The document discusses the evolution of DevOps practices focusing on transitioning from traditional server configurations to immutable infrastructure, addressing issues like configuration drift and the need for automation in scaling systems. It highlights various technologies and methodologies such as containers, orchestration, and GitOps, advocating for dynamic antifragile systems that enhance security and resilience. Potential future directions include exploring unikernels and serverless architectures as solutions for improved infrastructure management.

1. A DevOps Journey:
From server configuration to immutable infrastructure
AWS Las Palmas UG
2023-09-28

2. www.fivexl.io | hello@fivexl.io
But infrastructure as
code is not the end goal,
right?

3. www.fivexl.io | hello@fivexl.io
Typical business
needs /
problems
Not able to ship changes fast enough
Not able to scale system to meet
demand
Hard to manage / change large scale
systems
Disaster recovery / Fragile systems
Security / compliance

4. Dynamic Antifragile Systems
AWS Las Palmas UG
2023-09-28

5. www.fivexl.io | hello@fivexl.io
Andrey Devyatkin
Co-Host at DevSecOps
Talks podcast
Cloud Engineering
Specialist
AWS Community
Builder
Co-Founder at FivexL
Happy Las Palmas
resident

6. www.fivexl.io | hello@fivexl.io
Dynamic
Antifragile
System
Service discovery
Immutable infrastructure as code
Zero Trust

7. www.fivexl.io | hello@fivexl.io
How do we end up with
static and fragile infra in
the first place? 🤔

8. www.fivexl.io | hello@fivexl.io
Single server
ClickOps
Manage over ssh
Install nginx with
letsencrypt
scp code
https://cdn2.iconfinder.com/data/icons/amazon-aws-stencils/100/Compute__N
etworking_copy_Amazon_EC2_Instance-512.png
NewProd,
34.45.56.78
Stage,
34.45.58.11

9. www.fivexl.io | hello@fivexl.io
NewProd? What
happened to the old one?

10. www.fivexl.io | hello@fivexl.io
Configuration Drift is the
phenomenon where servers in
an infrastructure become more
and more different from one
another as time goes on, due to
manual ad-hoc changes and
updates, and general entropy.
Keif Morris
http://kief.com/configuration-drift.html

11. www.fivexl.io | hello@fivexl.io
Configuration changes are
regularly needed to tweak the
environment so that it runs
efficiently and communicates
properly with other systems. This
requires some mix of
command-line invocations,
jumping between GUI screens, and
editing text files.
The result is a unique snowflake -
good for a ski resort, bad for a data
center.
Martin Fowler
https://martinfowler.com/bliki/SnowflakeServer.html

12. www.fivexl.io | hello@fivexl.io
More traffic
Move nginx to a
separate server,
static routing
Add more servers
Make sure that all
servers have the
same configuration
scp code
https://cdn2.iconfinder.com/data/icons/amazon-aws-stencils/100/Compute__N
etworking_copy_Amazon_EC2_Instance-512.png
NewProd,
34.45.56.78
Prod2,
34.45.60.23
Nginx,
34.44.23.67

13. www.fivexl.io | hello@fivexl.io
More traffic
More servers
Consistency
Management
Need for automation
https://www.lacisoft.com/blog/wp-content/uploads/2016/05/logo-amazon-elas
tic-load-balancing.png
NewProd,
34.45.56.78
Prod2,
34.45.60.23
ProdTmp,
34.45.80.72
Prod3,
34.50.57.71
Nginx,
34.44.23.67

14. www.fivexl.io | hello@fivexl.io
First attempts at
automation
Tool-first thinking
Replace bash with
the specialized tool
Kind of consistency
Manual scaling
https://www.lacisoft.com/blog/wp-content/uploads/2016/05/logo-amazon-elas
tic-load-balancing.png
NewProd,
34.45.56.78
Prod2,
34.45.60.23
ProdTmp,
34.45.80.72
Prod3,
34.50.57.71
Nginx,
34.44.23.67

15. www.fivexl.io | hello@fivexl.io
Adding containers
Start containers
instead of copying
code
Some would do
docker-compose
Leap to orchestrators
https://www.lacisoft.com/blog/wp-content/uploads/2016/05/logo-amazon-elas
tic-load-balancing.png
NewProd,
34.45.56.78
Prod2,
34.45.60.23
ProdTmp,
34.45.80.72
Prod3,
34.50.57.71
https://www.docker.com/sites/default/files/d8/2019-07/Moby-logo.png
Nginx,
34.44.23.67

16. www.fivexl.io | hello@fivexl.io
https://www.thoughtworks.com/insights/blog/infrastructure-code-automation-fear-spiral

17. www.fivexl.io | hello@fivexl.io
Configuration synchronization
https://martinfowler.com/bliki/ConfigurationSynchronization.html

18. www.fivexl.io | hello@fivexl.io
Can we do better?

19. www.fivexl.io | hello@fivexl.io
Phoenix server

20. www.fivexl.io | hello@fivexl.io
Phoenix server
https://martinfowler.com/bliki/ImmutableServer.html

21. www.fivexl.io | hello@fivexl.io
So if I kill my servers often enough and
provision them with Ansible then I’m doing
immutable configuration as code?

22. www.fivexl.io | hello@fivexl.io
So if I kill my servers often enough and
provision them with Ansible then I’m doing
immutable configuration as code?
Is it good enough?

23. www.fivexl.io | hello@fivexl.io
Can we do better?

24. www.fivexl.io | hello@fivexl.io
Immutable server
https://martinfowler.com/bliki/ImmutableServer.html

25. www.fivexl.io | hello@fivexl.io
Switch over to ASG
Requires ready to
use image
Allows for scale
in/out
No ssh needed
No pet names,
dynamic
https://tudip.com/wp-content/uploads/2018/12/autoscaling-group.png

26. www.fivexl.io | hello@fivexl.io
Can we call ASG an orchestrator for VMs?

27. www.fivexl.io | hello@fivexl.io
https://static.packt-cdn.com/products/9781788992329/graphics/0ee3d4cf-2133-4143-a7c4-690274483841.png
https://miro.medium.com/max/2560/1*gVNbunchCV5wXgnwlT-iGg.jpeg

28. www.fivexl.io | hello@fivexl.io
Can we take immutable
VM to the next level?

29. www.fivexl.io | hello@fivexl.io
ContainerOS
https://techcrunch.com/wp-content/uploads/2020/03/Site-Merch_Bottlerocket_Standalone_Squid.6738132bb3477edd8ed80646a366cfc8f474e6f2.png

30. www.fivexl.io | hello@fivexl.io
AWS
BottleRocket
API access for configuring your system
Updates based on partition flips, for
fast and reliable system updates
Modeled configuration that's
automatically migrated through updates
Security as a top priority
Written in Rust
https://github.com/bottlerocket-os/bottlerocket

31. www.fivexl.io | hello@fivexl.io
https://github.com/bottlerocket-os/bottlerocket

32. www.fivexl.io | hello@fivexl.io
Is there a next level for
VMs?

33. www.fivexl.io | hello@fivexl.io
MicroVM
Unikernels
Nanos Unikernel
OSv
includeOS
MirageOS
Unikernels are specialised single process operating systems.

34. www.fivexl.io | hello@fivexl.io
https://anglehit.com/wp-content/uploads/2020/04/Unikernels.png

35. www.fivexl.io | hello@fivexl.io
https://nanovms.gitbook.io/ops/aws

36. www.fivexl.io | hello@fivexl.io
https://nanovms.gitbook.io/ops/aws

37. www.fivexl.io | hello@fivexl.io
ASG/Unikernel
No containers
No orchestrators
No new abstractions
No configuration
drift
https://tudip.com/wp-content/uploads/2018/12/autoscaling-group.png

38. www.fivexl.io | hello@fivexl.io
Yeah, unikernels are
dope
But we are doing
Kubernetes!

39. www.fivexl.io | hello@fivexl.io
Wait!
Are we back to
configuration
synchronization?
https://miro.medium.com/max/1510/1*e4w0j0SUdsfx_U7hdHHpyw.png

40. www.fivexl.io | hello@fivexl.io
GitOps
Cloud config via GitOps
Broken feedback loop
Branching
Configuration drift

41. www.fivexl.io | hello@fivexl.io

42. www.fivexl.io | hello@fivexl.io
How do we do
immutable infra for K8S
cluster?
Time to time you have to take a step back to take two forward

43. www.fivexl.io | hello@fivexl.io
Probably the best
for today
ContainerOS
Containers
Managed container
orchestrator
Automated scaling
Auto Scaling Group

44. www.fivexl.io | hello@fivexl.io
Recap

45. www.fivexl.io | hello@fivexl.io
Typical business
needs /
problems
Not able to ship changes fast enough
Not able to scale system to meet
demand
Hard to manage / change large scale
systems
Disaster recovery / Fragile systems
Security / compliance

46. www.fivexl.io | hello@fivexl.io
Dynamic
Antifragile
System
Service discovery
Immutable infrastructure as code
Zero Trust

47. Infrastructure as Code
Challenges
Server Sprawl
Configuration Drift
Snowflake Servers
Goals
IT infrastructure supports and enables change.
Changes to the system are routine, without drama or
stress for users or IT staff.
IT staff spends their time on valuable things that engage
their abilities.
Users are able to define, provision, and manage the
resources they need.
Teams are able to easily and quickly recover from failures.
Improvements are made continuously.
Solutions to problems are proven through implementing,
testing, and measuring.
Fragile Infrastructure
Automation Fear
Erosion

48. www.fivexl.io | hello@fivexl.io
Configuration
Synchronization
Still leaves the possibility of configuration drift
A first good step comparing to doing it manually
Slow scaling, far from dynamic
Often used for bare-metal setups
Apparently for K8S
Might be a necessary evil
https://www.oreilly.com/library/view/infrastructure-as-code/9781491924334/ch01.html

49. www.fivexl.io | hello@fivexl.io
Immutable
infrastructure
Great for security
Takes more work to implement
Easy to recreate systems
Resilient/self-healing dynamic systems
Focus on business goals
https://www.oreilly.com/library/view/infrastructure-as-code/9781491924334/ch01.html

50. www.fivexl.io | hello@fivexl.io
Tomorrow?
Immutable k8s?
Unikernels/microvm?
Serverless?
https://www.oreilly.com/library/view/infrastructure-as-code/9781491924334/ch01.html

51. Thank you
@andrey9kin
https://fivexl.io
https://andreydevyatkin.com
https://www.linkedin.com/in/andreydevyatkin/
https://devsecops.fm