DevOps Days Kyiv 2019 -- Immutable everywhere // Sergii Marchenko
- 1. Immutable everywhere By Sergii Marchenko
- 3. Immutable infra principles 1. Don’t install new software 2. Don’t update servers 3. Don’t change configs 4. Don’t update code 5. Just one thing you can do with the current infa - DELETE IT
- 4. Immutable infra principles Need a change in infra? Make the change in the code, build, deploy a new artifact, delete the old one.
- 5. Docker brings immutable approach Software update? Build a new image, replace the old one. Config update? Build a new image, replace the old one. Deploy a new code version? Build a new image, replace the old one.
- 6. Spread immutable approach 1. Don’t stop on images 2. K8S cluster or any physical server can be immutable as well 3. AWS/GCP/Azure subscriptions, accounts 4. Even keys structures
- 9. Immutable keys structure /$structure_version/keys For example: /e1/prod/identity /e1/stg/identity /e2/identity/prod /e2/identity/stg
- 10. Immutable keys structure Actions steps: 1. Separate keys (automatically created or manually)
- 11. Immutable keys structure Actions steps: 1. Run scripts from top to bottom: a. Account wide/Global b. Shared resources (K8S clusters, SQL DBs, etc) c. Containers, applications
- 12. Immutable Subscription structure 1. You have to review all the resources and check the billing 2. You have to find and delete unused, deprecated resources 3. Change the current structure (RBAC, Resource Groups) 4. Something may be configured manually
- 14. Immutable Subscription structure 1. RBAC is described in code 2. Resource Groups are in code 3. All resources (K8S, VMs, SQL)
- 15. Subscription structure 1. Don’t do this all time, but create approaches to make it smooth 2. If a change is really big (migrating from one technology to another, massive RBAC changes), it’s much easier to create everything from scratch
- 16. While a yak is shaving, your business is losing money Don’t re-configure the current resources, create new!
- 17. Immutability trade-off 1. Persistent data 2. Works in clouds, it’s hard to implement on hardware (NOT 100%)
- 18. Immutability trade-off 1. Automation tests (QA automation team) is must 2. IaC is compulsory
- 19. A release in DevOps era