SlideShare a Scribd company logo

FOSDEM 2021 - Infrastructure as Code Drift & Driftctl

Stephane Jourdan
Stephane Jourdan

This document discusses infrastructure as code and infrastructure drift. It begins with definitions and a history of how infrastructure as code started by focusing on having a single source of truth, versioning, documentation through code, testing, collaboration, immutable infrastructure, GitOps, and CI/CD practices. It then notes how infrastructure as code is currently going in reality, with changes happening outside of code, commits not capturing full scope of changes, lack of testing, and other challenges. Existing solutions to manage drift like CI/CD integration, static analysis, testing and policy/compliance tools are briefly mentioned. The document concludes with an introduction to the driftctl open source CLI tool for tracking, analyzing, prioritizing and warning of infrastructure drift.

1 of 34
Download to read offline
Infrastructure as Code drifts aren’t like Pokemon You can’t catch them all
whoami Stephane Jourdan: - @sjourdan (Twitter, GitHub, GitLab,…) - 20 years (Dev)Ops - Co-founded 3 tech companies (CAN/EU) and 1 sound studio. - Driftctl tool co-founder! github.com/cloudskiff/driftctl - “Infrastructure-as-Code Cookbook” author
Agenda - IaC: How it started (3mn) - IaC: How it’s going (6mn) - Let’s drift! (5mn) - Existing solutions (2mn) - Driftctl CLI demo! (5mn) - Q&A (5mn)
Definition Infrastructure Drift / ˈɪn frəˌstrʌk tʃər drɪft / Noun 1. happens when the reality and the expectations don’t match. Synonyms for Infrastructure Drift 1. omg
How It Started
How It Started
How It Started A single source of truth!
How It Started A single source of truth! Versioning!
How It Started A single source of truth! Versioning! The code is the documentation!
How It Started A single source of truth! Versioning! The code is the documentation! Testing!
How It Started A single source of truth! Versioning! The code is the documentation! Testing! Collaboration FTW!
How It Started A single source of truth! Versioning! The code is the documentation! Testing! Collaboration FTW! Immutable Infrastructure!
How It Started A single source of truth! Versioning! The code is the documentation! Testing! Collaboration FTW! Immutable Infrastructure! GitOps!
How It Started A single source of truth! Versioning! The code is the documentation! Testing! Collaboration FTW! Immutable Infrastructure! GitOps! CI/CD!
How It Started A single source of truth! Versioning! The code is the documentation! Testing! Collaboration FTW! Immutable Infrastructure! GitOps! CI/CD! No more local stuff!
How It Started A single source of truth! Versioning! The code is the documentation! Testing! Collaboration FTW! Immutable Infrastructure! GitOps! CI/CD! No more local stuff! Credentials under control!
How It Started A single source of truth! Versioning! The code is the documentation! Testing! Collaboration FTW! Immutable Infrastructure! GitOps! CI/CD! No more local stuff! Credentials under control! Multi-Cloud!
How It Started A single source of truth! Versioning! The code is the documentation! Testing! Collaboration FTW! Immutable Infrastructure! GitOps! CI/CD! No more local stuff! Credentials under control! Multi-Cloud! Skills!
How It Started A single source of truth! Versioning! The code is the documentation! Testing! Collaboration FTW! Immutable Infrastructure! GitOps! CI/CD! No more local stuff! Credentials under control! Multi-Cloud! Skills! Time!
“Do not expect Plato's ideal republic” Marcus Aurelius, Roman Emperor (and hundreds of us in interview) How It’s Going
■ Changes happen outside of IaC (lambdas, scripts, manual…) How It’s Going
■ Changes happen outside of IaC (lambdas, scripts, manual…) ■ Commits don’t include the full scope of change ■ The code documents a partial reality (half-blind), borken processes ■ No one had time to learn & write IaC tests (and they are too costly to run anyway) ■ E_TOO_MANY_TEAMS ; async(false); ■ People still run terraform on their laptop, full CI/CD setup too complicated ■ The move to immutable infrastructure still didn’t happen last year, too bad ■ My [“boss”, “customer”, “coworker”] needs full console access for ${REASON} ■ All team members aren’t still skilled on every IaaS provider ■ Not everything that has an API is yet under IaC (GitHub etc.) How It’s Going
■ Drift! How It’s Going "Drift Car Demo" by iDream_in_Infrared is licensed under CC BY-NC-ND 2.0
■ Drift! How It’s Going "Crash at St.Marys Corner - Andrew Beaumont - LDS Alfa Romeo - Glover Trophy practice - Goodwood Revival 2013 - Driver ok" by PSParrot is licensed under CC BY 2.0
While we use and love Terraform (and other Hashicorp products), Terraform is an excellent provisioner. But it’s not a tool meant to manage what’s outside its scope! And security / compliance tools are another type of software. But...Terraform plan/apply!
Stories!
How an intern with read-only access ended up with rogue Administrative access and keys - without anyone noticing Quick AWS IAM Story
How an intern with rogue Administrative access opened everything to anyone on IPv4 & IPv6 - without anyone noticing Quick AWS Security Group Story
How a scripting issue created a billing nightmare - With only billing noticing Quick AWS S3 Story
■ CI/CD Integration (Jenkins, Terraform Cloud, Atlantis, env0…) ■ Static Analysis (Checkov, TFLint, TFSec,…) ■ Testing & Verification (Terratest, InSpec,...). ■ Policy & Compliance (Sentinel,…) Existing Solutions
driftctl Our own open-source solution for drift management
driftctl Our own open-source solution for drift management
driftctl Our own open-source solution for drift management ■ AWS Support (more to come) ■ Terraform State support (local/S3) ■ Filtering & Ignore support ■ Written in Go ■ Apache 2.0 License
FLOSS CLI that tracks, analyzes, prioritizes, and warns of infrastructure drift cloudskiff/driftctl About driftctl Take control of infrastructure drift

Recommended

Hashitalks 2021 Infrastructure Drift & Driftctl
Hashitalks 2021 Infrastructure Drift & Driftctl Hashitalks 2021 Infrastructure Drift & Driftctl
Hashitalks 2021 Infrastructure Drift & Driftctl
Stephane Jourdan
 
20140708 - Jeremy Edberg: How Netflix Delivers Software
20140708 - Jeremy Edberg: How Netflix Delivers Software20140708 - Jeremy Edberg: How Netflix Delivers Software
20140708 - Jeremy Edberg: How Netflix Delivers Software
DevOps Chicago
 
Microservices reativos usando a stack do Netflix na AWS
Microservices reativos usando a stack do Netflix na AWSMicroservices reativos usando a stack do Netflix na AWS
Microservices reativos usando a stack do Netflix na AWS
Diego Pacheco
 
Netflix oss season 2 episode 1 - meetup Lightning talks
Netflix oss season 2 episode 1 - meetup Lightning talksNetflix oss season 2 episode 1 - meetup Lightning talks
Netflix oss season 2 episode 1 - meetup Lightning talksRuslan Meshenberg
 
NetflixOSS: The Netflix Way
NetflixOSS: The Netflix WayNetflixOSS: The Netflix Way
NetflixOSS: The Netflix Way
Diego Pacheco
 
56k.cloud intro and pitch deck
56k.cloud intro and pitch deck56k.cloud intro and pitch deck
56k.cloud intro and pitch deck
Brian Christner
 
Netflix Cloud Platform and Open Source
Netflix Cloud Platform and Open SourceNetflix Cloud Platform and Open Source
Netflix Cloud Platform and Open Source
aspyker
 
CS80A Foothill College Open Source Talk
CS80A Foothill College Open Source TalkCS80A Foothill College Open Source Talk
CS80A Foothill College Open Source Talk
aspyker
 

Recommended

Hashitalks 2021 Infrastructure Drift & Driftctl
Hashitalks 2021 Infrastructure Drift & Driftctl Hashitalks 2021 Infrastructure Drift & Driftctl
Hashitalks 2021 Infrastructure Drift & Driftctl
Stephane Jourdan
 
20140708 - Jeremy Edberg: How Netflix Delivers Software
20140708 - Jeremy Edberg: How Netflix Delivers Software20140708 - Jeremy Edberg: How Netflix Delivers Software
20140708 - Jeremy Edberg: How Netflix Delivers Software
DevOps Chicago
 
Microservices reativos usando a stack do Netflix na AWS
Microservices reativos usando a stack do Netflix na AWSMicroservices reativos usando a stack do Netflix na AWS
Microservices reativos usando a stack do Netflix na AWS
Diego Pacheco
 
Netflix oss season 2 episode 1 - meetup Lightning talks
Netflix oss season 2 episode 1 - meetup Lightning talksNetflix oss season 2 episode 1 - meetup Lightning talks
Netflix oss season 2 episode 1 - meetup Lightning talksRuslan Meshenberg
 
NetflixOSS: The Netflix Way
NetflixOSS: The Netflix WayNetflixOSS: The Netflix Way
NetflixOSS: The Netflix Way
Diego Pacheco
 
56k.cloud intro and pitch deck
56k.cloud intro and pitch deck56k.cloud intro and pitch deck
56k.cloud intro and pitch deck
Brian Christner
 
Netflix Cloud Platform and Open Source
Netflix Cloud Platform and Open SourceNetflix Cloud Platform and Open Source
Netflix Cloud Platform and Open Source
aspyker
 
CS80A Foothill College Open Source Talk
CS80A Foothill College Open Source TalkCS80A Foothill College Open Source Talk
CS80A Foothill College Open Source Talk
aspyker
 
Kenzan Spinnaker Meetup
Kenzan Spinnaker MeetupKenzan Spinnaker Meetup
Kenzan Spinnaker Meetup
Ambassador Labs
 
Whats new in brigade 2
Whats new in brigade 2Whats new in brigade 2
Whats new in brigade 2
LibbySchulze
 
Kubecon seattle 2018 workshop slides
Kubecon seattle 2018 workshop slidesKubecon seattle 2018 workshop slides
Kubecon seattle 2018 workshop slides
Weaveworks
 
Is your kubernetes negative or positive
Is your kubernetes negative or positive Is your kubernetes negative or positive
Is your kubernetes negative or positive
LibbySchulze
 
OpenInfraDays2019 Mastering Openstack the DevOps way
OpenInfraDays2019 Mastering Openstack the DevOps wayOpenInfraDays2019 Mastering Openstack the DevOps way
OpenInfraDays2019 Mastering Openstack the DevOps way
scott liao
 
DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA
Docker, Inc.
 
Tracking Huge Files with Git LFS
Tracking Huge Files with Git LFSTracking Huge Files with Git LFS
Tracking Huge Files with Git LFS
Atlassian
 
SpringOne 2016 in a nutshell
SpringOne 2016 in a nutshellSpringOne 2016 in a nutshell
SpringOne 2016 in a nutshell
Jeroen Resoort
 
Netflix Open Source Meetup Season 3 Episode 2
Netflix Open Source Meetup Season 3 Episode 2Netflix Open Source Meetup Season 3 Episode 2
Netflix Open Source Meetup Season 3 Episode 2
aspyker
 
Why Swift on the server?
Why Swift on the server?Why Swift on the server?
Why Swift on the server?
ibmmobile
 
Introducing Pico - A Deep Learning Platform using Docker & IoT - Sangam Biradar
Introducing Pico - A Deep Learning Platform using Docker & IoT - Sangam BiradarIntroducing Pico - A Deep Learning Platform using Docker & IoT - Sangam Biradar
Introducing Pico - A Deep Learning Platform using Docker & IoT - Sangam Biradar
sangam biradar
 
A DevOps State of Mind with Microservices, Containers and Kubernetes
A DevOps State of Mind with Microservices, Containers and KubernetesA DevOps State of Mind with Microservices, Containers and Kubernetes
A DevOps State of Mind with Microservices, Containers and Kubernetes
All Things Open
 
Triangle Devops Meetup 10/2015
Triangle Devops Meetup 10/2015Triangle Devops Meetup 10/2015
Triangle Devops Meetup 10/2015
aspyker
 
Datadog- Monitoring In Motion
Datadog- Monitoring In Motion Datadog- Monitoring In Motion
Datadog- Monitoring In Motion
Cloud Native Apps SF
 
10 Steps to Cloud Happiness
10 Steps to Cloud Happiness10 Steps to Cloud Happiness
10 Steps to Cloud Happiness
All Things Open
 
Netflix and Containers: Not A Stranger Thing
Netflix and Containers: Not A Stranger ThingNetflix and Containers: Not A Stranger Thing
Netflix and Containers: Not A Stranger Thing
aspyker
 
Infrastructure as Code
Infrastructure as CodeInfrastructure as Code
Infrastructure as Code
Prasant Kumar
 
Docker
DockerDocker
Docker
Diego Pacheco
 
Docker Serverless
Docker ServerlessDocker Serverless
Docker Serverless
Brian Christner
 
Software Delivery at Warp Speed: Five Essential Techniques
Software Delivery at Warp Speed: Five Essential TechniquesSoftware Delivery at Warp Speed: Five Essential Techniques
Software Delivery at Warp Speed: Five Essential Techniques
Atlassian
 
stackconf 2021 | Why you should take care of infrastructure drift
stackconf 2021 | Why you should take care of infrastructure driftstackconf 2021 | Why you should take care of infrastructure drift
stackconf 2021 | Why you should take care of infrastructure drift
NETWAYS
 
Teaching Elephants to Dance (Federal Audience): A Developer's Journey to Digi...
Teaching Elephants to Dance (Federal Audience): A Developer's Journey to Digi...Teaching Elephants to Dance (Federal Audience): A Developer's Journey to Digi...
Teaching Elephants to Dance (Federal Audience): A Developer's Journey to Digi...
Burr Sutter
 

More Related Content

What's hot

Kenzan Spinnaker Meetup
Kenzan Spinnaker MeetupKenzan Spinnaker Meetup
Kenzan Spinnaker Meetup
Ambassador Labs
 
Whats new in brigade 2
Whats new in brigade 2Whats new in brigade 2
Whats new in brigade 2
LibbySchulze
 
Kubecon seattle 2018 workshop slides
Kubecon seattle 2018 workshop slidesKubecon seattle 2018 workshop slides
Kubecon seattle 2018 workshop slides
Weaveworks
 
Is your kubernetes negative or positive
Is your kubernetes negative or positive Is your kubernetes negative or positive
Is your kubernetes negative or positive
LibbySchulze
 
OpenInfraDays2019 Mastering Openstack the DevOps way
OpenInfraDays2019 Mastering Openstack the DevOps wayOpenInfraDays2019 Mastering Openstack the DevOps way
OpenInfraDays2019 Mastering Openstack the DevOps way
scott liao
 
DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA
Docker, Inc.
 
Tracking Huge Files with Git LFS
Tracking Huge Files with Git LFSTracking Huge Files with Git LFS
Tracking Huge Files with Git LFS
Atlassian
 
SpringOne 2016 in a nutshell
SpringOne 2016 in a nutshellSpringOne 2016 in a nutshell
SpringOne 2016 in a nutshell
Jeroen Resoort
 
Netflix Open Source Meetup Season 3 Episode 2
Netflix Open Source Meetup Season 3 Episode 2Netflix Open Source Meetup Season 3 Episode 2
Netflix Open Source Meetup Season 3 Episode 2
aspyker
 
Why Swift on the server?
Why Swift on the server?Why Swift on the server?
Why Swift on the server?
ibmmobile
 
Introducing Pico - A Deep Learning Platform using Docker & IoT - Sangam Biradar
Introducing Pico - A Deep Learning Platform using Docker & IoT - Sangam BiradarIntroducing Pico - A Deep Learning Platform using Docker & IoT - Sangam Biradar
Introducing Pico - A Deep Learning Platform using Docker & IoT - Sangam Biradar
sangam biradar
 
A DevOps State of Mind with Microservices, Containers and Kubernetes
A DevOps State of Mind with Microservices, Containers and KubernetesA DevOps State of Mind with Microservices, Containers and Kubernetes
A DevOps State of Mind with Microservices, Containers and Kubernetes
All Things Open
 
Triangle Devops Meetup 10/2015
Triangle Devops Meetup 10/2015Triangle Devops Meetup 10/2015
Triangle Devops Meetup 10/2015
aspyker
 
Datadog- Monitoring In Motion
Datadog- Monitoring In Motion Datadog- Monitoring In Motion
Datadog- Monitoring In Motion
Cloud Native Apps SF
 
10 Steps to Cloud Happiness
10 Steps to Cloud Happiness10 Steps to Cloud Happiness
10 Steps to Cloud Happiness
All Things Open
 
Netflix and Containers: Not A Stranger Thing
Netflix and Containers: Not A Stranger ThingNetflix and Containers: Not A Stranger Thing
Netflix and Containers: Not A Stranger Thing
aspyker
 
Infrastructure as Code
Infrastructure as CodeInfrastructure as Code
Infrastructure as Code
Prasant Kumar
 
Docker
DockerDocker
Docker
Diego Pacheco
 
Docker Serverless
Docker ServerlessDocker Serverless
Docker Serverless
Brian Christner
 
Software Delivery at Warp Speed: Five Essential Techniques
Software Delivery at Warp Speed: Five Essential TechniquesSoftware Delivery at Warp Speed: Five Essential Techniques
Software Delivery at Warp Speed: Five Essential Techniques
Atlassian
 

What's hot (20)

Kenzan Spinnaker Meetup
Kenzan Spinnaker MeetupKenzan Spinnaker Meetup
Kenzan Spinnaker Meetup
 
Whats new in brigade 2
Whats new in brigade 2Whats new in brigade 2
Whats new in brigade 2
 
Kubecon seattle 2018 workshop slides
Kubecon seattle 2018 workshop slidesKubecon seattle 2018 workshop slides
Kubecon seattle 2018 workshop slides
 
Is your kubernetes negative or positive
Is your kubernetes negative or positive Is your kubernetes negative or positive
Is your kubernetes negative or positive
 
OpenInfraDays2019 Mastering Openstack the DevOps way
OpenInfraDays2019 Mastering Openstack the DevOps wayOpenInfraDays2019 Mastering Openstack the DevOps way
OpenInfraDays2019 Mastering Openstack the DevOps way
 
DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA
 
Tracking Huge Files with Git LFS
Tracking Huge Files with Git LFSTracking Huge Files with Git LFS
Tracking Huge Files with Git LFS
 
SpringOne 2016 in a nutshell
SpringOne 2016 in a nutshellSpringOne 2016 in a nutshell
SpringOne 2016 in a nutshell
 
Netflix Open Source Meetup Season 3 Episode 2
Netflix Open Source Meetup Season 3 Episode 2Netflix Open Source Meetup Season 3 Episode 2
Netflix Open Source Meetup Season 3 Episode 2
 
Why Swift on the server?
Why Swift on the server?Why Swift on the server?
Why Swift on the server?
 
Introducing Pico - A Deep Learning Platform using Docker & IoT - Sangam Biradar
Introducing Pico - A Deep Learning Platform using Docker & IoT - Sangam BiradarIntroducing Pico - A Deep Learning Platform using Docker & IoT - Sangam Biradar
Introducing Pico - A Deep Learning Platform using Docker & IoT - Sangam Biradar
 
A DevOps State of Mind with Microservices, Containers and Kubernetes
A DevOps State of Mind with Microservices, Containers and KubernetesA DevOps State of Mind with Microservices, Containers and Kubernetes
A DevOps State of Mind with Microservices, Containers and Kubernetes
 
Triangle Devops Meetup 10/2015
Triangle Devops Meetup 10/2015Triangle Devops Meetup 10/2015
Triangle Devops Meetup 10/2015
 
Datadog- Monitoring In Motion
Datadog- Monitoring In Motion Datadog- Monitoring In Motion
Datadog- Monitoring In Motion
 
10 Steps to Cloud Happiness
10 Steps to Cloud Happiness10 Steps to Cloud Happiness
10 Steps to Cloud Happiness
 
Netflix and Containers: Not A Stranger Thing
Netflix and Containers: Not A Stranger ThingNetflix and Containers: Not A Stranger Thing
Netflix and Containers: Not A Stranger Thing
 
Infrastructure as Code
Infrastructure as CodeInfrastructure as Code
Infrastructure as Code
 
Docker
DockerDocker
Docker
 
Docker Serverless
Docker ServerlessDocker Serverless
Docker Serverless
 
Software Delivery at Warp Speed: Five Essential Techniques
Software Delivery at Warp Speed: Five Essential TechniquesSoftware Delivery at Warp Speed: Five Essential Techniques
Software Delivery at Warp Speed: Five Essential Techniques
 

Similar to FOSDEM 2021 - Infrastructure as Code Drift & Driftctl

stackconf 2021 | Why you should take care of infrastructure drift
stackconf 2021 | Why you should take care of infrastructure driftstackconf 2021 | Why you should take care of infrastructure drift
stackconf 2021 | Why you should take care of infrastructure drift
NETWAYS
 
Teaching Elephants to Dance (Federal Audience): A Developer's Journey to Digi...
Teaching Elephants to Dance (Federal Audience): A Developer's Journey to Digi...Teaching Elephants to Dance (Federal Audience): A Developer's Journey to Digi...
Teaching Elephants to Dance (Federal Audience): A Developer's Journey to Digi...
Burr Sutter
 
How to run your own blockchain pilot
How to run your own blockchain pilotHow to run your own blockchain pilot
How to run your own blockchain pilot
Simon Wilson
 
The dangers of black box devices.
The dangers of black box devices.The dangers of black box devices.
The dangers of black box devices.
Rsaesha
 
TTD Tatort-driven Development
TTD Tatort-driven DevelopmentTTD Tatort-driven Development
TTD Tatort-driven Development
inovex GmbH
 
Big Data Approaches to Cloud Security
Big Data Approaches to Cloud SecurityBig Data Approaches to Cloud Security
Big Data Approaches to Cloud Security
Paul Morse
 
Traefik on google kubernetes engine
Traefik on google kubernetes engineTraefik on google kubernetes engine
Traefik on google kubernetes engine
Manuel Zapf
 
WebWorkersCamp 2010
WebWorkersCamp 2010WebWorkersCamp 2010
WebWorkersCamp 2010
Olivier Gutknecht
 
The internet of $h1t
The internet of $h1tThe internet of $h1t
The internet of $h1t
Amit Serper
 
Deep dive nella supply chain della nostra infrastruttura cloud
Deep dive nella supply chain della nostra infrastruttura cloudDeep dive nella supply chain della nostra infrastruttura cloud
Deep dive nella supply chain della nostra infrastruttura cloud
sparkfabrik
 
AWS re:Invent 2016: IoT and Beyond: Building IoT Solutions for Exploring the ...
AWS re:Invent 2016: IoT and Beyond: Building IoT Solutions for Exploring the ...AWS re:Invent 2016: IoT and Beyond: Building IoT Solutions for Exploring the ...
AWS re:Invent 2016: IoT and Beyond: Building IoT Solutions for Exploring the ...
Amazon Web Services
 
Hacklu2011 tricaud
Hacklu2011 tricaudHacklu2011 tricaud
Hacklu2011 tricaud
stricaud
 
Agile Development with OSGi
Agile Development with OSGiAgile Development with OSGi
Agile Development with OSGi
Matt Stine
 
What is happening with my microservices?
What is happening with my microservices?What is happening with my microservices?
What is happening with my microservices?
Israel Blancas
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
lior mazor
 
Surviving SOA
Surviving SOASurviving SOA
Surviving SOA
Energized Work
 
Surviving SOA - delivering (somewhat) continuously on a hostile planet
Surviving SOA - delivering (somewhat) continuously on a hostile planetSurviving SOA - delivering (somewhat) continuously on a hostile planet
Surviving SOA - delivering (somewhat) continuously on a hostile planet
TomAkehurst
 
Pharo Update
Pharo Update Pharo Update
Pharo Update
ESUG
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and Exploitation
Tom Eston
 
FreeBSD: Looking forward to another 10 years by Jordan Hubbard
FreeBSD: Looking forward to another 10 years by Jordan HubbardFreeBSD: Looking forward to another 10 years by Jordan Hubbard
FreeBSD: Looking forward to another 10 years by Jordan Hubbard
eurobsdcon
 

Similar to FOSDEM 2021 - Infrastructure as Code Drift & Driftctl (20)

stackconf 2021 | Why you should take care of infrastructure drift
stackconf 2021 | Why you should take care of infrastructure driftstackconf 2021 | Why you should take care of infrastructure drift
stackconf 2021 | Why you should take care of infrastructure drift
 
Teaching Elephants to Dance (Federal Audience): A Developer's Journey to Digi...
Teaching Elephants to Dance (Federal Audience): A Developer's Journey to Digi...Teaching Elephants to Dance (Federal Audience): A Developer's Journey to Digi...
Teaching Elephants to Dance (Federal Audience): A Developer's Journey to Digi...
 
How to run your own blockchain pilot
How to run your own blockchain pilotHow to run your own blockchain pilot
How to run your own blockchain pilot
 
The dangers of black box devices.
The dangers of black box devices.The dangers of black box devices.
The dangers of black box devices.
 
TTD Tatort-driven Development
TTD Tatort-driven DevelopmentTTD Tatort-driven Development
TTD Tatort-driven Development
 
Big Data Approaches to Cloud Security
Big Data Approaches to Cloud SecurityBig Data Approaches to Cloud Security
Big Data Approaches to Cloud Security
 
Traefik on google kubernetes engine
Traefik on google kubernetes engineTraefik on google kubernetes engine
Traefik on google kubernetes engine
 
WebWorkersCamp 2010
WebWorkersCamp 2010WebWorkersCamp 2010
WebWorkersCamp 2010
 
The internet of $h1t
The internet of $h1tThe internet of $h1t
The internet of $h1t
 
Deep dive nella supply chain della nostra infrastruttura cloud
Deep dive nella supply chain della nostra infrastruttura cloudDeep dive nella supply chain della nostra infrastruttura cloud
Deep dive nella supply chain della nostra infrastruttura cloud
 
AWS re:Invent 2016: IoT and Beyond: Building IoT Solutions for Exploring the ...
AWS re:Invent 2016: IoT and Beyond: Building IoT Solutions for Exploring the ...AWS re:Invent 2016: IoT and Beyond: Building IoT Solutions for Exploring the ...
AWS re:Invent 2016: IoT and Beyond: Building IoT Solutions for Exploring the ...
 
Hacklu2011 tricaud
Hacklu2011 tricaudHacklu2011 tricaud
Hacklu2011 tricaud
 
Agile Development with OSGi
Agile Development with OSGiAgile Development with OSGi
Agile Development with OSGi
 
What is happening with my microservices?
What is happening with my microservices?What is happening with my microservices?
What is happening with my microservices?
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
 
Surviving SOA
Surviving SOASurviving SOA
Surviving SOA
 
Surviving SOA - delivering (somewhat) continuously on a hostile planet
Surviving SOA - delivering (somewhat) continuously on a hostile planetSurviving SOA - delivering (somewhat) continuously on a hostile planet
Surviving SOA - delivering (somewhat) continuously on a hostile planet
 
Pharo Update
Pharo Update Pharo Update
Pharo Update
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and Exploitation
 
FreeBSD: Looking forward to another 10 years by Jordan Hubbard
FreeBSD: Looking forward to another 10 years by Jordan HubbardFreeBSD: Looking forward to another 10 years by Jordan Hubbard
FreeBSD: Looking forward to another 10 years by Jordan Hubbard
 

Recently uploaded

Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Mind IT Systems
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
Ortus Solutions, Corp
 
Lecture 1 Introduction to games development
Lecture 1 Introduction to games developmentLecture 1 Introduction to games development
Lecture 1 Introduction to games development
abdulrafaychaudhry
 
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar
 
Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of Programming
Matt Welsh
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
takuyayamamoto1800
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Globus
 
Corporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMSCorporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMS
Tendenci - The Open Source AMS (Association Management Software)
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Globus
 
GlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote sessionGlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote session
Globus
 
Using IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New ZealandUsing IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New Zealand
IES VE
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
AMB-Review
 
Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
WSO2
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
Ortus Solutions, Corp
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Globus
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
wottaspaceseo
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
XfilesPro
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Shahin Sheidaei
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
Paco van Beckhoven
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus
 

Recently uploaded (20)

Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
 
Lecture 1 Introduction to games development
Lecture 1 Introduction to games developmentLecture 1 Introduction to games development
Lecture 1 Introduction to games development
 
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBroker
 
Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of Programming
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
 
Corporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMSCorporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMS
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
 
GlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote sessionGlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote session
 
Using IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New ZealandUsing IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New Zealand
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
 
Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
 

FOSDEM 2021 - Infrastructure as Code Drift & Driftctl

  • 1. Infrastructure as Code drifts aren’t like Pokemon You can’t catch them all
  • 2. whoami Stephane Jourdan: - @sjourdan (Twitter, GitHub, GitLab,…) - 20 years (Dev)Ops - Co-founded 3 tech companies (CAN/EU) and 1 sound studio. - Driftctl tool co-founder! github.com/cloudskiff/driftctl - “Infrastructure-as-Code Cookbook” author
  • 3. Agenda - IaC: How it started (3mn) - IaC: How it’s going (6mn) - Let’s drift! (5mn) - Existing solutions (2mn) - Driftctl CLI demo! (5mn) - Q&A (5mn)
  • 4. Definition Infrastructure Drift / ˈɪn frəˌstrʌk tʃər drɪft / Noun 1. happens when the reality and the expectations don’t match. Synonyms for Infrastructure Drift 1. omg
  • 7. How It Started A single source of truth!
  • 8. How It Started A single source of truth! Versioning!
  • 9. How It Started A single source of truth! Versioning! The code is the documentation!
  • 10. How It Started A single source of truth! Versioning! The code is the documentation! Testing!
  • 11. How It Started A single source of truth! Versioning! The code is the documentation! Testing! Collaboration FTW!
  • 12. How It Started A single source of truth! Versioning! The code is the documentation! Testing! Collaboration FTW! Immutable Infrastructure!
  • 13. How It Started A single source of truth! Versioning! The code is the documentation! Testing! Collaboration FTW! Immutable Infrastructure! GitOps!
  • 14. How It Started A single source of truth! Versioning! The code is the documentation! Testing! Collaboration FTW! Immutable Infrastructure! GitOps! CI/CD!
  • 15. How It Started A single source of truth! Versioning! The code is the documentation! Testing! Collaboration FTW! Immutable Infrastructure! GitOps! CI/CD! No more local stuff!
  • 16. How It Started A single source of truth! Versioning! The code is the documentation! Testing! Collaboration FTW! Immutable Infrastructure! GitOps! CI/CD! No more local stuff! Credentials under control!
  • 17. How It Started A single source of truth! Versioning! The code is the documentation! Testing! Collaboration FTW! Immutable Infrastructure! GitOps! CI/CD! No more local stuff! Credentials under control! Multi-Cloud!
  • 18. How It Started A single source of truth! Versioning! The code is the documentation! Testing! Collaboration FTW! Immutable Infrastructure! GitOps! CI/CD! No more local stuff! Credentials under control! Multi-Cloud! Skills!
  • 19. How It Started A single source of truth! Versioning! The code is the documentation! Testing! Collaboration FTW! Immutable Infrastructure! GitOps! CI/CD! No more local stuff! Credentials under control! Multi-Cloud! Skills! Time!
  • 20. “Do not expect Plato's ideal republic” Marcus Aurelius, Roman Emperor (and hundreds of us in interview) How It’s Going
  • 21. ■ Changes happen outside of IaC (lambdas, scripts, manual…) How It’s Going
  • 22. ■ Changes happen outside of IaC (lambdas, scripts, manual…) ■ Commits don’t include the full scope of change ■ The code documents a partial reality (half-blind), borken processes ■ No one had time to learn & write IaC tests (and they are too costly to run anyway) ■ E_TOO_MANY_TEAMS ; async(false); ■ People still run terraform on their laptop, full CI/CD setup too complicated ■ The move to immutable infrastructure still didn’t happen last year, too bad ■ My [“boss”, “customer”, “coworker”] needs full console access for ${REASON} ■ All team members aren’t still skilled on every IaaS provider ■ Not everything that has an API is yet under IaC (GitHub etc.) How It’s Going
  • 23. ■ Drift! How It’s Going "Drift Car Demo" by iDream_in_Infrared is licensed under CC BY-NC-ND 2.0
  • 24. ■ Drift! How It’s Going "Crash at St.Marys Corner - Andrew Beaumont - LDS Alfa Romeo - Glover Trophy practice - Goodwood Revival 2013 - Driver ok" by PSParrot is licensed under CC BY 2.0
  • 25. While we use and love Terraform (and other Hashicorp products), Terraform is an excellent provisioner. But it’s not a tool meant to manage what’s outside its scope! And security / compliance tools are another type of software. But...Terraform plan/apply!
  • 27. How an intern with read-only access ended up with rogue Administrative access and keys - without anyone noticing Quick AWS IAM Story
  • 28. How an intern with rogue Administrative access opened everything to anyone on IPv4 & IPv6 - without anyone noticing Quick AWS Security Group Story
  • 29. How a scripting issue created a billing nightmare - With only billing noticing Quick AWS S3 Story
  • 30. ■ CI/CD Integration (Jenkins, Terraform Cloud, Atlantis, env0…) ■ Static Analysis (Checkov, TFLint, TFSec,…) ■ Testing & Verification (Terratest, InSpec,...). ■ Policy & Compliance (Sentinel,…) Existing Solutions
  • 31. driftctl Our own open-source solution for drift management
  • 32. driftctl Our own open-source solution for drift management
  • 33. driftctl Our own open-source solution for drift management ■ AWS Support (more to come) ■ Terraform State support (local/S3) ■ Filtering & Ignore support ■ Written in Go ■ Apache 2.0 License
  • 34. FLOSS CLI that tracks, analyzes, prioritizes, and warns of infrastructure drift cloudskiff/driftctl About driftctl Take control of infrastructure drift