SlideShare a Scribd company logo

FOSDEM 2021 - Infrastructure as Code Drift & Driftctl

Stephane Jourdan
Stephane Jourdan

FOSDEM 2021 - Infrastructure as Code Drift & Driftctl

Software
1 of 34
Download to read offline
Infrastructure as Code drifts aren’t like Pokemon You can’t catch them all
whoami Stephane Jourdan: - @sjourdan (Twitter, GitHub, GitLab,…) - 20 years (Dev)Ops - Co-founded 3 tech companies (CAN/EU) and 1 sound studio. - Driftctl tool co-founder! github.com/cloudskiff/driftctl - “Infrastructure-as-Code Cookbook” author
Agenda - IaC: How it started (3mn) - IaC: How it’s going (6mn) - Let’s drift! (5mn) - Existing solutions (2mn) - Driftctl CLI demo! (5mn) - Q&A (5mn)
Definition Infrastructure Drift / ˈɪn frəˌstrʌk tʃər drɪft / Noun 1. happens when the reality and the expectations don’t match. Synonyms for Infrastructure Drift 1. omg
How It Started
How It Started
How It Started A single source of truth!
How It Started A single source of truth! Versioning!
How It Started A single source of truth! Versioning! The code is the documentation!
How It Started A single source of truth! Versioning! The code is the documentation! Testing!
How It Started A single source of truth! Versioning! The code is the documentation! Testing! Collaboration FTW!
How It Started A single source of truth! Versioning! The code is the documentation! Testing! Collaboration FTW! Immutable Infrastructure!
How It Started A single source of truth! Versioning! The code is the documentation! Testing! Collaboration FTW! Immutable Infrastructure! GitOps!
How It Started A single source of truth! Versioning! The code is the documentation! Testing! Collaboration FTW! Immutable Infrastructure! GitOps! CI/CD!
How It Started A single source of truth! Versioning! The code is the documentation! Testing! Collaboration FTW! Immutable Infrastructure! GitOps! CI/CD! No more local stuff!
How It Started A single source of truth! Versioning! The code is the documentation! Testing! Collaboration FTW! Immutable Infrastructure! GitOps! CI/CD! No more local stuff! Credentials under control!
How It Started A single source of truth! Versioning! The code is the documentation! Testing! Collaboration FTW! Immutable Infrastructure! GitOps! CI/CD! No more local stuff! Credentials under control! Multi-Cloud!
How It Started A single source of truth! Versioning! The code is the documentation! Testing! Collaboration FTW! Immutable Infrastructure! GitOps! CI/CD! No more local stuff! Credentials under control! Multi-Cloud! Skills!
How It Started A single source of truth! Versioning! The code is the documentation! Testing! Collaboration FTW! Immutable Infrastructure! GitOps! CI/CD! No more local stuff! Credentials under control! Multi-Cloud! Skills! Time!
“Do not expect Plato's ideal republic” Marcus Aurelius, Roman Emperor (and hundreds of us in interview) How It’s Going
■ Changes happen outside of IaC (lambdas, scripts, manual…) How It’s Going
■ Changes happen outside of IaC (lambdas, scripts, manual…) ■ Commits don’t include the full scope of change ■ The code documents a partial reality (half-blind), borken processes ■ No one had time to learn & write IaC tests (and they are too costly to run anyway) ■ E_TOO_MANY_TEAMS ; async(false); ■ People still run terraform on their laptop, full CI/CD setup too complicated ■ The move to immutable infrastructure still didn’t happen last year, too bad ■ My [“boss”, “customer”, “coworker”] needs full console access for ${REASON} ■ All team members aren’t still skilled on every IaaS provider ■ Not everything that has an API is yet under IaC (GitHub etc.) How It’s Going
■ Drift! How It’s Going "Drift Car Demo" by iDream_in_Infrared is licensed under CC BY-NC-ND 2.0
■ Drift! How It’s Going "Crash at St.Marys Corner - Andrew Beaumont - LDS Alfa Romeo - Glover Trophy practice - Goodwood Revival 2013 - Driver ok" by PSParrot is licensed under CC BY 2.0
While we use and love Terraform (and other Hashicorp products), Terraform is an excellent provisioner. But it’s not a tool meant to manage what’s outside its scope! And security / compliance tools are another type of software. But...Terraform plan/apply!
Stories!
How an intern with read-only access ended up with rogue Administrative access and keys - without anyone noticing Quick AWS IAM Story
How an intern with rogue Administrative access opened everything to anyone on IPv4 & IPv6 - without anyone noticing Quick AWS Security Group Story
How a scripting issue created a billing nightmare - With only billing noticing Quick AWS S3 Story
■ CI/CD Integration (Jenkins, Terraform Cloud, Atlantis, env0…) ■ Static Analysis (Checkov, TFLint, TFSec,…) ■ Testing & Verification (Terratest, InSpec,...). ■ Policy & Compliance (Sentinel,…) Existing Solutions
driftctl Our own open-source solution for drift management
driftctl Our own open-source solution for drift management
driftctl Our own open-source solution for drift management ■ AWS Support (more to come) ■ Terraform State support (local/S3) ■ Filtering & Ignore support ■ Written in Go ■ Apache 2.0 License
FLOSS CLI that tracks, analyzes, prioritizes, and warns of infrastructure drift cloudskiff/driftctl About driftctl Take control of infrastructure drift

Recommended

Hashitalks 2021 Infrastructure Drift & Driftctl
Hashitalks 2021 Infrastructure Drift & Driftctl Hashitalks 2021 Infrastructure Drift & Driftctl
Hashitalks 2021 Infrastructure Drift & Driftctl Stephane Jourdan
 
20140708 - Jeremy Edberg: How Netflix Delivers Software
20140708 - Jeremy Edberg: How Netflix Delivers Software20140708 - Jeremy Edberg: How Netflix Delivers Software
20140708 - Jeremy Edberg: How Netflix Delivers SoftwareDevOps Chicago
 
Microservices reativos usando a stack do Netflix na AWS
Microservices reativos usando a stack do Netflix na AWSMicroservices reativos usando a stack do Netflix na AWS
Microservices reativos usando a stack do Netflix na AWSDiego Pacheco
 
Netflix oss season 2 episode 1 - meetup Lightning talks
Netflix oss season 2 episode 1 - meetup Lightning talksNetflix oss season 2 episode 1 - meetup Lightning talks
Netflix oss season 2 episode 1 - meetup Lightning talksRuslan Meshenberg
 
NetflixOSS: The Netflix Way
NetflixOSS: The Netflix WayNetflixOSS: The Netflix Way
NetflixOSS: The Netflix WayDiego Pacheco
 
56k.cloud intro and pitch deck
56k.cloud intro and pitch deck56k.cloud intro and pitch deck
56k.cloud intro and pitch deckBrian Christner
 
Netflix Cloud Platform and Open Source
Netflix Cloud Platform and Open SourceNetflix Cloud Platform and Open Source
Netflix Cloud Platform and Open Sourceaspyker
 
CS80A Foothill College Open Source Talk
CS80A Foothill College Open Source TalkCS80A Foothill College Open Source Talk
CS80A Foothill College Open Source Talkaspyker
 

Recommended

Hashitalks 2021 Infrastructure Drift & Driftctl
Hashitalks 2021 Infrastructure Drift & Driftctl Hashitalks 2021 Infrastructure Drift & Driftctl
Hashitalks 2021 Infrastructure Drift & Driftctl Stephane Jourdan
 
20140708 - Jeremy Edberg: How Netflix Delivers Software
20140708 - Jeremy Edberg: How Netflix Delivers Software20140708 - Jeremy Edberg: How Netflix Delivers Software
20140708 - Jeremy Edberg: How Netflix Delivers SoftwareDevOps Chicago
 
Microservices reativos usando a stack do Netflix na AWS
Microservices reativos usando a stack do Netflix na AWSMicroservices reativos usando a stack do Netflix na AWS
Microservices reativos usando a stack do Netflix na AWSDiego Pacheco
 
Netflix oss season 2 episode 1 - meetup Lightning talks
Netflix oss season 2 episode 1 - meetup Lightning talksNetflix oss season 2 episode 1 - meetup Lightning talks
Netflix oss season 2 episode 1 - meetup Lightning talksRuslan Meshenberg
 
NetflixOSS: The Netflix Way
NetflixOSS: The Netflix WayNetflixOSS: The Netflix Way
NetflixOSS: The Netflix WayDiego Pacheco
 
56k.cloud intro and pitch deck
56k.cloud intro and pitch deck56k.cloud intro and pitch deck
56k.cloud intro and pitch deckBrian Christner
 
Netflix Cloud Platform and Open Source
Netflix Cloud Platform and Open SourceNetflix Cloud Platform and Open Source
Netflix Cloud Platform and Open Sourceaspyker
 
CS80A Foothill College Open Source Talk
CS80A Foothill College Open Source TalkCS80A Foothill College Open Source Talk
CS80A Foothill College Open Source Talkaspyker
 
Kenzan Spinnaker Meetup
Kenzan Spinnaker MeetupKenzan Spinnaker Meetup
Kenzan Spinnaker MeetupAmbassador Labs
 
Whats new in brigade 2
Whats new in brigade 2Whats new in brigade 2
Whats new in brigade 2LibbySchulze
 
Kubecon seattle 2018 workshop slides
Kubecon seattle 2018 workshop slidesKubecon seattle 2018 workshop slides
Kubecon seattle 2018 workshop slidesWeaveworks
 
Is your kubernetes negative or positive
Is your kubernetes negative or positive Is your kubernetes negative or positive
Is your kubernetes negative or positive LibbySchulze
 
OpenInfraDays2019 Mastering Openstack the DevOps way
OpenInfraDays2019 Mastering Openstack the DevOps wayOpenInfraDays2019 Mastering Openstack the DevOps way
OpenInfraDays2019 Mastering Openstack the DevOps wayscott liao
 
DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA Docker, Inc.
 
Tracking Huge Files with Git LFS
Tracking Huge Files with Git LFSTracking Huge Files with Git LFS
Tracking Huge Files with Git LFSAtlassian
 
SpringOne 2016 in a nutshell
SpringOne 2016 in a nutshellSpringOne 2016 in a nutshell
SpringOne 2016 in a nutshellJeroen Resoort
 
Netflix Open Source Meetup Season 3 Episode 2
Netflix Open Source Meetup Season 3 Episode 2Netflix Open Source Meetup Season 3 Episode 2
Netflix Open Source Meetup Season 3 Episode 2aspyker
 
Why Swift on the server?
Why Swift on the server?Why Swift on the server?
Why Swift on the server?ibmmobile
 
Introducing Pico - A Deep Learning Platform using Docker & IoT - Sangam Biradar
Introducing Pico - A Deep Learning Platform using Docker & IoT - Sangam BiradarIntroducing Pico - A Deep Learning Platform using Docker & IoT - Sangam Biradar
Introducing Pico - A Deep Learning Platform using Docker & IoT - Sangam Biradarsangam biradar
 
A DevOps State of Mind with Microservices, Containers and Kubernetes
A DevOps State of Mind with Microservices, Containers and KubernetesA DevOps State of Mind with Microservices, Containers and Kubernetes
A DevOps State of Mind with Microservices, Containers and KubernetesAll Things Open
 
Triangle Devops Meetup 10/2015
Triangle Devops Meetup 10/2015Triangle Devops Meetup 10/2015
Triangle Devops Meetup 10/2015aspyker
 
Datadog- Monitoring In Motion
Datadog- Monitoring In Motion Datadog- Monitoring In Motion
Datadog- Monitoring In Motion Cloud Native Apps SF
 
10 Steps to Cloud Happiness
10 Steps to Cloud Happiness10 Steps to Cloud Happiness
10 Steps to Cloud HappinessAll Things Open
 
Netflix and Containers: Not A Stranger Thing
Netflix and Containers: Not A Stranger ThingNetflix and Containers: Not A Stranger Thing
Netflix and Containers: Not A Stranger Thingaspyker
 
Infrastructure as Code
Infrastructure as CodeInfrastructure as Code
Infrastructure as CodePrasant Kumar
 
Docker
DockerDocker
DockerDiego Pacheco
 
Docker Serverless
Docker ServerlessDocker Serverless
Docker ServerlessBrian Christner
 
Software Delivery at Warp Speed: Five Essential Techniques
Software Delivery at Warp Speed: Five Essential TechniquesSoftware Delivery at Warp Speed: Five Essential Techniques
Software Delivery at Warp Speed: Five Essential TechniquesAtlassian
 
stackconf 2021 | Why you should take care of infrastructure drift
stackconf 2021 | Why you should take care of infrastructure driftstackconf 2021 | Why you should take care of infrastructure drift
stackconf 2021 | Why you should take care of infrastructure driftNETWAYS
 
Teaching Elephants to Dance (Federal Audience): A Developer's Journey to Digi...
Teaching Elephants to Dance (Federal Audience): A Developer's Journey to Digi...Teaching Elephants to Dance (Federal Audience): A Developer's Journey to Digi...
Teaching Elephants to Dance (Federal Audience): A Developer's Journey to Digi...Burr Sutter
 

More Related Content

What's hot

Whats new in brigade 2
Whats new in brigade 2Whats new in brigade 2
Whats new in brigade 2LibbySchulze
 
Kubecon seattle 2018 workshop slides
Kubecon seattle 2018 workshop slidesKubecon seattle 2018 workshop slides
Kubecon seattle 2018 workshop slidesWeaveworks
 
Is your kubernetes negative or positive
Is your kubernetes negative or positive Is your kubernetes negative or positive
Is your kubernetes negative or positive LibbySchulze
 
OpenInfraDays2019 Mastering Openstack the DevOps way
OpenInfraDays2019 Mastering Openstack the DevOps wayOpenInfraDays2019 Mastering Openstack the DevOps way
OpenInfraDays2019 Mastering Openstack the DevOps wayscott liao
 
DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA Docker, Inc.
 
Tracking Huge Files with Git LFS
Tracking Huge Files with Git LFSTracking Huge Files with Git LFS
Tracking Huge Files with Git LFSAtlassian
 
SpringOne 2016 in a nutshell
SpringOne 2016 in a nutshellSpringOne 2016 in a nutshell
SpringOne 2016 in a nutshellJeroen Resoort
 
Netflix Open Source Meetup Season 3 Episode 2
Netflix Open Source Meetup Season 3 Episode 2Netflix Open Source Meetup Season 3 Episode 2
Netflix Open Source Meetup Season 3 Episode 2aspyker
 
Why Swift on the server?
Why Swift on the server?Why Swift on the server?
Why Swift on the server?ibmmobile
 
Introducing Pico - A Deep Learning Platform using Docker & IoT - Sangam Biradar
Introducing Pico - A Deep Learning Platform using Docker & IoT - Sangam BiradarIntroducing Pico - A Deep Learning Platform using Docker & IoT - Sangam Biradar
Introducing Pico - A Deep Learning Platform using Docker & IoT - Sangam Biradarsangam biradar
 
A DevOps State of Mind with Microservices, Containers and Kubernetes
A DevOps State of Mind with Microservices, Containers and KubernetesA DevOps State of Mind with Microservices, Containers and Kubernetes
A DevOps State of Mind with Microservices, Containers and KubernetesAll Things Open
 
Triangle Devops Meetup 10/2015
Triangle Devops Meetup 10/2015Triangle Devops Meetup 10/2015
Triangle Devops Meetup 10/2015aspyker
 
10 Steps to Cloud Happiness
10 Steps to Cloud Happiness10 Steps to Cloud Happiness
10 Steps to Cloud HappinessAll Things Open
 
Netflix and Containers: Not A Stranger Thing
Netflix and Containers: Not A Stranger ThingNetflix and Containers: Not A Stranger Thing
Netflix and Containers: Not A Stranger Thingaspyker
 
Infrastructure as Code
Infrastructure as CodeInfrastructure as Code
Infrastructure as CodePrasant Kumar
 
Software Delivery at Warp Speed: Five Essential Techniques
Software Delivery at Warp Speed: Five Essential TechniquesSoftware Delivery at Warp Speed: Five Essential Techniques
Software Delivery at Warp Speed: Five Essential TechniquesAtlassian
 

What's hot (20)

Kenzan Spinnaker Meetup
Kenzan Spinnaker MeetupKenzan Spinnaker Meetup
Kenzan Spinnaker Meetup
 
Whats new in brigade 2
Whats new in brigade 2Whats new in brigade 2
Whats new in brigade 2
 
Kubecon seattle 2018 workshop slides
Kubecon seattle 2018 workshop slidesKubecon seattle 2018 workshop slides
Kubecon seattle 2018 workshop slides
 
Is your kubernetes negative or positive
Is your kubernetes negative or positive Is your kubernetes negative or positive
Is your kubernetes negative or positive
 
OpenInfraDays2019 Mastering Openstack the DevOps way
OpenInfraDays2019 Mastering Openstack the DevOps wayOpenInfraDays2019 Mastering Openstack the DevOps way
OpenInfraDays2019 Mastering Openstack the DevOps way
 
DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA
 
Tracking Huge Files with Git LFS
Tracking Huge Files with Git LFSTracking Huge Files with Git LFS
Tracking Huge Files with Git LFS
 
SpringOne 2016 in a nutshell
SpringOne 2016 in a nutshellSpringOne 2016 in a nutshell
SpringOne 2016 in a nutshell
 
Netflix Open Source Meetup Season 3 Episode 2
Netflix Open Source Meetup Season 3 Episode 2Netflix Open Source Meetup Season 3 Episode 2
Netflix Open Source Meetup Season 3 Episode 2
 
Why Swift on the server?
Why Swift on the server?Why Swift on the server?
Why Swift on the server?
 
Introducing Pico - A Deep Learning Platform using Docker & IoT - Sangam Biradar
Introducing Pico - A Deep Learning Platform using Docker & IoT - Sangam BiradarIntroducing Pico - A Deep Learning Platform using Docker & IoT - Sangam Biradar
Introducing Pico - A Deep Learning Platform using Docker & IoT - Sangam Biradar
 
A DevOps State of Mind with Microservices, Containers and Kubernetes
A DevOps State of Mind with Microservices, Containers and KubernetesA DevOps State of Mind with Microservices, Containers and Kubernetes
A DevOps State of Mind with Microservices, Containers and Kubernetes
 
Triangle Devops Meetup 10/2015
Triangle Devops Meetup 10/2015Triangle Devops Meetup 10/2015
Triangle Devops Meetup 10/2015
 
Datadog- Monitoring In Motion
Datadog- Monitoring In Motion Datadog- Monitoring In Motion
Datadog- Monitoring In Motion
 
10 Steps to Cloud Happiness
10 Steps to Cloud Happiness10 Steps to Cloud Happiness
10 Steps to Cloud Happiness
 
Netflix and Containers: Not A Stranger Thing
Netflix and Containers: Not A Stranger ThingNetflix and Containers: Not A Stranger Thing
Netflix and Containers: Not A Stranger Thing
 
Infrastructure as Code
Infrastructure as CodeInfrastructure as Code
Infrastructure as Code
 
Docker
DockerDocker
Docker
 
Docker Serverless
Docker ServerlessDocker Serverless
Docker Serverless
 
Software Delivery at Warp Speed: Five Essential Techniques
Software Delivery at Warp Speed: Five Essential TechniquesSoftware Delivery at Warp Speed: Five Essential Techniques
Software Delivery at Warp Speed: Five Essential Techniques
 

Similar to FOSDEM 2021 - Infrastructure as Code Drift & Driftctl

stackconf 2021 | Why you should take care of infrastructure drift
stackconf 2021 | Why you should take care of infrastructure driftstackconf 2021 | Why you should take care of infrastructure drift
stackconf 2021 | Why you should take care of infrastructure driftNETWAYS
 
Teaching Elephants to Dance (Federal Audience): A Developer's Journey to Digi...
Teaching Elephants to Dance (Federal Audience): A Developer's Journey to Digi...Teaching Elephants to Dance (Federal Audience): A Developer's Journey to Digi...
Teaching Elephants to Dance (Federal Audience): A Developer's Journey to Digi...Burr Sutter
 
How to run your own blockchain pilot
How to run your own blockchain pilotHow to run your own blockchain pilot
How to run your own blockchain pilotSimon Wilson
 
The dangers of black box devices.
The dangers of black box devices.The dangers of black box devices.
The dangers of black box devices.Rsaesha
 
TTD Tatort-driven Development
TTD Tatort-driven DevelopmentTTD Tatort-driven Development
TTD Tatort-driven Developmentinovex GmbH
 
Big Data Approaches to Cloud Security
Big Data Approaches to Cloud SecurityBig Data Approaches to Cloud Security
Big Data Approaches to Cloud SecurityPaul Morse
 
Traefik on google kubernetes engine
Traefik on google kubernetes engineTraefik on google kubernetes engine
Traefik on google kubernetes engineManuel Zapf
 
The internet of $h1t
The internet of $h1tThe internet of $h1t
The internet of $h1tAmit Serper
 
Deep dive nella supply chain della nostra infrastruttura cloud
Deep dive nella supply chain della nostra infrastruttura cloudDeep dive nella supply chain della nostra infrastruttura cloud
Deep dive nella supply chain della nostra infrastruttura cloudsparkfabrik
 
AWS re:Invent 2016: IoT and Beyond: Building IoT Solutions for Exploring the ...
AWS re:Invent 2016: IoT and Beyond: Building IoT Solutions for Exploring the ...AWS re:Invent 2016: IoT and Beyond: Building IoT Solutions for Exploring the ...
AWS re:Invent 2016: IoT and Beyond: Building IoT Solutions for Exploring the ...Amazon Web Services
 
Hacklu2011 tricaud
Hacklu2011 tricaudHacklu2011 tricaud
Hacklu2011 tricaudstricaud
 
Agile Development with OSGi
Agile Development with OSGiAgile Development with OSGi
Agile Development with OSGiMatt Stine
 
What is happening with my microservices?
What is happening with my microservices?What is happening with my microservices?
What is happening with my microservices?Israel Blancas
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022lior mazor
 
Surviving SOA - delivering (somewhat) continuously on a hostile planet
Surviving SOA - delivering (somewhat) continuously on a hostile planetSurviving SOA - delivering (somewhat) continuously on a hostile planet
Surviving SOA - delivering (somewhat) continuously on a hostile planetTomAkehurst
 
Pharo Update
Pharo Update Pharo Update
Pharo Update ESUG
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationTom Eston
 
FreeBSD: Looking forward to another 10 years by Jordan Hubbard
FreeBSD: Looking forward to another 10 years by Jordan HubbardFreeBSD: Looking forward to another 10 years by Jordan Hubbard
FreeBSD: Looking forward to another 10 years by Jordan Hubbardeurobsdcon
 

Similar to FOSDEM 2021 - Infrastructure as Code Drift & Driftctl (20)

stackconf 2021 | Why you should take care of infrastructure drift
stackconf 2021 | Why you should take care of infrastructure driftstackconf 2021 | Why you should take care of infrastructure drift
stackconf 2021 | Why you should take care of infrastructure drift
 
Teaching Elephants to Dance (Federal Audience): A Developer's Journey to Digi...
Teaching Elephants to Dance (Federal Audience): A Developer's Journey to Digi...Teaching Elephants to Dance (Federal Audience): A Developer's Journey to Digi...
Teaching Elephants to Dance (Federal Audience): A Developer's Journey to Digi...
 
How to run your own blockchain pilot
How to run your own blockchain pilotHow to run your own blockchain pilot
How to run your own blockchain pilot
 
The dangers of black box devices.
The dangers of black box devices.The dangers of black box devices.
The dangers of black box devices.
 
TTD Tatort-driven Development
TTD Tatort-driven DevelopmentTTD Tatort-driven Development
TTD Tatort-driven Development
 
Big Data Approaches to Cloud Security
Big Data Approaches to Cloud SecurityBig Data Approaches to Cloud Security
Big Data Approaches to Cloud Security
 
Traefik on google kubernetes engine
Traefik on google kubernetes engineTraefik on google kubernetes engine
Traefik on google kubernetes engine
 
WebWorkersCamp 2010
WebWorkersCamp 2010WebWorkersCamp 2010
WebWorkersCamp 2010
 
The internet of $h1t
The internet of $h1tThe internet of $h1t
The internet of $h1t
 
Deep dive nella supply chain della nostra infrastruttura cloud
Deep dive nella supply chain della nostra infrastruttura cloudDeep dive nella supply chain della nostra infrastruttura cloud
Deep dive nella supply chain della nostra infrastruttura cloud
 
AWS re:Invent 2016: IoT and Beyond: Building IoT Solutions for Exploring the ...
AWS re:Invent 2016: IoT and Beyond: Building IoT Solutions for Exploring the ...AWS re:Invent 2016: IoT and Beyond: Building IoT Solutions for Exploring the ...
AWS re:Invent 2016: IoT and Beyond: Building IoT Solutions for Exploring the ...
 
Hacklu2011 tricaud
Hacklu2011 tricaudHacklu2011 tricaud
Hacklu2011 tricaud
 
Agile Development with OSGi
Agile Development with OSGiAgile Development with OSGi
Agile Development with OSGi
 
What is happening with my microservices?
What is happening with my microservices?What is happening with my microservices?
What is happening with my microservices?
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
 
Surviving SOA - delivering (somewhat) continuously on a hostile planet
Surviving SOA - delivering (somewhat) continuously on a hostile planetSurviving SOA - delivering (somewhat) continuously on a hostile planet
Surviving SOA - delivering (somewhat) continuously on a hostile planet
 
Surviving SOA
Surviving SOASurviving SOA
Surviving SOA
 
Pharo Update
Pharo Update Pharo Update
Pharo Update
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and Exploitation
 
FreeBSD: Looking forward to another 10 years by Jordan Hubbard
FreeBSD: Looking forward to another 10 years by Jordan HubbardFreeBSD: Looking forward to another 10 years by Jordan Hubbard
FreeBSD: Looking forward to another 10 years by Jordan Hubbard
 

Recently uploaded

20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...Akihiro Suda
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceBrainSell Technologies
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Developmentvyaparkranti
 
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxAndreas Kunz
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)jennyeacort
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringHironori Washizaki
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZABSYZ Inc
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfMarharyta Nedzelska
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf31events.com
 
Understanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM ArchitectureUnderstanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM Architecturerahul_net
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odishasmiwainfosol
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Natan Silnitsky
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsSafe Software
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Matt Ray
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Mater
 

Recently uploaded (20)

20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. Salesforce
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Development
 
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their Engineering
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZ
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdf
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf
 
Understanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM ArchitectureUnderstanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM Architecture
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data Streams
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)
 

FOSDEM 2021 - Infrastructure as Code Drift & Driftctl

  • 1. Infrastructure as Code drifts aren’t like Pokemon You can’t catch them all
  • 2. whoami Stephane Jourdan: - @sjourdan (Twitter, GitHub, GitLab,…) - 20 years (Dev)Ops - Co-founded 3 tech companies (CAN/EU) and 1 sound studio. - Driftctl tool co-founder! github.com/cloudskiff/driftctl - “Infrastructure-as-Code Cookbook” author
  • 3. Agenda - IaC: How it started (3mn) - IaC: How it’s going (6mn) - Let’s drift! (5mn) - Existing solutions (2mn) - Driftctl CLI demo! (5mn) - Q&A (5mn)
  • 4. Definition Infrastructure Drift / ˈɪn frəˌstrʌk tʃər drɪft / Noun 1. happens when the reality and the expectations don’t match. Synonyms for Infrastructure Drift 1. omg
  • 7. How It Started A single source of truth!
  • 8. How It Started A single source of truth! Versioning!
  • 9. How It Started A single source of truth! Versioning! The code is the documentation!
  • 10. How It Started A single source of truth! Versioning! The code is the documentation! Testing!
  • 11. How It Started A single source of truth! Versioning! The code is the documentation! Testing! Collaboration FTW!
  • 12. How It Started A single source of truth! Versioning! The code is the documentation! Testing! Collaboration FTW! Immutable Infrastructure!
  • 13. How It Started A single source of truth! Versioning! The code is the documentation! Testing! Collaboration FTW! Immutable Infrastructure! GitOps!
  • 14. How It Started A single source of truth! Versioning! The code is the documentation! Testing! Collaboration FTW! Immutable Infrastructure! GitOps! CI/CD!
  • 15. How It Started A single source of truth! Versioning! The code is the documentation! Testing! Collaboration FTW! Immutable Infrastructure! GitOps! CI/CD! No more local stuff!
  • 16. How It Started A single source of truth! Versioning! The code is the documentation! Testing! Collaboration FTW! Immutable Infrastructure! GitOps! CI/CD! No more local stuff! Credentials under control!
  • 17. How It Started A single source of truth! Versioning! The code is the documentation! Testing! Collaboration FTW! Immutable Infrastructure! GitOps! CI/CD! No more local stuff! Credentials under control! Multi-Cloud!
  • 18. How It Started A single source of truth! Versioning! The code is the documentation! Testing! Collaboration FTW! Immutable Infrastructure! GitOps! CI/CD! No more local stuff! Credentials under control! Multi-Cloud! Skills!
  • 19. How It Started A single source of truth! Versioning! The code is the documentation! Testing! Collaboration FTW! Immutable Infrastructure! GitOps! CI/CD! No more local stuff! Credentials under control! Multi-Cloud! Skills! Time!
  • 20. “Do not expect Plato's ideal republic” Marcus Aurelius, Roman Emperor (and hundreds of us in interview) How It’s Going
  • 21. ■ Changes happen outside of IaC (lambdas, scripts, manual…) How It’s Going
  • 22. ■ Changes happen outside of IaC (lambdas, scripts, manual…) ■ Commits don’t include the full scope of change ■ The code documents a partial reality (half-blind), borken processes ■ No one had time to learn & write IaC tests (and they are too costly to run anyway) ■ E_TOO_MANY_TEAMS ; async(false); ■ People still run terraform on their laptop, full CI/CD setup too complicated ■ The move to immutable infrastructure still didn’t happen last year, too bad ■ My [“boss”, “customer”, “coworker”] needs full console access for ${REASON} ■ All team members aren’t still skilled on every IaaS provider ■ Not everything that has an API is yet under IaC (GitHub etc.) How It’s Going
  • 23. ■ Drift! How It’s Going "Drift Car Demo" by iDream_in_Infrared is licensed under CC BY-NC-ND 2.0
  • 24. ■ Drift! How It’s Going "Crash at St.Marys Corner - Andrew Beaumont - LDS Alfa Romeo - Glover Trophy practice - Goodwood Revival 2013 - Driver ok" by PSParrot is licensed under CC BY 2.0
  • 25. While we use and love Terraform (and other Hashicorp products), Terraform is an excellent provisioner. But it’s not a tool meant to manage what’s outside its scope! And security / compliance tools are another type of software. But...Terraform plan/apply!
  • 27. How an intern with read-only access ended up with rogue Administrative access and keys - without anyone noticing Quick AWS IAM Story
  • 28. How an intern with rogue Administrative access opened everything to anyone on IPv4 & IPv6 - without anyone noticing Quick AWS Security Group Story
  • 29. How a scripting issue created a billing nightmare - With only billing noticing Quick AWS S3 Story
  • 30. ■ CI/CD Integration (Jenkins, Terraform Cloud, Atlantis, env0…) ■ Static Analysis (Checkov, TFLint, TFSec,…) ■ Testing & Verification (Terratest, InSpec,...). ■ Policy & Compliance (Sentinel,…) Existing Solutions
  • 31. driftctl Our own open-source solution for drift management
  • 32. driftctl Our own open-source solution for drift management
  • 33. driftctl Our own open-source solution for drift management ■ AWS Support (more to come) ■ Terraform State support (local/S3) ■ Filtering & Ignore support ■ Written in Go ■ Apache 2.0 License
  • 34. FLOSS CLI that tracks, analyzes, prioritizes, and warns of infrastructure drift cloudskiff/driftctl About driftctl Take control of infrastructure drift