OSS Collaboration & Contribution: How Netflix Drives Industry Engagement
Your SlideShare is downloading.
×
Check these out next
Recommended
More Related Content
Slideshows for you (20)
Similar to Want Digitalisation, have Cloud - DevSecOps Days 2021 - Schlomo Schapiro (20)
More from Schlomo Schapiro (20)
Recently uploaded (20)
Want Digitalisation, have Cloud - DevSecOps Days 2021 - Schlomo Schapiro
- 1. Want Digitalisation, Have Cloud How DevOps and Automated Governance Enable the Digitalisation of Deutsche Bahn 03.03.2021 | Schlomo Schapiro | Chief Technology Office, DB Systel
- 2. DB Systel | Schlomo Schapiro | 03.03.2021 2 Engineering Teams git ? CI CD
- 3. … if every person uses the same tool for the same job … codified knowledge - everybody contributes his part to common automation … if all people have the same privileges in their tooling … if human error is equally possible for Dev and Ops … replacing people interfaces by automated decisions and processes ... a result DevOps is DB Systel | Schlomo Schapiro | 03.03.2021 3 bit.ly/5devops
- 4. Have Cloud … DB Systel | Schlomo Schapiro | 03.03.2021 4 Deutsche Bahn AG / Wolfgang Klee DB95919 before • fully self hosted • 2 data centres • hardware & virtualisation 2016-2020 • 1st vendor • sold data centres • “Lift & Shift” migration • 2nd vendor 2021 ff • Cloud native • optimize after Lift & Shift • compliance automation
- 5. Want Digitalisation … DB Systel | Schlomo Schapiro | 03.03.2021 5 IT quota grows exponentially, no problem can be solved without IT All IT processes are much more integrated and networked, API first … Growth factor of IT much bigger than increase in IT staff → IT “production efficiency” must increase More IT in business units → decentralisation of IT skills (BizDevOps) Increasing IT compliance requirements Utilise public cloud offerings to drive innovation – have viable cloud exit strategy https://pixabay.com/de/photos/social-media-digitalisierung-2528410/
- 6. As an IT team we want … DB Systel | Schlomo Schapiro | 03.03.2021 6 Deliver great product / service Focus on our product / service Use good tools & platforms Know which internal processes to deal with Reduce overhead with internal processes Comply with company policies without pains Know about relevant company policies Use standard solutions for common problems No dependencies to other teams Deutsche Bahn AG / Oliver Lang DB187733
- 7. Solution Approach DB Systel | Schlomo Schapiro | 03.03.2021 7 Organisational Frameworks Technology Frameworks Policy as Code Acceptable Means of Compliance Simplify Policies Budgets for Compliance Standardized Tooling Hands-Off Operations
- 8. Cost & Effort of Compliance Checking? DB Systel | Schlomo Schapiro | 03.03.2021 8 git ? CI CD Policy 1 Policy N … Policy 1 Policy N … 500+ Teams git ? CI CD Central “IT Compliance” Team
- 9. Policy on Paper DB Systel | Schlomo Schapiro | 03.03.2021 9 Policy 1 Policy N git ? CI CD … Policy on Paper (low cost) No coordination between policies required Every Engineering Team interprets policies anew Every Engineering Team implements own policy checking Distributed Cost of Compliance Checking
- 10. Policy as Code – Compliance Automation DB Systel | Schlomo Schapiro | 03.03.2021 10 Policy 1 Policy N … git ? CI CD Central “IT Compliance” Team IT Compliance Team converts policies to code Every Engineering Team uses common policy checking code as acceptable means of compliance Centralized Cost of Compliance Checking Feedback cycle policy ⇔ code
- 11. DB Systel | Schlomo Schapiro | 03.03.2021 11 Problem? What is governance? Ø Align IT strategy with business strategy Ø Make sure we have and keep rules
- 12. Compliance Automation is Very Hard! DB Systel | Schlomo Schapiro | 03.03.2021 12 How to check? Automation friendly?
- 13. DB Systel | Schlomo Schapiro | 03.03.2021 13 git ? CI CD Engineering Teams
- 14. DB Systel | Schlomo Schapiro | 03.03.2021 14 git ? CI CD WHAT HOW Declarative Descriptions Deployment Automation Test for Compliance Test for Correctness Product Teams Platform Teams
- 15. DB Systel | Schlomo Schapiro | 03.03.2021 15 User CI/CD git push trigger deploy 1. CI-Ops User Git Ops git push trigger deploy delete 2. Simple GitOps GitOps Magic User Git Ops git push monitor git pull deploy delete monitor 3. GitOps Controller (git push)
- 16. Test for Compliance Declarative Descriptions Example DB Systel | Schlomo Schapiro | 03.03.2021 16 stage_deploy: script: - ssh user@host "mkdir htdocs/_tmp" - scp -r build/* user@host:htdocs/_tmp - ssh user@host "mv htdocs/live htdocs/_old && mv htdocs/_tmp htdocs/live" - ssh user@host "rm -rf htdocs/_old" gitlab-ci.yaml stage_deploy: image: deploy_with_ssh script: config.properties gitlab-ci.yaml #!/bin/bash source "$1" ssh $TARGET "mkdir $DIR/_tmp" scp -r $SRC/* "$TARGET:$DIR/_tmp" ssh $TARGET "mv $DIR/$NAME $DIR/_old && mv $DIR/_tmp $DIR/$NAME" ssh $TARGET "rm -rf $DIR/_old" Docker Image deploy_with_ssh ENTRYPOINT TARGET=user@host SRC=build DIR=htdocs NAME=live config.properties Test for Correctness Source: https://docs.gitlab.com/ee/ci/examples/deployment/composer-npm-deploy.html
- 17. Test for Compliance Declarative Descriptions Example DB Systel | Schlomo Schapiro | 03.03.2021 17 stage_deploy: script: - ssh user@host "mkdir htdocs/_tmp" - scp -r build/* user@host:htdocs/_tmp - ssh user@host "mv htdocs/live htdocs/_old && mv htdocs/_tmp htdocs/live" - ssh user@host "rm -rf htdocs/_old" gitlab-ci.yaml stage_deploy: image: deploy_with_ssh script: config.properties gitlab-ci.yaml #!/bin/bash source "$1" ssh $TARGET "mkdir $DIR/_tmp" scp -r $SRC/* "$TARGET:$DIR/_tmp" ssh $TARGET "mv $DIR/$NAME $DIR/_old && mv $DIR/_tmp $DIR/$NAME" ssh $TARGET "rm -rf $DIR/_old" Docker Image deploy_with_ssh ENTRYPOINT TARGET=user@host SRC=build DIR=htdocs NAME=live config.properties Test for Correctness Source: https://docs.gitlab.com/ee/ci/examples/deployment/composer-npm-deploy.html C o d e ( H o w ) Config (W hat)
- 18. Declarative Descriptions → Automated Governance DB Systel | Schlomo Schapiro | 03.03.2021 18 Config Tools Cloud Formation aws cf create Kubernetes Manifest kubectl apply Swagger YAML Terraform YAML … AndroidManifest.xml … Test Strategy Static Code Analysis Linting Integration Tests Unit Tests
- 19. Declarative Descriptions → Automated Governance DB Systel | Schlomo Schapiro | 03.03.2021 19 Config Cloud Formation Kubernetes Manifest Swagger YAML Terraform YAML … AndroidManifest.xml Compliance Check cfn-nag: Linting tool for CloudFormation templates K8S Admission Controller / OPA Gatekeeper zally: A minimalistic, simple-to-use API linter terraform-compliance.com . . . Tools aws cf create kubectl apply … ? CI CD Compliant! Automated Compliance Checks as Quality Gate for Deployments
- 20. GitOps DB Systel | Schlomo Schapiro | 03.03.2021 20
- 21. GitOps & Compliance Automation DB Systel | Schlomo Schapiro | 03.03.2021 21 GitOps Operations Model provides ideal interface for compliance automation: A central place where every change passes by in a machine-readable format. GitOps enables true hands- off operations, reducing IT costs & efforts. Nutzer Git Ops git push monitor git pull deploy delete monitor 3. GitOps Controller (git push) Compliance Checks
- 22. Everything as code Managed Pipeline git commit Feedback-/ Improvement-Loop GitLab CI Certified Changes – Compliant by default! Certified Space AWS Azure K8S DB custom cloud services (DNS, Proxy …) DB Systel | Schlomo Schapiro | 03.03.2021 22 Non Functional Requirements Automation „on the border“ to the certified space
- 23. The result: DB Systel | Schlomo Schapiro | 03.03.2021 23 Organisational Frameworks Technology Frameworks Business Team Business Team Business Team Business Team Business Team Platform Team Platform Team Infrastructure Infrastructure Infrastructure Infrastructure Infrastructure Infrastructure Infrastructure Automation DevOps Continuous Delivery Cloud Platforms Compliant by default!
- 24. Thank you very much DB Systel | Schlomo Schapiro | 03.03.2021 24 Further reading: Heft 4/2021 ab 18.03. All my related content: bit.ly/5devops @schlomoschapiro Q&A
