SlideShare a Scribd company logo

What We Learned From 100+ DevOps Teams About Infrastructure Drift

Stephane Jourdan
Stephane Jourdan

Hashitalks 2021 Infrastructure Drift & Driftctl

Software
1 of 18
Download to read offline
What We Learned Asking 100+ DevOps Teams About Infrastructure Drift HashiTalks, Feb 2021
Story ● ❤ GitOps ● 🥰 Users ● 😱 Drift
TL;DR Almost everyone has experienced infrastructure drift recently. We built driftctl to help.
Why - Even the best teams didn’t automate everything - Scripts / Lambdas / Microservices are authenticated - Customers and bosses do exist (with admin credentials)
whoami Stephane Jourdan: ● @sjourdan (Twitter, GitHub, GitLab,…) ● 20 years (Dev)Ops ● Co-founded 3 tech companies (🇨🇦 | 🇪🇺) and 1 sound studio. ● “Infrastructure-as-Code Cookbook” author ● Driftctl tool co-founder! cloudskiff/driftctl
Definition Infrastructure Drift / ˈɪn frəˌstrʌk tʃər drɪft / Noun 1. happens when the reality and the expectations don’t match. Synonyms for Infrastructure Drift 1. omg
Main Causes ● Manual Changes: 96% ● Authenticated Applications: 50% ● Out-of-Sync IaC Environments: 44%
Main Consequences
Solutions
But... - Even the best teams didn’t automate everything - Scripts / Lambdas / Microservices are authenticated - Customers and bosses do exist (with admin credentials)
Stories!
How a simple lambda with read-only access ended up with rogue Administrative access and keys - without anyone noticing Quick AWS IAM Story
How someone opened up everything to anyone on IPv4 & IPv6 - without anyone noticing Quick AWS Security Group Story
How a scripting issue created a billing nightmare - With only billing noticing Quick AWS S3 Story
driftctl Our own open-source solution for drift management ■ AWS Support (more to come) ■ Terraform State support (local/S3) ■ Filtering & Ignore support ■ Written in Go ■ Apache 2.0 License cloudskiff/driftctl driftctl.com/d
Report Q1 2021 release on driftctl.com
TL;DR (Closing) Almost everyone has experienced infrastructure drift recently. We built driftctl to help.
driftctl Our own open-source solution for drift management

Recommended

CNCF London: Key Steps To a Good Quality Terraform Infrastructure Code
CNCF London: Key Steps To a Good Quality Terraform Infrastructure CodeCNCF London: Key Steps To a Good Quality Terraform Infrastructure Code
CNCF London: Key Steps To a Good Quality Terraform Infrastructure CodeStephane Jourdan
 
E bpf and profilers
E bpf and profilersE bpf and profilers
E bpf and profilersLibbySchulze
 
Meetup 23 - 03 - Application Delivery on K8S with GitOps
Meetup 23 - 03 - Application Delivery on K8S with GitOpsMeetup 23 - 03 - Application Delivery on K8S with GitOps
Meetup 23 - 03 - Application Delivery on K8S with GitOpsVietnam Open Infrastructure User Group
 
Containers and Kubernetes without limits
Containers and Kubernetes without limitsContainers and Kubernetes without limits
Containers and Kubernetes without limitsAntje Barth
 
Building A Distributed Build System at Google Scale (StrangeLoop 2016)
Building A Distributed Build System at Google Scale (StrangeLoop 2016)Building A Distributed Build System at Google Scale (StrangeLoop 2016)
Building A Distributed Build System at Google Scale (StrangeLoop 2016)Aysylu Greenberg
 
GitOps for Helm Users by Scott Rigby
GitOps for Helm Users by Scott RigbyGitOps for Helm Users by Scott Rigby
GitOps for Helm Users by Scott RigbyWeaveworks
 
GitOps Toolkit (Cloud Native Nordics Tech Talk)
GitOps Toolkit (Cloud Native Nordics Tech Talk)GitOps Toolkit (Cloud Native Nordics Tech Talk)
GitOps Toolkit (Cloud Native Nordics Tech Talk)Weaveworks
 
Accelerate your business and reduce cost with OpenStack
Accelerate your business and reduce cost with OpenStackAccelerate your business and reduce cost with OpenStack
Accelerate your business and reduce cost with OpenStackOpsta
 

Recommended

CNCF London: Key Steps To a Good Quality Terraform Infrastructure Code
CNCF London: Key Steps To a Good Quality Terraform Infrastructure CodeCNCF London: Key Steps To a Good Quality Terraform Infrastructure Code
CNCF London: Key Steps To a Good Quality Terraform Infrastructure CodeStephane Jourdan
 
E bpf and profilers
E bpf and profilersE bpf and profilers
E bpf and profilersLibbySchulze
 
Meetup 23 - 03 - Application Delivery on K8S with GitOps
Meetup 23 - 03 - Application Delivery on K8S with GitOpsMeetup 23 - 03 - Application Delivery on K8S with GitOps
Meetup 23 - 03 - Application Delivery on K8S with GitOpsVietnam Open Infrastructure User Group
 
Containers and Kubernetes without limits
Containers and Kubernetes without limitsContainers and Kubernetes without limits
Containers and Kubernetes without limitsAntje Barth
 
Building A Distributed Build System at Google Scale (StrangeLoop 2016)
Building A Distributed Build System at Google Scale (StrangeLoop 2016)Building A Distributed Build System at Google Scale (StrangeLoop 2016)
Building A Distributed Build System at Google Scale (StrangeLoop 2016)Aysylu Greenberg
 
GitOps for Helm Users by Scott Rigby
GitOps for Helm Users by Scott RigbyGitOps for Helm Users by Scott Rigby
GitOps for Helm Users by Scott RigbyWeaveworks
 
GitOps Toolkit (Cloud Native Nordics Tech Talk)
GitOps Toolkit (Cloud Native Nordics Tech Talk)GitOps Toolkit (Cloud Native Nordics Tech Talk)
GitOps Toolkit (Cloud Native Nordics Tech Talk)Weaveworks
 
Accelerate your business and reduce cost with OpenStack
Accelerate your business and reduce cost with OpenStackAccelerate your business and reduce cost with OpenStack
Accelerate your business and reduce cost with OpenStackOpsta
 
Gitlab meets Kubernetes
Gitlab meets KubernetesGitlab meets Kubernetes
Gitlab meets Kubernetesinovex GmbH
 
Hardening Your CI/CD Pipelines with GitOps and Continuous Security
Hardening Your CI/CD Pipelines with GitOps and Continuous SecurityHardening Your CI/CD Pipelines with GitOps and Continuous Security
Hardening Your CI/CD Pipelines with GitOps and Continuous SecurityWeaveworks
 
Building a Distributed Build System at Google Scale
Building a Distributed Build System at Google ScaleBuilding a Distributed Build System at Google Scale
Building a Distributed Build System at Google ScaleAysylu Greenberg
 
Kubernetes at Reddit: An Origin Story - KubeCon NA 2018
Kubernetes at Reddit: An Origin Story - KubeCon NA 2018Kubernetes at Reddit: An Origin Story - KubeCon NA 2018
Kubernetes at Reddit: An Origin Story - KubeCon NA 2018Gregory Taylor
 
Develop, deploy, and operate services at reddit scale oscon 2018
Develop, deploy, and operate services at reddit scale oscon 2018Develop, deploy, and operate services at reddit scale oscon 2018
Develop, deploy, and operate services at reddit scale oscon 2018Gregory Taylor
 
Openshift argo cd_v1_2
Openshift argo cd_v1_2Openshift argo cd_v1_2
Openshift argo cd_v1_2RastinKenarsari
 
Jenkins vs GitLab CI
Jenkins vs GitLab CIJenkins vs GitLab CI
Jenkins vs GitLab CICEE-SEC(R)
 
GitLab for CI/CD process
GitLab for CI/CD processGitLab for CI/CD process
GitLab for CI/CD processHYS Enterprise
 
A GitOps Kubernetes Native CICD Solution with Argo Events, Workflows, and CD
A GitOps Kubernetes Native CICD Solution with Argo Events, Workflows, and CDA GitOps Kubernetes Native CICD Solution with Argo Events, Workflows, and CD
A GitOps Kubernetes Native CICD Solution with Argo Events, Workflows, and CDJulian Mazzitelli
 
Webinar - Continuous Integration with GitLab
Webinar - Continuous Integration with GitLabWebinar - Continuous Integration with GitLab
Webinar - Continuous Integration with GitLabOlinData
 
Sprachsteuerung mit dem Google Assistant – Add a new User Interface to your P...
Sprachsteuerung mit dem Google Assistant – Add a new User Interface to your P...Sprachsteuerung mit dem Google Assistant – Add a new User Interface to your P...
Sprachsteuerung mit dem Google Assistant – Add a new User Interface to your P...inovex GmbH
 
GitOps is IaC done right
GitOps is IaC done rightGitOps is IaC done right
GitOps is IaC done rightChen Cheng-Wei
 
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCDKubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCDSunnyvale
 
Gitops Hands On
Gitops Hands OnGitops Hands On
Gitops Hands OnBrice Fernandes
 
Introducing GitLab (September 2018)
Introducing GitLab (September 2018)Introducing GitLab (September 2018)
Introducing GitLab (September 2018)Noa Harel
 
stackconf 2021 | GitOps: yea or nay?
stackconf 2021 | GitOps: yea or nay?stackconf 2021 | GitOps: yea or nay?
stackconf 2021 | GitOps: yea or nay?NETWAYS
 
MesosCon Asia Keynote: Replacing a Jet Engine Mid-flight
MesosCon Asia Keynote: Replacing a Jet Engine Mid-flightMesosCon Asia Keynote: Replacing a Jet Engine Mid-flight
MesosCon Asia Keynote: Replacing a Jet Engine Mid-flightAysylu Greenberg
 
Designing a complete ci cd pipeline using argo events, workflow and cd products
Designing a complete ci cd pipeline using argo events, workflow and cd productsDesigning a complete ci cd pipeline using argo events, workflow and cd products
Designing a complete ci cd pipeline using argo events, workflow and cd productsJulian Mazzitelli
 
DevOps: Coding Defines Monitoring
DevOps: Coding Defines MonitoringDevOps: Coding Defines Monitoring
DevOps: Coding Defines MonitoringOpsta
 
GitLab - Java User Group
GitLab - Java User GroupGitLab - Java User Group
GitLab - Java User GroupPhilippWestphalen
 
stackconf 2021 | Why you should take care of infrastructure drift
stackconf 2021 | Why you should take care of infrastructure driftstackconf 2021 | Why you should take care of infrastructure drift
stackconf 2021 | Why you should take care of infrastructure driftNETWAYS
 
Hacking for fun & profit - The Kubernetes Way - Demi Ben-Ari - Panorays
Hacking for fun & profit - The Kubernetes Way - Demi Ben-Ari - PanoraysHacking for fun & profit - The Kubernetes Way - Demi Ben-Ari - Panorays
Hacking for fun & profit - The Kubernetes Way - Demi Ben-Ari - PanoraysDemi Ben-Ari
 

More Related Content

What's hot

Gitlab meets Kubernetes
Gitlab meets KubernetesGitlab meets Kubernetes
Gitlab meets Kubernetesinovex GmbH
 
Hardening Your CI/CD Pipelines with GitOps and Continuous Security
Hardening Your CI/CD Pipelines with GitOps and Continuous SecurityHardening Your CI/CD Pipelines with GitOps and Continuous Security
Hardening Your CI/CD Pipelines with GitOps and Continuous SecurityWeaveworks
 
Building a Distributed Build System at Google Scale
Building a Distributed Build System at Google ScaleBuilding a Distributed Build System at Google Scale
Building a Distributed Build System at Google ScaleAysylu Greenberg
 
Kubernetes at Reddit: An Origin Story - KubeCon NA 2018
Kubernetes at Reddit: An Origin Story - KubeCon NA 2018Kubernetes at Reddit: An Origin Story - KubeCon NA 2018
Kubernetes at Reddit: An Origin Story - KubeCon NA 2018Gregory Taylor
 
Develop, deploy, and operate services at reddit scale oscon 2018
Develop, deploy, and operate services at reddit scale oscon 2018Develop, deploy, and operate services at reddit scale oscon 2018
Develop, deploy, and operate services at reddit scale oscon 2018Gregory Taylor
 
Jenkins vs GitLab CI
Jenkins vs GitLab CIJenkins vs GitLab CI
Jenkins vs GitLab CICEE-SEC(R)
 
GitLab for CI/CD process
GitLab for CI/CD processGitLab for CI/CD process
GitLab for CI/CD processHYS Enterprise
 
A GitOps Kubernetes Native CICD Solution with Argo Events, Workflows, and CD
A GitOps Kubernetes Native CICD Solution with Argo Events, Workflows, and CDA GitOps Kubernetes Native CICD Solution with Argo Events, Workflows, and CD
A GitOps Kubernetes Native CICD Solution with Argo Events, Workflows, and CDJulian Mazzitelli
 
Webinar - Continuous Integration with GitLab
Webinar - Continuous Integration with GitLabWebinar - Continuous Integration with GitLab
Webinar - Continuous Integration with GitLabOlinData
 
Sprachsteuerung mit dem Google Assistant – Add a new User Interface to your P...
Sprachsteuerung mit dem Google Assistant – Add a new User Interface to your P...Sprachsteuerung mit dem Google Assistant – Add a new User Interface to your P...
Sprachsteuerung mit dem Google Assistant – Add a new User Interface to your P...inovex GmbH
 
GitOps is IaC done right
GitOps is IaC done rightGitOps is IaC done right
GitOps is IaC done rightChen Cheng-Wei
 
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCDKubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCDSunnyvale
 
Introducing GitLab (September 2018)
Introducing GitLab (September 2018)Introducing GitLab (September 2018)
Introducing GitLab (September 2018)Noa Harel
 
stackconf 2021 | GitOps: yea or nay?
stackconf 2021 | GitOps: yea or nay?stackconf 2021 | GitOps: yea or nay?
stackconf 2021 | GitOps: yea or nay?NETWAYS
 
MesosCon Asia Keynote: Replacing a Jet Engine Mid-flight
MesosCon Asia Keynote: Replacing a Jet Engine Mid-flightMesosCon Asia Keynote: Replacing a Jet Engine Mid-flight
MesosCon Asia Keynote: Replacing a Jet Engine Mid-flightAysylu Greenberg
 
Designing a complete ci cd pipeline using argo events, workflow and cd products
Designing a complete ci cd pipeline using argo events, workflow and cd productsDesigning a complete ci cd pipeline using argo events, workflow and cd products
Designing a complete ci cd pipeline using argo events, workflow and cd productsJulian Mazzitelli
 
DevOps: Coding Defines Monitoring
DevOps: Coding Defines MonitoringDevOps: Coding Defines Monitoring
DevOps: Coding Defines MonitoringOpsta
 

What's hot (20)

Gitlab meets Kubernetes
Gitlab meets KubernetesGitlab meets Kubernetes
Gitlab meets Kubernetes
 
Hardening Your CI/CD Pipelines with GitOps and Continuous Security
Hardening Your CI/CD Pipelines with GitOps and Continuous SecurityHardening Your CI/CD Pipelines with GitOps and Continuous Security
Hardening Your CI/CD Pipelines with GitOps and Continuous Security
 
Building a Distributed Build System at Google Scale
Building a Distributed Build System at Google ScaleBuilding a Distributed Build System at Google Scale
Building a Distributed Build System at Google Scale
 
Kubernetes at Reddit: An Origin Story - KubeCon NA 2018
Kubernetes at Reddit: An Origin Story - KubeCon NA 2018Kubernetes at Reddit: An Origin Story - KubeCon NA 2018
Kubernetes at Reddit: An Origin Story - KubeCon NA 2018
 
Develop, deploy, and operate services at reddit scale oscon 2018
Develop, deploy, and operate services at reddit scale oscon 2018Develop, deploy, and operate services at reddit scale oscon 2018
Develop, deploy, and operate services at reddit scale oscon 2018
 
Openshift argo cd_v1_2
Openshift argo cd_v1_2Openshift argo cd_v1_2
Openshift argo cd_v1_2
 
Jenkins vs GitLab CI
Jenkins vs GitLab CIJenkins vs GitLab CI
Jenkins vs GitLab CI
 
GitLab for CI/CD process
GitLab for CI/CD processGitLab for CI/CD process
GitLab for CI/CD process
 
A GitOps Kubernetes Native CICD Solution with Argo Events, Workflows, and CD
A GitOps Kubernetes Native CICD Solution with Argo Events, Workflows, and CDA GitOps Kubernetes Native CICD Solution with Argo Events, Workflows, and CD
A GitOps Kubernetes Native CICD Solution with Argo Events, Workflows, and CD
 
Webinar - Continuous Integration with GitLab
Webinar - Continuous Integration with GitLabWebinar - Continuous Integration with GitLab
Webinar - Continuous Integration with GitLab
 
Sprachsteuerung mit dem Google Assistant – Add a new User Interface to your P...
Sprachsteuerung mit dem Google Assistant – Add a new User Interface to your P...Sprachsteuerung mit dem Google Assistant – Add a new User Interface to your P...
Sprachsteuerung mit dem Google Assistant – Add a new User Interface to your P...
 
GitOps is IaC done right
GitOps is IaC done rightGitOps is IaC done right
GitOps is IaC done right
 
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCDKubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
 
Gitops Hands On
Gitops Hands OnGitops Hands On
Gitops Hands On
 
Introducing GitLab (September 2018)
Introducing GitLab (September 2018)Introducing GitLab (September 2018)
Introducing GitLab (September 2018)
 
stackconf 2021 | GitOps: yea or nay?
stackconf 2021 | GitOps: yea or nay?stackconf 2021 | GitOps: yea or nay?
stackconf 2021 | GitOps: yea or nay?
 
MesosCon Asia Keynote: Replacing a Jet Engine Mid-flight
MesosCon Asia Keynote: Replacing a Jet Engine Mid-flightMesosCon Asia Keynote: Replacing a Jet Engine Mid-flight
MesosCon Asia Keynote: Replacing a Jet Engine Mid-flight
 
Designing a complete ci cd pipeline using argo events, workflow and cd products
Designing a complete ci cd pipeline using argo events, workflow and cd productsDesigning a complete ci cd pipeline using argo events, workflow and cd products
Designing a complete ci cd pipeline using argo events, workflow and cd products
 
DevOps: Coding Defines Monitoring
DevOps: Coding Defines MonitoringDevOps: Coding Defines Monitoring
DevOps: Coding Defines Monitoring
 
GitLab - Java User Group
GitLab - Java User GroupGitLab - Java User Group
GitLab - Java User Group
 

Similar to What We Learned From 100+ DevOps Teams About Infrastructure Drift

stackconf 2021 | Why you should take care of infrastructure drift
stackconf 2021 | Why you should take care of infrastructure driftstackconf 2021 | Why you should take care of infrastructure drift
stackconf 2021 | Why you should take care of infrastructure driftNETWAYS
 
Hacking for fun & profit - The Kubernetes Way - Demi Ben-Ari - Panorays
Hacking for fun & profit - The Kubernetes Way - Demi Ben-Ari - PanoraysHacking for fun & profit - The Kubernetes Way - Demi Ben-Ari - Panorays
Hacking for fun & profit - The Kubernetes Way - Demi Ben-Ari - PanoraysDemi Ben-Ari
 
Meetup 2020 - Back to the Basics part 101 : IaC
Meetup 2020 - Back to the Basics part 101 : IaCMeetup 2020 - Back to the Basics part 101 : IaC
Meetup 2020 - Back to the Basics part 101 : IaCDamienCarpy
 
Kubernetes, Toolbox to fail or succeed for beginners - Demi Ben-Ari, VP R&D @...
Kubernetes, Toolbox to fail or succeed for beginners - Demi Ben-Ari, VP R&D @...Kubernetes, Toolbox to fail or succeed for beginners - Demi Ben-Ari, VP R&D @...
Kubernetes, Toolbox to fail or succeed for beginners - Demi Ben-Ari, VP R&D @...Demi Ben-Ari
 
Ship code like a keptn
Ship code like a keptnShip code like a keptn
Ship code like a keptnRob Jahn
 
Gitora, Version Control for PL/SQL
Gitora, Version Control for PL/SQLGitora, Version Control for PL/SQL
Gitora, Version Control for PL/SQLGerger
 
Gitora, Version Control for PL/SQL
Gitora, Version Control for PL/SQLGitora, Version Control for PL/SQL
Gitora, Version Control for PL/SQLGerger
 
The Unicorn Project and The Five Ideals (Updated Dec 2019)
The Unicorn Project and The Five Ideals (Updated Dec 2019)The Unicorn Project and The Five Ideals (Updated Dec 2019)
The Unicorn Project and The Five Ideals (Updated Dec 2019)Gene Kim
 
Netflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source ProgramNetflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source Programaspyker
 
Building a Distributed & Automated Open Source Program at Netflix
Building a Distributed & Automated Open Source Program at NetflixBuilding a Distributed & Automated Open Source Program at Netflix
Building a Distributed & Automated Open Source Program at NetflixAll Things Open
 
Big feature - small sprint
Big feature - small sprint Big feature - small sprint
Big feature - small sprint Igor Goldshmidt
 
Drupal and Devops , the Survey Results
Drupal and Devops , the Survey ResultsDrupal and Devops , the Survey Results
Drupal and Devops , the Survey ResultsKris Buytaert
 
Gitora, Version Control for PL/SQL
Gitora, Version Control for PL/SQLGitora, Version Control for PL/SQL
Gitora, Version Control for PL/SQLGerger
 
Introducing Gitora,the version control tool for PL/SQL
Introducing Gitora,the version control tool for PL/SQLIntroducing Gitora,the version control tool for PL/SQL
Introducing Gitora,the version control tool for PL/SQLGerger
 
microXchg 2019: "Creating an Effective Developer Experience for Cloud-Native ...
microXchg 2019: "Creating an Effective Developer Experience for Cloud-Native ...microXchg 2019: "Creating an Effective Developer Experience for Cloud-Native ...
microXchg 2019: "Creating an Effective Developer Experience for Cloud-Native ...Daniel Bryant
 
Develop Community-based Android Distribution and Upstreaming Experience
Develop Community-based Android Distribution and Upstreaming Experience Develop Community-based Android Distribution and Upstreaming Experience
Develop Community-based Android Distribution and Upstreaming Experience National Cheng Kung University
 
Continuous Delivery for Python Developers – PyCon Otto
Continuous Delivery for Python Developers – PyCon OttoContinuous Delivery for Python Developers – PyCon Otto
Continuous Delivery for Python Developers – PyCon OttoPeter Bittner
 
What is DevOps?
What is DevOps?What is DevOps?
What is DevOps?jeckels
 
NYCACE April 2022 Presentations.pdf
NYCACE April 2022 Presentations.pdfNYCACE April 2022 Presentations.pdf
NYCACE April 2022 Presentations.pdfAUGNYC
 
JAX DevOps 2019: "Creating an Effective Developer Experience for Cloud-native...
JAX DevOps 2019: "Creating an Effective Developer Experience for Cloud-native...JAX DevOps 2019: "Creating an Effective Developer Experience for Cloud-native...
JAX DevOps 2019: "Creating an Effective Developer Experience for Cloud-native...Daniel Bryant
 

Similar to What We Learned From 100+ DevOps Teams About Infrastructure Drift (20)

stackconf 2021 | Why you should take care of infrastructure drift
stackconf 2021 | Why you should take care of infrastructure driftstackconf 2021 | Why you should take care of infrastructure drift
stackconf 2021 | Why you should take care of infrastructure drift
 
Hacking for fun & profit - The Kubernetes Way - Demi Ben-Ari - Panorays
Hacking for fun & profit - The Kubernetes Way - Demi Ben-Ari - PanoraysHacking for fun & profit - The Kubernetes Way - Demi Ben-Ari - Panorays
Hacking for fun & profit - The Kubernetes Way - Demi Ben-Ari - Panorays
 
Meetup 2020 - Back to the Basics part 101 : IaC
Meetup 2020 - Back to the Basics part 101 : IaCMeetup 2020 - Back to the Basics part 101 : IaC
Meetup 2020 - Back to the Basics part 101 : IaC
 
Kubernetes, Toolbox to fail or succeed for beginners - Demi Ben-Ari, VP R&D @...
Kubernetes, Toolbox to fail or succeed for beginners - Demi Ben-Ari, VP R&D @...Kubernetes, Toolbox to fail or succeed for beginners - Demi Ben-Ari, VP R&D @...
Kubernetes, Toolbox to fail or succeed for beginners - Demi Ben-Ari, VP R&D @...
 
Ship code like a keptn
Ship code like a keptnShip code like a keptn
Ship code like a keptn
 
Gitora, Version Control for PL/SQL
Gitora, Version Control for PL/SQLGitora, Version Control for PL/SQL
Gitora, Version Control for PL/SQL
 
Gitora, Version Control for PL/SQL
Gitora, Version Control for PL/SQLGitora, Version Control for PL/SQL
Gitora, Version Control for PL/SQL
 
The Unicorn Project and The Five Ideals (Updated Dec 2019)
The Unicorn Project and The Five Ideals (Updated Dec 2019)The Unicorn Project and The Five Ideals (Updated Dec 2019)
The Unicorn Project and The Five Ideals (Updated Dec 2019)
 
Netflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source ProgramNetflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source Program
 
Building a Distributed & Automated Open Source Program at Netflix
Building a Distributed & Automated Open Source Program at NetflixBuilding a Distributed & Automated Open Source Program at Netflix
Building a Distributed & Automated Open Source Program at Netflix
 
Big feature - small sprint
Big feature - small sprint Big feature - small sprint
Big feature - small sprint
 
Drupal and Devops , the Survey Results
Drupal and Devops , the Survey ResultsDrupal and Devops , the Survey Results
Drupal and Devops , the Survey Results
 
Gitora, Version Control for PL/SQL
Gitora, Version Control for PL/SQLGitora, Version Control for PL/SQL
Gitora, Version Control for PL/SQL
 
Introducing Gitora,the version control tool for PL/SQL
Introducing Gitora,the version control tool for PL/SQLIntroducing Gitora,the version control tool for PL/SQL
Introducing Gitora,the version control tool for PL/SQL
 
microXchg 2019: "Creating an Effective Developer Experience for Cloud-Native ...
microXchg 2019: "Creating an Effective Developer Experience for Cloud-Native ...microXchg 2019: "Creating an Effective Developer Experience for Cloud-Native ...
microXchg 2019: "Creating an Effective Developer Experience for Cloud-Native ...
 
Develop Community-based Android Distribution and Upstreaming Experience
Develop Community-based Android Distribution and Upstreaming Experience Develop Community-based Android Distribution and Upstreaming Experience
Develop Community-based Android Distribution and Upstreaming Experience
 
Continuous Delivery for Python Developers – PyCon Otto
Continuous Delivery for Python Developers – PyCon OttoContinuous Delivery for Python Developers – PyCon Otto
Continuous Delivery for Python Developers – PyCon Otto
 
What is DevOps?
What is DevOps?What is DevOps?
What is DevOps?
 
NYCACE April 2022 Presentations.pdf
NYCACE April 2022 Presentations.pdfNYCACE April 2022 Presentations.pdf
NYCACE April 2022 Presentations.pdf
 
JAX DevOps 2019: "Creating an Effective Developer Experience for Cloud-native...
JAX DevOps 2019: "Creating an Effective Developer Experience for Cloud-native...JAX DevOps 2019: "Creating an Effective Developer Experience for Cloud-native...
JAX DevOps 2019: "Creating an Effective Developer Experience for Cloud-native...
 

Recently uploaded

Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfStefano Stabellini
 
Buds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in NoidaBuds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in Noidabntitsolutionsrishis
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Velvetech LLC
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...OnePlan Solutions
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Matt Ray
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...Technogeeks
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作qr0udbr0
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odishasmiwainfosol
 
How to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfHow to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfLivetecs LLC
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 

Recently uploaded (20)

Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdf
 
Buds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in NoidaBuds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in Noida
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
 
How to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfHow to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdf
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 

What We Learned From 100+ DevOps Teams About Infrastructure Drift

  • 1. What We Learned Asking 100+ DevOps Teams About Infrastructure Drift HashiTalks, Feb 2021
  • 2. Story ● ❤ GitOps ● 🥰 Users ● 😱 Drift
  • 3. TL;DR Almost everyone has experienced infrastructure drift recently. We built driftctl to help.
  • 4. Why - Even the best teams didn’t automate everything - Scripts / Lambdas / Microservices are authenticated - Customers and bosses do exist (with admin credentials)
  • 5. whoami Stephane Jourdan: ● @sjourdan (Twitter, GitHub, GitLab,…) ● 20 years (Dev)Ops ● Co-founded 3 tech companies (🇨🇦 | 🇪🇺) and 1 sound studio. ● “Infrastructure-as-Code Cookbook” author ● Driftctl tool co-founder! cloudskiff/driftctl
  • 6. Definition Infrastructure Drift / ˈɪn frəˌstrʌk tʃər drɪft / Noun 1. happens when the reality and the expectations don’t match. Synonyms for Infrastructure Drift 1. omg
  • 7. Main Causes ● Manual Changes: 96% ● Authenticated Applications: 50% ● Out-of-Sync IaC Environments: 44%
  • 10. But... - Even the best teams didn’t automate everything - Scripts / Lambdas / Microservices are authenticated - Customers and bosses do exist (with admin credentials)
  • 12. How a simple lambda with read-only access ended up with rogue Administrative access and keys - without anyone noticing Quick AWS IAM Story
  • 13. How someone opened up everything to anyone on IPv4 & IPv6 - without anyone noticing Quick AWS Security Group Story
  • 14. How a scripting issue created a billing nightmare - With only billing noticing Quick AWS S3 Story
  • 15. driftctl Our own open-source solution for drift management ■ AWS Support (more to come) ■ Terraform State support (local/S3) ■ Filtering & Ignore support ■ Written in Go ■ Apache 2.0 License cloudskiff/driftctl driftctl.com/d
  • 16. Report Q1 2021 release on driftctl.com
  • 17. TL;DR (Closing) Almost everyone has experienced infrastructure drift recently. We built driftctl to help.
  • 18. driftctl Our own open-source solution for drift management