSON, you get structured fields - If it’s plain, you get plain message - Standard enrichment rules to avoid stepping on each other’s toes: - <field>_i = integer, <field>_s = string, <field>_geo = geo with lat/long, <field>_txt = text, etc. - No application-specific code in logstash anymore - Everything else taken care by team - Scaling, Rotation, Retention, etc.
Routing as a Tool - Started with one router handling all traffic, hardcoded service discovery - As more services grew, more custom and inconsistent routing rules - Nested rewrites and redirects, and randomly captured URL paths - Most services had to carry custom nginx forwarders - Proxies, then proxies-inside-proxies, etc. - Unmanageable routing graph - Complicated procedure to setup a new application - Monitoring/logs was a different problem altogether
- Adopted Ingress as a Contract - Every service was assigned fixed route based on namespace - Consistent and predictable routing - Team adds value on top of the contract - Automatic logging and monitoring - Global health and SLA checks - Extensive instrumentation and tracing - Scalability - Load balancing - Edge gateways - Cross-zone failovers - Dashboards and network policies Routing as a Contract
Monitoring as a Contract - Only tool-driven area in organization - Prometheus as a Contract is great - But we have some way to go (clustering, sharding, etc)
- All containers auto-injected with secrets - Non-org images blacklisted in the API proxy - GDPR as a contract - ... - In all the cases, tool is secondary, contract is discussed and agreed upon first Security as a Contract
Looking back...
Continuous delivery for operationsInfrastructureMaturity ServiceA ServiceB ServiceC ServiceD ServiceE ServiceF ServiceG ServiceH ServiceI ServiceJ ServiceK … … … …
Lessons - DevOps Team is another core engineering team providing services that applications integrate with - We provide contracts, and service implementations that fulfil that contract - Have time to innovate and add value on top instead of handling tickets - Wherever we added heavy tests around the contract with mock applications, infrastructure quality went up - Wherever possible, we dogfood the contract to ourselves - Discuss hard before agreeing on a contract, and then go deliver - Keep it simple/small, semantic, instrumentable and usable from dev machines to prod - Adopt and reduce API surface of a mature industry contract wherever possible to avoid re-design from scratch - Not universally applicable, implementation of tool still matters - Continuously upgrade infrastructure and good UX for engineers
Feedback/Queries @rdsubhas

More Related Content

PDF
Os Kanies
oscon2007
 
PPTX
Envoy @ Lyft: developer productivity (kubecon 2.0)
Jose Ulises Nino Rivera
 
PDF
"Fintech inside of a SaaS powered by 2000+ Microservices", Volodymyr Malyk
Fwdays
 
PDF
The Java Microservice Library
Rick Hightower
 
PDF
Resume internship3 updated
KuldeepsinhJadeja13
 
PDF
Inter-Process Communication in Microservices using gRPC
Shiju Varghese
 
PPTX
From on premises monolith to cloud microservices
Albert Lombarte
 
PDF
Building Language Agnostic APIs with gRPC - JavaDay Istanbul 2017
Mustafa AKIN
 
Os Kanies
oscon2007
 
Envoy @ Lyft: developer productivity (kubecon 2.0)
Jose Ulises Nino Rivera
 
"Fintech inside of a SaaS powered by 2000+ Microservices", Volodymyr Malyk
Fwdays
 
The Java Microservice Library
Rick Hightower
 
Resume internship3 updated
KuldeepsinhJadeja13
 
Inter-Process Communication in Microservices using gRPC
Shiju Varghese
 
From on premises monolith to cloud microservices
Albert Lombarte
 
Building Language Agnostic APIs with gRPC - JavaDay Istanbul 2017
Mustafa AKIN
 

What's hot (20)

PDF
Apache Pulsar at Tencent Game: Adoption, Operational Quality Optimization Exp...
StreamNative
 
PPTX
Envoy @ Lyft: Developer Productivity
Jose Ulises Nino Rivera
 
PDF
MQTT and Apache Kafka: The Solution to Poor Internet Connectivity in Africa (...
confluent
 
PDF
Microservices in Scala - theory & practice
Łukasz Sowa
 
PDF
Event-Driven Microservices With NATS Streaming
Shiju Varghese
 
PDF
gRPC Overview
Varun Talwar
 
PDF
How Apache Pulsar Helps Tencent Process Tens of Billions of Transactions Effi...
StreamNative
 
PPT
A10 Itil Oasys Webex 090309
Open Access Systems Corporation
 
PPTX
Orion Context Broker NGSI-v2 Overview for Developers That Already Know NGSI-v...
Fermin Galan
 
PDF
"Плюси та мінуси впровадження AWS Lambda в проєкт" Віталій Григоришин
Fwdays
 
PDF
Ingesting and Processing IoT Data - using MQTT, Kafka Connect and KSQL
Guido Schmutz
 
PDF
Kong ingress controller kubernetes ingress on steroids
LibbySchulze
 
PPTX
Orion Context Broker NGSI-v2 Overview for Developers That Already Know NGSI-v...
Fermin Galan
 
PPTX
Software Defined Service Networking (SDSN) - by Dr. Indika Kumara
Thejan Wijesinghe
 
PPTX
Performance is not an Option - gRPC and Cassandra
Dave Bechberger
 
PDF
Microservices in Go with Go kit
Shiju Varghese
 
PDF
Securing Kafka At Zendesk (Joy Nag, Zendesk) Kafka Summit 2020
confluent
 
PDF
4th SDN Interest Group Seminar-Session 2-3(130313)
NAIM Networks, Inc.
 
PPTX
OAuth2 Authorization Server Under the Hood
Lohika_Odessa_TechTalks
 
PDF
Running Kafka On Kubernetes With Strimzi For Real-Time Streaming Applications
Lightbend
 
Apache Pulsar at Tencent Game: Adoption, Operational Quality Optimization Exp...
StreamNative
 
Envoy @ Lyft: Developer Productivity
Jose Ulises Nino Rivera
 
MQTT and Apache Kafka: The Solution to Poor Internet Connectivity in Africa (...
confluent
 
Microservices in Scala - theory & practice
Łukasz Sowa
 
Event-Driven Microservices With NATS Streaming
Shiju Varghese
 
gRPC Overview
Varun Talwar
 
How Apache Pulsar Helps Tencent Process Tens of Billions of Transactions Effi...
StreamNative
 
A10 Itil Oasys Webex 090309
Open Access Systems Corporation
 
Orion Context Broker NGSI-v2 Overview for Developers That Already Know NGSI-v...
Fermin Galan
 
"Плюси та мінуси впровадження AWS Lambda в проєкт" Віталій Григоришин
Fwdays
 
Ingesting and Processing IoT Data - using MQTT, Kafka Connect and KSQL
Guido Schmutz
 
Kong ingress controller kubernetes ingress on steroids
LibbySchulze
 
Orion Context Broker NGSI-v2 Overview for Developers That Already Know NGSI-v...
Fermin Galan
 
Software Defined Service Networking (SDSN) - by Dr. Indika Kumara
Thejan Wijesinghe
 
Performance is not an Option - gRPC and Cassandra
Dave Bechberger
 
Microservices in Go with Go kit
Shiju Varghese
 
Securing Kafka At Zendesk (Joy Nag, Zendesk) Kafka Summit 2020
confluent
 
4th SDN Interest Group Seminar-Session 2-3(130313)
NAIM Networks, Inc.
 
OAuth2 Authorization Server Under the Hood
Lohika_Odessa_TechTalks
 
Running Kafka On Kubernetes With Strimzi For Real-Time Streaming Applications
Lightbend
 
Ad

Similar to DevOps as a Contract (20)

PDF
Portable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
Kublr
 
PPTX
Cloud Native Transformation (Alexis Richardson) - Continuous Lifecycle 2018 ...
Weaveworks
 
PDF
Promise of DevOps
Juraj Hantak
 
PDF
Devops Interview Question PDF By ScholarHat
Scholarhat
 
PDF
Dev Ops without the Ops
Konstantin Gredeskoul
 
PDF
Confoo - DevOps & Agile Infrastructure
Will Stevens
 
PDF
Getting Started with DevOps on AWS [Mar 2020]
Dhaval Nagar
 
PDF
Immediate download DevOps for networking boost your organization's growth by ...
kapuilakna
 
PDF
Xpdays: Kubernetes CI-CD Frameworks Case Study
Denys Vasyliev
 
PDF
Devops For Networking Steven Armstrong Armstrong Steven
bosomsuaa
 
PPTX
DevNetOps Overview
James Kelly
 
PDF
GitOps 101 Presentation.pdf
ssuser31375f
 
PDF
DevOps Fest 2020. immutable infrastructure as code. True story.
Vlad Fedosov
 
PPTX
DevOps introduction helpful present.pptx
btbtc22159anshika
 
PDF
Intro to Kubernetes & GitOps Workshop
Weaveworks
 
PDF
DevOps Patterns to Enable Success in Microservices
Rich Mills
 
PDF
Innovative DevOps Project Ideas for Students to Practice with Industry.pdf
rose
 
PDF
Successful DevOps implementation for small teams a true story
Jakub Paweł Głazik
 
PDF
Continuous Lifecycle London 2018 Event Keynote
Weaveworks
 
PDF
Building effective Java applications for the Cloud: The DHARMA principles - D...
JAXLondon2014
 
Portable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
Kublr
 
Cloud Native Transformation (Alexis Richardson) - Continuous Lifecycle 2018 ...
Weaveworks
 
Promise of DevOps
Juraj Hantak
 
Devops Interview Question PDF By ScholarHat
Scholarhat
 
Dev Ops without the Ops
Konstantin Gredeskoul
 
Confoo - DevOps & Agile Infrastructure
Will Stevens
 
Getting Started with DevOps on AWS [Mar 2020]
Dhaval Nagar
 
Immediate download DevOps for networking boost your organization's growth by ...
kapuilakna
 
Xpdays: Kubernetes CI-CD Frameworks Case Study
Denys Vasyliev
 
Devops For Networking Steven Armstrong Armstrong Steven
bosomsuaa
 
DevNetOps Overview
James Kelly
 
GitOps 101 Presentation.pdf
ssuser31375f
 
DevOps Fest 2020. immutable infrastructure as code. True story.
Vlad Fedosov
 
DevOps introduction helpful present.pptx
btbtc22159anshika
 
Intro to Kubernetes & GitOps Workshop
Weaveworks
 
DevOps Patterns to Enable Success in Microservices
Rich Mills
 
Innovative DevOps Project Ideas for Students to Practice with Industry.pdf
rose
 
Successful DevOps implementation for small teams a true story
Jakub Paweł Głazik
 
Continuous Lifecycle London 2018 Event Keynote
Weaveworks
 
Building effective Java applications for the Cloud: The DHARMA principles - D...
JAXLondon2014
 
Ad

Recently uploaded (20)

PPTX
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
PDF
EN-Survey-Report-SAP-LeanIX-EA-Insights-2025.pdf
deepakkhaitan3
 
PPTX
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
PPTX
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
PDF
System and Network Administraation Chapter 3
jaramharo
 
PDF
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 
PDF
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
PDF
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
PDF
Adobe Premiere Pro 2025 (v24.5.0.057) Crack free
ghrom2211g
 
PDF
PTS Company Brochure 2025 (1).pdf.......
pts464036
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 41
ghrom2211g
 
PDF
Nekopoi APK 2025 free lastest update
umarali35kp
 
PDF
top salesforce developer skills in 2025.pdf
CloudMetic
 
PPTX
Reimagine Home Health with the Power of Agentic AI​
AutomationEdge Technologies
 
PPTX
Essential Infomation Tech presentation.pptx
pradeepjava2016
 
PDF
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
PDF
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
PDF
Odoo Companies in India – Driving Business Transformation.pdf
azhuhardeen1968
 
PDF
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 
PPTX
Odoo POS Development Services by CandidRoot Solutions
CandidRoot Solutions Private Limited
 
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
EN-Survey-Report-SAP-LeanIX-EA-Insights-2025.pdf
deepakkhaitan3
 
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
System and Network Administraation Chapter 3
jaramharo
 
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
Adobe Premiere Pro 2025 (v24.5.0.057) Crack free
ghrom2211g
 
PTS Company Brochure 2025 (1).pdf.......
pts464036
 
Internet Downloader Manager (IDM) Crack 6.42 Build 41
ghrom2211g
 
Nekopoi APK 2025 free lastest update
umarali35kp
 
top salesforce developer skills in 2025.pdf
CloudMetic
 
Reimagine Home Health with the Power of Agentic AI​
AutomationEdge Technologies
 
Essential Infomation Tech presentation.pptx
pradeepjava2016
 
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
Odoo Companies in India – Driving Business Transformation.pdf
azhuhardeen1968
 
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 
Odoo POS Development Services by CandidRoot Solutions
CandidRoot Solutions Private Limited
 

DevOps as a Contract

  • 1. DevOps as a Contract Subhas Dandapani
  • 2. - Travel ticket search and booking platform - 15 countries - 100k+ destinations - 800+ partners and providers - 20m+ monthly visitors GoEuro
  • 3. 50 to 150+ engineers 10 to 300+ services How many changes can we put in the user’s hands in a week? Centralization bottlenecks “Throw over the wall” from dev to qa to ops Exponential growth Huge infrastructure QoS requirements Making best use of available resources Doing changes fast Scaling without breaking Log/metrics explosion Challenges - circa 2017 Infrastructure Architecture All forms of integration: REST, SOAP, gRPC, Event-driven, DB-driven, File-driven, Metrics-driven Scala, Java, NodeJS, Golang, Python, ... Geo, Routing, Scheduling, Ticketing, Big Data, ... Delivery / DevOps
  • 4. Probably only way forward Distribute infrastructure ownership
  • 6. Continuous Delivery is for infrastructure too!InfrastructureMaturity ServiceA ServiceB ServiceC ServiceD ServiceE ServiceF ServiceG ServiceH ServiceI ServiceJ ServiceK … … … …
  • 7. CI as a Tool - Before: Jenkins-as-a-Tool - Huge, complex CI jobs - Partially configured by application teams and DevOps, no clear boundaries - Several dedicated release managers who needed to maintain a "mind map" of releases - Engineers having to ping DevOps teams for releases - Many CI plugins were installed for different teams - Every Jenkins or Jenkins-plugin upgrade broke random jobs - Agent configuration, auto-scaling, and job execution were also problematic - Tried JenkinsFile - but still, Jenkins as a tool! - Lots of copy-pasted config, shared functions, inability to change things as a whole from outside, code injection?, etc.
  • 8. Jenkinsfile - Inability to instrument jobs as a whole and add global shared behavior - Cannot parse code and modify AST tree - Lots of copy-pasted config, shared functions - Inability to do continuous changes on those functions - Inability to prevent tie-in with internal plugins - It’s still Jenkins-as-a-tool
  • 9. - Should be semantically understandable and instrumentable - Adopt a job definition contract - Dots (Isolated Jobs), Pipelines (Lists), or Graphs, just pick one and adopt a YAML contract CI as a Contract
  • 10. image: jenkins-plain:latest unit-tests: stage: test script: test.sh master: script: release.sh deploy-qa: environment: name: qa script: deploy.sh deploy-preprod: deploy-prod: ... CI as a Contract
  • 11. - Specify pipeline contract with container image, scripts, checkpoints, etc. - We take care of the implementation - Team adds everything else on top of this file - Build notifications, Caching, Agent allocation, Autoscaling, Analytics, Organizational context, Auditing, etc. CI as a Contract
  • 12. CI as a Contract
  • 13. - Minimal stack that we needed for every service - Artifact (JAR/WAR/Docker image/etc) - Service (shell script/initscript/systemd unit/docker container/etc) - + Supporting services (watchdogs, ancillary utilities, etc) - Configuration for different environments - Multiple Instances of the stack - Connected to traffic (networking, firewall, load balancer) - Stack as a unit - Let’s worry about post-deployment activities next Configuration Management
  • 14. - Fulfilling the minimal package - Distribute chef cookbooks + librarian chef + chef apply - Or ansible playbooks + ansible galaxy + ansible apply - Or puppet/salt/... - Distribute terraform with strict credentials + terraform apply - Distribute <X> container orchestrator + apply - Distribute Kubernetes resources + kubectl apply - Core difference between these tools? Configuration Management
  • 15. Kubernetes as a Contract Instance = Podspec Running unit = Container spec Multiple Instances = Deployment spec Configuration = ConfigMap spec Traffic = Service, Ingress spec All modeled as JSON or YAML, but has a standard contract/spec kind: Deployment metadata: name: {{ .Values.name }} namespace: {{ .Values.name }} spec: replicas: 5 … … … containers: - name: my-app image: my-container:latest resources: requests: cpu: … memory: … limits: cpu: … memory: … livenessProbe: httpGet: path: /_system/health env: ...
  • 16. Application Stack Kubernetes API Server Open, Secure HTTPS Protocol Kubernetes responds to fulfil what has been applied Artifact = Docker image Instance = Pod Running unit = Container Multiple Instances = Deployment Configuration = ConfigMap Traffic = Service, Ingress All modeled as JSON or YAML, but has a standard Resource spec kubectl apply
  • 17. API Proxy Validation, Linting, Org-wide standards, etc. Application Stack Stack spec kubectl apply Kubernetes API
  • 18. Kubernetes as a Contract - Health checks must exist - CPU/memory must exist - Images must not be external - Entrypoint is for us, Script is for app - No alpha/beta stuff - Whitelisted resources, separate stateful & stateless clusters - Minimum 2 replicas - Similar for all resources kind: Deployment metadata: name: {{ .Values.name }} namespace: {{ .Values.name }} spec: replicas: 5 … … … containers: - name: my-app image: my-container:latest resources: requests: cpu: … memory: … limits: cpu: … memory: … livenessProbe: httpGet: path: /_system/health env: ...
  • 19. API Proxy Validation, Linting, Org-wide standards, etc. Cloud Resources as a Contract Model your own contract e.g. Cloud Bucket as a YAML kubectl apply Kubernetes API / Custom controllers
  • 20. Application Stack - Using Kubernetes since 1.2 and on 1.10 right now - Avoiding kubernetes API maze - “src” and “ops” in every repository, completely self-contained - Kubernetes upgrades go exactly as planned as we know what workloads are running, and how to orchestrate/change the workloads - Multiple features and standards rolled out to everyone who uses kubernetes clusters - Stateful and Stateless clusters separate from Day 1 - Not using kubernetes/helm as a tool, but as a contract
  • 22. Logging as a Tool - Logstash as a tool - Hundreds of custom logstash transformations, pipelines, ports - Snowflake configs for different fields for each service - Slow, ticketed bootstrap process for new services - Explosion of indices - Multiple different ways to push logs from applications
  • 23. Logging as a Contract - Print logs on STDOUT, and they will come up on Kibana - If it’s JSON, you get structured fields - If it’s plain, you get plain message - Standard enrichment rules to avoid stepping on each other’s toes: - <field>_i = integer, <field>_s = string, <field>_geo = geo with lat/long, <field>_txt = text, etc. - No application-specific code in logstash anymore - Everything else taken care by team - Scaling, Rotation, Retention, etc.
  • 24. Routing as a Tool - Started with one router handling all traffic, hardcoded service discovery - As more services grew, more custom and inconsistent routing rules - Nested rewrites and redirects, and randomly captured URL paths - Most services had to carry custom nginx forwarders - Proxies, then proxies-inside-proxies, etc. - Unmanageable routing graph - Complicated procedure to setup a new application - Monitoring/logs was a different problem altogether
  • 25. - Adopted Ingress as a Contract - Every service was assigned fixed route based on namespace - Consistent and predictable routing - Team adds value on top of the contract - Automatic logging and monitoring - Global health and SLA checks - Extensive instrumentation and tracing - Scalability - Load balancing - Edge gateways - Cross-zone failovers - Dashboards and network policies Routing as a Contract
  • 26. Monitoring as a Contract - Only tool-driven area in organization - Prometheus as a Contract is great - But we have some way to go (clustering, sharding, etc)
  • 27. - All containers auto-injected with secrets - Non-org images blacklisted in the API proxy - GDPR as a contract - ... - In all the cases, tool is secondary, contract is discussed and agreed upon first Security as a Contract
  • 29. Continuous delivery for operationsInfrastructureMaturity ServiceA ServiceB ServiceC ServiceD ServiceE ServiceF ServiceG ServiceH ServiceI ServiceJ ServiceK … … … …
  • 30. Lessons - DevOps Team is another core engineering team providing services that applications integrate with - We provide contracts, and service implementations that fulfil that contract - Have time to innovate and add value on top instead of handling tickets - Wherever we added heavy tests around the contract with mock applications, infrastructure quality went up - Wherever possible, we dogfood the contract to ourselves - Discuss hard before agreeing on a contract, and then go deliver - Keep it simple/small, semantic, instrumentable and usable from dev machines to prod - Adopt and reduce API surface of a mature industry contract wherever possible to avoid re-design from scratch - Not universally applicable, implementation of tool still matters - Continuously upgrade infrastructure and good UX for engineers