2023-09-28-AWS Las Palmas UG - Dynamic Anti-Frigile Systems.pdf

A DevOps Journey:
From server configuration to immutable infrastructure
AWS Las Palmas UG
2023-09-28

www.ﬁvexl.io | hello@ﬁvexl.io
But infrastructure as
code is not the end goal,
right?

Typical business
needs /
problems
Not able to ship changes fast enough
Not able to scale system to meet
demand
Hard to manage / change large scale
systems
Disaster recovery / Fragile systems
Security / compliance

Dynamic Antifragile Systems
AWS Las Palmas UG
2023-09-28

Andrey Devyatkin
Co-Host at DevSecOps
Talks podcast
Cloud Engineering
Specialist
AWS Community
Builder
Co-Founder at FivexL
Happy Las Palmas
resident

Dynamic
Antifragile
System
Service discovery
Immutable infrastructure as code
Zero Trust

How do we end up with
static and fragile infra in
the ﬁrst place? 🤔

Single server
ClickOps
Manage over ssh
Install nginx with
letsencrypt
scp code
https://cdn2.iconﬁnder.com/data/icons/amazon-aws-stencils/100/Compute__N
etworking_copy_Amazon_EC2_Instance-512.png
NewProd,
34.45.56.78
Stage,
34.45.58.11

NewProd? What
happened to the old one?

Conﬁguration Drift is the
phenomenon where servers in
an infrastructure become more
and more different from one
another as time goes on, due to
manual ad-hoc changes and
updates, and general entropy.
Keif Morris
http://kief.com/conﬁguration-drift.html

Configuration changes are
regularly needed to tweak the
environment so that it runs
efficiently and communicates
properly with other systems. This
requires some mix of
command-line invocations,
jumping between GUI screens, and
editing text files.
The result is a unique snowflake -
good for a ski resort, bad for a data
center.
Martin Fowler
https://martinfowler.com/bliki/SnowflakeServer.html

More traffic
Move nginx to a
separate server,
static routing
Add more servers
Make sure that all
servers have the
same configuration
scp code
https://cdn2.iconfinder.com/data/icons/amazon-aws-stencils/100/Compute__N
etworking_copy_Amazon_EC2_Instance-512.png
NewProd,
34.45.56.78
Prod2,
34.45.60.23
Nginx,
34.44.23.67

More trafﬁc
More servers
Consistency
Management
Need for automation
https://www.lacisoft.com/blog/wp-content/uploads/2016/05/logo-amazon-elas
tic-load-balancing.png
NewProd,
34.45.56.78
Prod2,
34.45.60.23
ProdTmp,
34.45.80.72
Prod3,
34.50.57.71
Nginx,
34.44.23.67

First attempts at
automation
Tool-ﬁrst thinking
Replace bash with
the specialized tool
Kind of consistency
Manual scaling
NewProd,
34.45.56.78
Prod2,
34.45.60.23
ProdTmp,
34.45.80.72
Prod3,
34.50.57.71
Nginx,
34.44.23.67

Adding containers
Start containers
instead of copying
code
Some would do
docker-compose
Leap to orchestrators
NewProd,
34.45.56.78
Prod2,
34.45.60.23
ProdTmp,
34.45.80.72
Prod3,
34.50.57.71
https://www.docker.com/sites/default/ﬁles/d8/2019-07/Moby-logo.png
Nginx,
34.44.23.67

https://www.thoughtworks.com/insights/blog/infrastructure-code-automation-fear-spiral

Conﬁguration synchronization
https://martinfowler.com/bliki/ConﬁgurationSynchronization.html

Can we do better?

Phoenix server

Phoenix server
https://martinfowler.com/bliki/ImmutableServer.html

So if I kill my servers often enough and
provision them with Ansible then I’m doing
immutable conﬁguration as code?

So if I kill my servers often enough and
provision them with Ansible then I’m doing
immutable conﬁguration as code?
Is it good enough?

Immutable server
https://martinfowler.com/bliki/ImmutableServer.html

Switch over to ASG
Requires ready to
use image
Allows for scale
in/out
No ssh needed
No pet names,
dynamic
https://tudip.com/wp-content/uploads/2018/12/autoscaling-group.png

Can we call ASG an orchestrator for VMs?

https://static.packt-cdn.com/products/9781788992329/graphics/0ee3d4cf-2133-4143-a7c4-690274483841.png
https://miro.medium.com/max/2560/1*gVNbunchCV5wXgnwlT-iGg.jpeg

Can we take immutable
VM to the next level?

ContainerOS
https://techcrunch.com/wp-content/uploads/2020/03/Site-Merch_Bottlerocket_Standalone_Squid.6738132bb3477edd8ed80646a366cfc8f474e6f2.png

AWS
BottleRocket
API access for configuring your system
Updates based on partition flips, for
fast and reliable system updates
Modeled configuration that's
automatically migrated through updates
Security as a top priority
Written in Rust
https://github.com/bottlerocket-os/bottlerocket

https://github.com/bottlerocket-os/bottlerocket

Is there a next level for
VMs?

MicroVM
Unikernels
Nanos Unikernel
OSv
includeOS
MirageOS
Unikernels are specialised single process operating systems.

https://anglehit.com/wp-content/uploads/2020/04/Unikernels.png

https://nanovms.gitbook.io/ops/aws

ASG/Unikernel
No containers
No orchestrators
No new abstractions
No conﬁguration
drift
https://tudip.com/wp-content/uploads/2018/12/autoscaling-group.png

Yeah, unikernels are
dope
But we are doing
Kubernetes!

Wait!
Are we back to
conﬁguration
synchronization?
https://miro.medium.com/max/1510/1*e4w0j0SUdsfx_U7hdHHpyw.png

GitOps
Cloud conﬁg via GitOps
Broken feedback loop
Branching
Conﬁguration drift

How do we do
immutable infra for K8S
cluster?
Time to time you have to take a step back to take two forward

Probably the best
for today
ContainerOS
Containers
Managed container
orchestrator
Automated scaling
Auto Scaling Group

Recap

Infrastructure as Code
Challenges
Server Sprawl
Configuration Drift
Snowflake Servers
Goals
IT infrastructure supports and enables change.
Changes to the system are routine, without drama or
stress for users or IT staff.
IT staff spends their time on valuable things that engage
their abilities.
Users are able to define, provision, and manage the
resources they need.
Teams are able to easily and quickly recover from failures.
Improvements are made continuously.
Solutions to problems are proven through implementing,
testing, and measuring.
Fragile Infrastructure
Automation Fear
Erosion

Configuration
Synchronization
Still leaves the possibility of configuration drift
A first good step comparing to doing it manually
Slow scaling, far from dynamic
Often used for bare-metal setups
Apparently for K8S
Might be a necessary evil
https://www.oreilly.com/library/view/infrastructure-as-code/9781491924334/ch01.html

Immutable
infrastructure
Great for security
Takes more work to implement
Easy to recreate systems
Resilient/self-healing dynamic systems
Focus on business goals

Tomorrow?
Immutable k8s?
Unikernels/microvm?
Serverless?

Thank you
@andrey9kin
https://ﬁvexl.io
https://andreydevyatkin.com
https://www.linkedin.com/in/andreydevyatkin/
https://devsecops.fm

2023-09-28-AWS Las Palmas UG - Dynamic Anti-Frigile Systems.pdf

Recommended

Recommended

More Related Content

Similar to 2023-09-28-AWS Las Palmas UG - Dynamic Anti-Frigile Systems.pdf

Similar to 2023-09-28-AWS Las Palmas UG - Dynamic Anti-Frigile Systems.pdf (20)

More from Andrey Devyatkin

More from Andrey Devyatkin (15)

Recently uploaded

Recently uploaded (20)

2023-09-28-AWS Las Palmas UG - Dynamic Anti-Frigile Systems.pdf