DevOpsDays Tel Aviv, profile picture
Uploaded byDevOpsDays Tel Aviv
PPTX, PDF108 views

DON'T PANIC: GETTING YOUR INFRASTRUCTURE DRIFT UNDER CONTROL, ERAN BIBI, Firefly

The document discusses the issue of configuration drifts in Kubernetes (k8s) and the challenges associated with maintaining infrastructure as code (IaC). It highlights the significant impacts of these drifts, such as security vulnerabilities and increased costs, and proposes strategies for drift detection and mitigation using tools like Terraform and GitOps methodologies. The speaker emphasizes the importance of both technological solutions and changes in team behavior to prevent infrastructure drift.

Technology
Related topics:
cloud-native

Embed presentation

Download to read offline
Eran Bibi, Co-Founder and CPO, Firefly Don’t Panic: Get Your K8s Drifts Under Control
E6i Co-Founder & CPO, Firefly Former Head of DevOps & SaaS Platform, Aqua A CLI Type of Guy
• Code reviews • Immutable infrastructure • Disaster recovery planning • Shift left security scanning for the infrastructure • Pre-deployment cost analysis Why IaC? kubeadm Ansible Terraform Cloud Console eksctl kops The Hard Way Infrastructure-as- code The Challenge: Infrastructures Tend to
9 out of 10 Large Scale Deployments Have Configuration Drifts 50% of the Drifts Were Unnoticed Toil 60% Security 20% Reliability 20% 100% Impact
Infrastructure Drift Drift is what happens whenever the real-world state of your infrastructure differs from the defined one in your configuration. The Configuration The Real-world State
And Now for Real The Configuration The Real-world State
K8s drift The Configuration The Real-world State
Data / Outcome Drifts: Cause & Effect Manual changes (“emergency fix”) Environment discrepancies Automated apps Infrastructure Drift: • Security vulnerabilities • Increased costs • Excessive work • Decreased efficiency • Reliability risk Misalignment between IaC and Cloud APIs
K8s drifts: Double Trouble
1st Approach: Establish a Drift Detection Strategy Understand when drifts may become risky Catch the drifts: implement drift detection automation per your stack/s Classify and route each response to respective individual or team
Drift Detection using Terraform plan
2nd Approach: GitOps
Takeaways ● Implement tools to detect drifts ○ Terraform Plan ○ driftctl ○ kubediff ● Consider GitOps methodology as a mitigation strategy ○ ArgoCD ○ Flux ○ JenkinsX ● Tools are not enough, you also need to change behavior
May your Infrastructure Never Drift gofirefly.io Thank You!

More Related Content

PDF
Infrastructure as Code
byRobert Greiner
 
PDF
Deployment Pipeline for databases (Azure SQL Database, SQL Server)
byEduardo Piairo
 
PDF
Getting Started with Infrastructure as Code (IaC)
byNoor Basha
 
PPTX
Sam Guckenheimer - Moving to One Engineering System
byWinOps Conf
 
PDF
Infrastructure as Code
byPrasant Kumar
 
PPTX
Ed Elliott - Practical DSC in Azure
byWinOps Conf
 
PPTX
Techique, Methodology, Culture
byBenny Bauer
 
PDF
Spinnaker Microsrvices
byAmbassador Labs
 
Infrastructure as Code
byRobert Greiner
 
Deployment Pipeline for databases (Azure SQL Database, SQL Server)
byEduardo Piairo
 
Getting Started with Infrastructure as Code (IaC)
byNoor Basha
 
Sam Guckenheimer - Moving to One Engineering System
byWinOps Conf
 
Infrastructure as Code
byPrasant Kumar
 
Ed Elliott - Practical DSC in Azure
byWinOps Conf
 
Techique, Methodology, Culture
byBenny Bauer
 
Spinnaker Microsrvices
byAmbassador Labs
 

What's hot

PDF
DevOps, Common use cases, Architectures, Best Practices
byShiva Narayanaswamy
 
PPTX
Vulnerability Discovery in the Cloud
byDevOps.com
 
PDF
Using Machine Learning on K8s Logs to Find Root Cause Faster
byLibbySchulze
 
PPTX
DevOps: Infrastructure as Code
byJulio Aziz Flores Casab
 
PDF
RightScale Webinar: Continuous Integration and Delivery in the Cloud - How Ri...
byRightScale
 
PDF
Infrastructure as code
byAakash Singhal
 
PDF
AWS Well-Architected: Build Better Architecture, Better Business
byDevOps.com
 
PDF
56k.cloud intro and pitch deck
byBrian Christner
 
PDF
Monitoring Serverless Applications with Datadog
byDevOps.com
 
PDF
Tracking Huge Files with Git LFS
byAtlassian
 
PDF
Datadog- Monitoring In Motion
byCloud Native Apps SF
 
PDF
Immutable Infrastructure: Rise of the Machine Images
byC4Media
 
PPTX
Ibm cloud nativenetflixossfinal
byaspyker
 
PPTX
DevOps Moves To Production (Lori MacVittie)
byRed Hat Developers
 
PDF
Infrastructure as Code
byLeandro Rosa
 
PDF
Can I Contain This?
byEficode
 
PPTX
Splitting the Check on Compliance and Security
byJason Chan
 
PDF
DCSF 19 Modern Orchestrated IT for Enterprise CMS
byDocker, Inc.
 
PPTX
DevOps and AWS - Code PaLOUsa 2017
byJames Strong
 
ODP
Continuous Delivery with Spinnaker.io
byMartin Roderus
 
DevOps, Common use cases, Architectures, Best Practices
byShiva Narayanaswamy
 
Vulnerability Discovery in the Cloud
byDevOps.com
 
Using Machine Learning on K8s Logs to Find Root Cause Faster
byLibbySchulze
 
DevOps: Infrastructure as Code
byJulio Aziz Flores Casab
 
RightScale Webinar: Continuous Integration and Delivery in the Cloud - How Ri...
byRightScale
 
Infrastructure as code
byAakash Singhal
 
AWS Well-Architected: Build Better Architecture, Better Business
byDevOps.com
 
56k.cloud intro and pitch deck
byBrian Christner
 
Monitoring Serverless Applications with Datadog
byDevOps.com
 
Tracking Huge Files with Git LFS
byAtlassian
 
Datadog- Monitoring In Motion
byCloud Native Apps SF
 
Immutable Infrastructure: Rise of the Machine Images
byC4Media
 
Ibm cloud nativenetflixossfinal
byaspyker
 
DevOps Moves To Production (Lori MacVittie)
byRed Hat Developers
 
Infrastructure as Code
byLeandro Rosa
 
Can I Contain This?
byEficode
 
Splitting the Check on Compliance and Security
byJason Chan
 
DCSF 19 Modern Orchestrated IT for Enterprise CMS
byDocker, Inc.
 
DevOps and AWS - Code PaLOUsa 2017
byJames Strong
 
Continuous Delivery with Spinnaker.io
byMartin Roderus
 

Similar to DON'T PANIC: GETTING YOUR INFRASTRUCTURE DRIFT UNDER CONTROL, ERAN BIBI, Firefly

PDF
When Terraform Scripts Hide Drift That’s Breaking Your Cloud.pdf
bySudeep Khire
 
PDF
FOSDEM 2021 - Infrastructure as Code Drift & Driftctl
byStephane Jourdan
 
PPTX
Rancher MasterClass - Avoiding-configuration-drift.pptx
byLibbySchulze
 
PDF
Why Should Developers Care About Container Security?
byAll Things Open
 
PDF
Container Stranger Danger - Why should devs care about container security
byEric Smalling
 
PDF
Hashitalks 2021 Infrastructure Drift & Driftctl
byStephane Jourdan
 
PPTX
10 tips for Cloud Native Security
byKarthik Gaekwad
 
PDF
[OpenInfra Days Vietnam 2019] Innovation with open sources and app modernizat...
byIan Choi
 
PDF
Best Practices to Secure Containerized Apps with Next-Gen WAF
byDevOps.com
 
PDF
stackconf 2021 | Why you should take care of infrastructure drift
byNETWAYS
 
PDF
Deepfence.pdf
byVishwas N
 
PDF
Python Web Conference 2022 - Why should devs care about container security.pdf
byEric Smalling
 
PDF
Why should developers care about container security?
byEric Smalling
 
PDF
ATO 2022 - Why should devs care about container security.pdf
byEric Smalling
 
PDF
GDG SLK - Why should devs care about container security.pdf
byJames Anderson
 
PDF
Engineering Operations
byCybera Inc.
 
PPSX
GitOps and Kubernetes: a radical idea
byManning Publications
 
PPTX
KubeSecOps
byKarthik Gaekwad
 
When Terraform Scripts Hide Drift That’s Breaking Your Cloud.pdf
bySudeep Khire
 
FOSDEM 2021 - Infrastructure as Code Drift & Driftctl
byStephane Jourdan
 
Rancher MasterClass - Avoiding-configuration-drift.pptx
byLibbySchulze
 
Why Should Developers Care About Container Security?
byAll Things Open
 
Container Stranger Danger - Why should devs care about container security
byEric Smalling
 
Hashitalks 2021 Infrastructure Drift & Driftctl
byStephane Jourdan
 
10 tips for Cloud Native Security
byKarthik Gaekwad
 
[OpenInfra Days Vietnam 2019] Innovation with open sources and app modernizat...
byIan Choi
 
Best Practices to Secure Containerized Apps with Next-Gen WAF
byDevOps.com
 
stackconf 2021 | Why you should take care of infrastructure drift
byNETWAYS
 
Deepfence.pdf
byVishwas N
 
Python Web Conference 2022 - Why should devs care about container security.pdf
byEric Smalling
 
Why should developers care about container security?
byEric Smalling
 
ATO 2022 - Why should devs care about container security.pdf
byEric Smalling
 
GDG SLK - Why should devs care about container security.pdf
byJames Anderson
 
Engineering Operations
byCybera Inc.
 
GitOps and Kubernetes: a radical idea
byManning Publications
 
KubeSecOps
byKarthik Gaekwad
 

More from DevOpsDays Tel Aviv

PPTX
CONFIGURATION MANAGEMENT IN THE CLOUD NATIVE ERA, SHAHAR MINTZ, EggPack
byDevOpsDays Tel Aviv
 
PPTX
HOW TO OPTIMIZE NON-CODING TIME, ORI KEREN, LinearB
byDevOpsDays Tel Aviv
 
PPTX
NUDGE AND SLUDGE: DRIVING SECURITY WITH DESIGN // J. WOLFGANG GOERLICH, Duo S...
byDevOpsDays Tel Aviv
 
PPTX
THE THREE DISCIPLINES OF CI/CD SECURITY, DANIEL KRIVELEVICH, Cider Security
byDevOpsDays Tel Aviv
 
PPTX
ONBOARDING IN LOCKDOWN, HILA FOX, Augury
byDevOpsDays Tel Aviv
 
PPTX
(Ignite) TAKE A HIKE: PREVENTING BATTERY CORROSION - LEAH VOGEL, CHEGG
byDevOpsDays Tel Aviv
 
PPTX
SOLVING THE DEVOPS CRISIS, ONE PERSON AT A TIME, CHRISTINA BABITSKI, Develeap
byDevOpsDays Tel Aviv
 
PPTX
PRINCIPLES OF OBSERVABILITY // DANIEL MAHER, DataDog
byDevOpsDays Tel Aviv
 
PPTX
KEYNOTE | WHAT'S COMING IN THE NEXT 10 YEARS OF DEVOPS? // ELLEN CHISA, bolds...
byDevOpsDays Tel Aviv
 
PDF
THE PLEASURES OF ON-PREM, TOMER GABEL
byDevOpsDays Tel Aviv
 
PPTX
MICROSERVICES ABOVE THE CLOUD - DESIGNING THE INTERNATIONAL SPACE STATION FOR...
byDevOpsDays Tel Aviv
 
PPTX
SLO DRIVEN DEVELOPMENT, ALON NATIV, Tomorrow.io
byDevOpsDays Tel Aviv
 
PPTX
BUILDING A DR PLAN FOR YOUR CLOUD INFRASTRUCTURE FROM THE GROUND UP, MOSHE BE...
byDevOpsDays Tel Aviv
 
PPTX
THE (IR)RATIONAL INCIDENT RESPONSE: HOW PSYCHOLOGICAL BIASES AFFECT INCIDENT ...
byDevOpsDays Tel Aviv
 
PDF
YOUR OPEN SOURCE PROJECT IS LIKE A STARTUP, TREAT IT LIKE ONE, EYAR ZILBERMAN...
byDevOpsDays Tel Aviv
 
PPTX
OPTIMIZING PERFORMANCE USING CONTINUOUS PRODUCTION PROFILING ,YONATAN GOLDSCH...
byDevOpsDays Tel Aviv
 
PPTX
FLYING BLIND - ACCESSIBILITY IN MONITORING, FEU MOUREK, Icinga
byDevOpsDays Tel Aviv
 
PPTX
HOW TO SCALE YOUR ONCALL OPERATION, AND SURVIVE TO TELL, ANTON DRUKH
byDevOpsDays Tel Aviv
 
PPTX
(Ignite) WHAT'S BURNING THROUGH YOUR CLOUD BILL - GIL BAHAT, CIDER SECURITY
byDevOpsDays Tel Aviv
 
PPTX
GRAPHQL TO THE RES(T)CUE, ELLA SHARAKANSKI, Salto
byDevOpsDays Tel Aviv
 
CONFIGURATION MANAGEMENT IN THE CLOUD NATIVE ERA, SHAHAR MINTZ, EggPack
byDevOpsDays Tel Aviv
 
HOW TO OPTIMIZE NON-CODING TIME, ORI KEREN, LinearB
byDevOpsDays Tel Aviv
 
NUDGE AND SLUDGE: DRIVING SECURITY WITH DESIGN // J. WOLFGANG GOERLICH, Duo S...
byDevOpsDays Tel Aviv
 
THE THREE DISCIPLINES OF CI/CD SECURITY, DANIEL KRIVELEVICH, Cider Security
byDevOpsDays Tel Aviv
 
ONBOARDING IN LOCKDOWN, HILA FOX, Augury
byDevOpsDays Tel Aviv
 
(Ignite) TAKE A HIKE: PREVENTING BATTERY CORROSION - LEAH VOGEL, CHEGG
byDevOpsDays Tel Aviv
 
SOLVING THE DEVOPS CRISIS, ONE PERSON AT A TIME, CHRISTINA BABITSKI, Develeap
byDevOpsDays Tel Aviv
 
PRINCIPLES OF OBSERVABILITY // DANIEL MAHER, DataDog
byDevOpsDays Tel Aviv
 
KEYNOTE | WHAT'S COMING IN THE NEXT 10 YEARS OF DEVOPS? // ELLEN CHISA, bolds...
byDevOpsDays Tel Aviv
 
THE PLEASURES OF ON-PREM, TOMER GABEL
byDevOpsDays Tel Aviv
 
MICROSERVICES ABOVE THE CLOUD - DESIGNING THE INTERNATIONAL SPACE STATION FOR...
byDevOpsDays Tel Aviv
 
SLO DRIVEN DEVELOPMENT, ALON NATIV, Tomorrow.io
byDevOpsDays Tel Aviv
 
BUILDING A DR PLAN FOR YOUR CLOUD INFRASTRUCTURE FROM THE GROUND UP, MOSHE BE...
byDevOpsDays Tel Aviv
 
THE (IR)RATIONAL INCIDENT RESPONSE: HOW PSYCHOLOGICAL BIASES AFFECT INCIDENT ...
byDevOpsDays Tel Aviv
 
YOUR OPEN SOURCE PROJECT IS LIKE A STARTUP, TREAT IT LIKE ONE, EYAR ZILBERMAN...
byDevOpsDays Tel Aviv
 
OPTIMIZING PERFORMANCE USING CONTINUOUS PRODUCTION PROFILING ,YONATAN GOLDSCH...
byDevOpsDays Tel Aviv
 
FLYING BLIND - ACCESSIBILITY IN MONITORING, FEU MOUREK, Icinga
byDevOpsDays Tel Aviv
 
HOW TO SCALE YOUR ONCALL OPERATION, AND SURVIVE TO TELL, ANTON DRUKH
byDevOpsDays Tel Aviv
 
(Ignite) WHAT'S BURNING THROUGH YOUR CLOUD BILL - GIL BAHAT, CIDER SECURITY
byDevOpsDays Tel Aviv
 
GRAPHQL TO THE RES(T)CUE, ELLA SHARAKANSKI, Salto
byDevOpsDays Tel Aviv
 

Recently uploaded

PDF
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
DOCX
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
PDF
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
PPTX
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
PDF
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
PPT
software-security-intro in information security.ppt
byismaeelsahib032
 
PDF
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
PDF
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
PPTX
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
PPTX
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
 
PDF
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
PPTX
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
PDF
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
PDF
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
PPTX
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
PPTX
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
 
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
The year in review - MarvelClient in 2025
bypanagenda
 
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
software-security-intro in information security.ppt
byismaeelsahib032
 
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
 
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
 

DON'T PANIC: GETTING YOUR INFRASTRUCTURE DRIFT UNDER CONTROL, ERAN BIBI, Firefly

  • 1.
    Eran Bibi, Co-Founderand CPO, Firefly Don’t Panic: Get Your K8s Drifts Under Control
  • 2.
    E6i Co-Founder & CPO,Firefly Former Head of DevOps & SaaS Platform, Aqua A CLI Type of Guy
  • 3.
    • Code reviews •Immutable infrastructure • Disaster recovery planning • Shift left security scanning for the infrastructure • Pre-deployment cost analysis Why IaC? kubeadm Ansible Terraform Cloud Console eksctl kops The Hard Way Infrastructure-as- code The Challenge: Infrastructures Tend to
  • 4.
    9 out of10 Large Scale Deployments Have Configuration Drifts 50% of the Drifts Were Unnoticed Toil 60% Security 20% Reliability 20% 100% Impact
  • 5.
    Infrastructure Drift Drift iswhat happens whenever the real-world state of your infrastructure differs from the defined one in your configuration. The Configuration The Real-world State
  • 6.
    And Now forReal The Configuration The Real-world State
  • 7.
  • 8.
    Data / Outcome Drifts:Cause & Effect Manual changes (“emergency fix”) Environment discrepancies Automated apps Infrastructure Drift: • Security vulnerabilities • Increased costs • Excessive work • Decreased efficiency • Reliability risk Misalignment between IaC and Cloud APIs
  • 9.
  • 10.
    1st Approach: Establish aDrift Detection Strategy Understand when drifts may become risky Catch the drifts: implement drift detection automation per your stack/s Classify and route each response to respective individual or team
  • 11.
  • 12.
  • 13.
    Takeaways ● Implement toolsto detect drifts ○ Terraform Plan ○ driftctl ○ kubediff ● Consider GitOps methodology as a mitigation strategy ○ ArgoCD ○ Flux ○ JenkinsX ● Tools are not enough, you also need to change behavior
  • 14.
    May your InfrastructureNever Drift gofirefly.io Thank You!