SlideShare a Scribd company logo

Hashicorp @ JUST EAT - Part 2

A
Andrew Brown

The use of Hashicorp tools at JUST EAT is constantly evolving, this is a update on the progress over the past 12 months.

1 of 25
Download to read offline
Andrew Brown - Senior Platform Engineer Jan 18th 2016 HashiCorp at JUST EAT Part II
Overview JUST EAT Consul Vault Summary
JUST EAT “the world’s leading marketplace for online food delivery” - Amazon Web Services - Run hundreds of EC2 Instances at peak - Customers Worldwide - Microservices > 100 - Multiple accounts, environments - Using HashiCorp tools in since 2015
Consul - Initial Rollout - Cluster Per Environment - Seed key/values from GitHub (git2consul) - Expand keys : true - Every EC2 Instance runs Consul Agent - Each microservice registers a service and has custom ACL - Used Consul-Template to generate .config files
Consul eu-west-1a eu-west-1b eu-west-1c eu-west-1x GIT2CONSUL
Consul Key/Values Feature Configuration /config/features/<featureName>/…. Environment Configuration /config/environment/monitoring/…. Settings /config/settings/messageRegion/….
Consul-Template Setup - Consul-Template pre-baked on AMIs (Packer) - Service installed during deployment - Consul-Template files bundled with feature package - Generated *.config files (.Net) Lessons Learnt - Replacing static files meant more effort to run locally - Worked well - However... web.config and connectionstrings.config cannot be changed without cycling AppPool !
Consul Libraries .NET Libraries - using https://github.com/PlayFab/consuldotnet JustEatConsul - Setup Client - Setup default endpoints - key prefixes - Create configuration object recursively checking all key/values (remove prefix) - Return configuration object: var defaultTimeout = configurationRoot[“timeout”]
Consul Libraries AppSettings - Add AppSettings as a configuration source
Consul Watches HttpReload - Endpoint to trigger rebuild of the ConfigurationRoot Consul Watch - Windows (NSSM) Service setup during deployment - “Watches” key prefixes for the feature deployed - Invokes a WebRequest to local endpoint - Only rebuild when a value used by the feature is changed
Consul Watches Lessons Learnt - Building functionality into the Code vs Static files - Watch per key prefix….. - Reliable
Consul ACLs ACL per Feature - Generated during Deployment Lessons Learnt - Adding new endpoints, meant a deployment to get new ACL - Use events and triggers - Avoid different rules across types of environment - Create Ad-hoc ACLs...and tidy them afterwards! - Clear browser local storage
Source of Truth - Launched a Consul Cluster for Just Eat Source of Truth - Accounts, Environments, Features, Teams - UI has transformed JSON files to readable content - Reliable Use Case : Centralised Data
Use Case : Consul Locks “Unique” Instance Value - Require unique node name, used for : - Consul Node - Monitoring Stats - Log Files - Each EC2 needs an instance position - Use AWS service SimpleDB - being retired…. Deployment - Instance Locks key/value - Finds free position, - Allocates values - Releases Lock
Lessons Learnt - Very easy to setup - Configurable - retries, timeouts, number of locks - Reliable Consul Locks 001 003 002
Vault “Why aren’t you using Vault?” - “We plan to….” Approach - Launch separate Vault Clusters - Keep “config” distinct - Not held in source control - Backed by Consul - Manually added passwords
Vault eu-west-1a eu-west-1b eu-west-1c eu-west-1a eu-west-1b eu-west-1c
Vault Challenges - Mechanism to create “tokens” for EC2 instances - How to access the secrets - Keeping it simple vs making it secure - Backing up the data - Mechanism to add secrets - Alerting, Auditing, Logging
Vault - Token Launch Stack i-12345 i-12345 i-12345 ASG CloudWatch Event { “acl” : a1a1a1-b2b2b2 }
.NET Library - using https://github.com/rajanadar/VaultSharp JustEatVault - Use token generated during deployment var password = configuration[“my_password”] Vault - Accessing Secrets
Lessons Learnt - Vault instances didn’t forward requests….. - Look after your keys - Read the docs slowly Vault
- Consul, Packer, Vault, Nomad…. - Use available open source tools - Newer versions solving workarounds Summary
Summary - Some roll-out/migration pain - ports, stats - Read the docs - Use the features that suit your needs - Still making the case for Terraform
Questions?
Hashicorp @ JUST EAT - Part 2

Recommended

AWS Lambda at JUST EAT
AWS Lambda at JUST EATAWS Lambda at JUST EAT
AWS Lambda at JUST EAT
Andrew Brown
 
HashiCorp at Just Eat
HashiCorp at Just EatHashiCorp at Just Eat
HashiCorp at Just Eat
Andrew Brown
 
Ansible on aws - Pop-up Loft Tel Aviv
Ansible on aws - Pop-up Loft Tel AvivAnsible on aws - Pop-up Loft Tel Aviv
Ansible on aws - Pop-up Loft Tel Aviv
Amazon Web Services
 
London Hug 19/5 - Terraform in Production
London Hug 19/5 - Terraform in ProductionLondon Hug 19/5 - Terraform in Production
London Hug 19/5 - Terraform in Production
London HashiCorp User Group
 
Using Ansible at Scale to Manage a Public Cloud
Using Ansible at Scale to Manage a Public CloudUsing Ansible at Scale to Manage a Public Cloud
Using Ansible at Scale to Manage a Public Cloud
Jesse Keating
 
AWS Elastic Container Service - DockerHN
AWS Elastic Container Service - DockerHNAWS Elastic Container Service - DockerHN
AWS Elastic Container Service - DockerHN
Nguyen Anh Tu
 
Automation with Packer and TerraForm
Automation with Packer and TerraFormAutomation with Packer and TerraForm
Automation with Packer and TerraForm
Wesley Charles Blake
 
Amazon EC2 Container Service: Manage Docker-Enabled Apps in EC2
Amazon EC2 Container Service: Manage Docker-Enabled Apps in EC2Amazon EC2 Container Service: Manage Docker-Enabled Apps in EC2
Amazon EC2 Container Service: Manage Docker-Enabled Apps in EC2
Amazon Web Services
 

Recommended

AWS Lambda at JUST EAT
AWS Lambda at JUST EATAWS Lambda at JUST EAT
AWS Lambda at JUST EAT
Andrew Brown
 
HashiCorp at Just Eat
HashiCorp at Just EatHashiCorp at Just Eat
HashiCorp at Just Eat
Andrew Brown
 
Ansible on aws - Pop-up Loft Tel Aviv
Ansible on aws - Pop-up Loft Tel AvivAnsible on aws - Pop-up Loft Tel Aviv
Ansible on aws - Pop-up Loft Tel Aviv
Amazon Web Services
 
London Hug 19/5 - Terraform in Production
London Hug 19/5 - Terraform in ProductionLondon Hug 19/5 - Terraform in Production
London Hug 19/5 - Terraform in Production
London HashiCorp User Group
 
Using Ansible at Scale to Manage a Public Cloud
Using Ansible at Scale to Manage a Public CloudUsing Ansible at Scale to Manage a Public Cloud
Using Ansible at Scale to Manage a Public Cloud
Jesse Keating
 
AWS Elastic Container Service - DockerHN
AWS Elastic Container Service - DockerHNAWS Elastic Container Service - DockerHN
AWS Elastic Container Service - DockerHN
Nguyen Anh Tu
 
Automation with Packer and TerraForm
Automation with Packer and TerraFormAutomation with Packer and TerraForm
Automation with Packer and TerraForm
Wesley Charles Blake
 
Amazon EC2 Container Service: Manage Docker-Enabled Apps in EC2
Amazon EC2 Container Service: Manage Docker-Enabled Apps in EC2Amazon EC2 Container Service: Manage Docker-Enabled Apps in EC2
Amazon EC2 Container Service: Manage Docker-Enabled Apps in EC2
Amazon Web Services
 
Create Microservice with Spring Boot and Docker
Create Microservice with Spring Boot and DockerCreate Microservice with Spring Boot and Docker
Create Microservice with Spring Boot and Docker
Sivaprakash
 
Docker 1.12 (dockercon recap)
Docker 1.12 (dockercon recap)Docker 1.12 (dockercon recap)
Docker 1.12 (dockercon recap)
Nguyen Anh Tu
 
Amazon EC2 Container Service: Manage Docker-Enabled Apps in EC2
Amazon EC2 Container Service: Manage Docker-Enabled Apps in EC2Amazon EC2 Container Service: Manage Docker-Enabled Apps in EC2
Amazon EC2 Container Service: Manage Docker-Enabled Apps in EC2
Amazon Web Services
 
Setup Kubernetes Cluster On AWS Using KOPS
Setup Kubernetes Cluster On AWS Using KOPSSetup Kubernetes Cluster On AWS Using KOPS
Setup Kubernetes Cluster On AWS Using KOPS
Sivaprakash
 
No Docker? No Problem: Automating installation and config with Ansible
No Docker? No Problem: Automating installation and config with AnsibleNo Docker? No Problem: Automating installation and config with Ansible
No Docker? No Problem: Automating installation and config with Ansible
Jeff Potts
 
Getting Started with Amazon ECS
Getting Started with Amazon ECSGetting Started with Amazon ECS
Getting Started with Amazon ECS
Amazon Web Services
 
Setting up Kubernetes with tectonic
Setting up Kubernetes with tectonicSetting up Kubernetes with tectonic
Setting up Kubernetes with tectonic
Vishal Biyani
 
London HUG 12/4
London HUG 12/4London HUG 12/4
London HUG 12/4
London HashiCorp User Group
 
20명 규모의 팀에서 Vault 사용하기
20명 규모의 팀에서 Vault 사용하기20명 규모의 팀에서 Vault 사용하기
20명 규모의 팀에서 Vault 사용하기
Doyoon Kim
 
Managing Your Cisco Datacenter Network with Ansible
Managing Your Cisco Datacenter Network with AnsibleManaging Your Cisco Datacenter Network with Ansible
Managing Your Cisco Datacenter Network with Ansible
fmaccioni
 
Automated Deployment with Capistrano
Automated Deployment with CapistranoAutomated Deployment with Capistrano
Automated Deployment with Capistrano
Sumit Chhetri
 
Automating aws infrastructure and code deployments using Ansible @WebEngage
Automating aws infrastructure and code deployments using Ansible @WebEngageAutomating aws infrastructure and code deployments using Ansible @WebEngage
Automating aws infrastructure and code deployments using Ansible @WebEngage
Vishal Uderani
 
Docker on AWS OpsWorks
Docker on AWS OpsWorksDocker on AWS OpsWorks
Docker on AWS OpsWorks
Jonathan Weiss
 
docker-machine, docker-compose, docker-swarm 覚書
docker-machine, docker-compose, docker-swarm 覚書docker-machine, docker-compose, docker-swarm 覚書
docker-machine, docker-compose, docker-swarm 覚書
じゅん なかざ
 
Packer + Ansible을 이용한 AMI 생성 및 AutoScaling Group 이미지 교체 이야기
Packer + Ansible을 이용한 AMI 생성 및 AutoScaling Group 이미지 교체 이야기Packer + Ansible을 이용한 AMI 생성 및 AutoScaling Group 이미지 교체 이야기
Packer + Ansible을 이용한 AMI 생성 및 AutoScaling Group 이미지 교체 이야기
창훈 정
 
CloudStack S3
CloudStack S3CloudStack S3
CloudStack S3
Sebastien Goasguen
 
Spinnaker 파트 1
Spinnaker 파트 1Spinnaker 파트 1
Spinnaker 파트 1
Steven Shim
 
Ansible and AWS
Ansible and AWSAnsible and AWS
Ansible and AWS
Peter Sankauskas
 
Basics of Ansible - Sahil Davawala
Basics of Ansible - Sahil DavawalaBasics of Ansible - Sahil Davawala
Basics of Ansible - Sahil Davawala
Sahil Davawala
 
Cyansible
CyansibleCyansible
Cyansible
Alan Norton
 
ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...
ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...
ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...
DynamicInfraDays
 
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
Outlyer
 

More Related Content

What's hot

Create Microservice with Spring Boot and Docker
Create Microservice with Spring Boot and DockerCreate Microservice with Spring Boot and Docker
Create Microservice with Spring Boot and Docker
Sivaprakash
 
Docker 1.12 (dockercon recap)
Docker 1.12 (dockercon recap)Docker 1.12 (dockercon recap)
Docker 1.12 (dockercon recap)
Nguyen Anh Tu
 
Amazon EC2 Container Service: Manage Docker-Enabled Apps in EC2
Amazon EC2 Container Service: Manage Docker-Enabled Apps in EC2Amazon EC2 Container Service: Manage Docker-Enabled Apps in EC2
Amazon EC2 Container Service: Manage Docker-Enabled Apps in EC2
Amazon Web Services
 
Setup Kubernetes Cluster On AWS Using KOPS
Setup Kubernetes Cluster On AWS Using KOPSSetup Kubernetes Cluster On AWS Using KOPS
Setup Kubernetes Cluster On AWS Using KOPS
Sivaprakash
 
No Docker? No Problem: Automating installation and config with Ansible
No Docker? No Problem: Automating installation and config with AnsibleNo Docker? No Problem: Automating installation and config with Ansible
No Docker? No Problem: Automating installation and config with Ansible
Jeff Potts
 
Getting Started with Amazon ECS
Getting Started with Amazon ECSGetting Started with Amazon ECS
Getting Started with Amazon ECS
Amazon Web Services
 
Setting up Kubernetes with tectonic
Setting up Kubernetes with tectonicSetting up Kubernetes with tectonic
Setting up Kubernetes with tectonic
Vishal Biyani
 
London HUG 12/4
London HUG 12/4London HUG 12/4
London HUG 12/4
London HashiCorp User Group
 
20명 규모의 팀에서 Vault 사용하기
20명 규모의 팀에서 Vault 사용하기20명 규모의 팀에서 Vault 사용하기
20명 규모의 팀에서 Vault 사용하기
Doyoon Kim
 
Managing Your Cisco Datacenter Network with Ansible
Managing Your Cisco Datacenter Network with AnsibleManaging Your Cisco Datacenter Network with Ansible
Managing Your Cisco Datacenter Network with Ansible
fmaccioni
 
Automated Deployment with Capistrano
Automated Deployment with CapistranoAutomated Deployment with Capistrano
Automated Deployment with Capistrano
Sumit Chhetri
 
Automating aws infrastructure and code deployments using Ansible @WebEngage
Automating aws infrastructure and code deployments using Ansible @WebEngageAutomating aws infrastructure and code deployments using Ansible @WebEngage
Automating aws infrastructure and code deployments using Ansible @WebEngage
Vishal Uderani
 
Docker on AWS OpsWorks
Docker on AWS OpsWorksDocker on AWS OpsWorks
Docker on AWS OpsWorks
Jonathan Weiss
 
docker-machine, docker-compose, docker-swarm 覚書
docker-machine, docker-compose, docker-swarm 覚書docker-machine, docker-compose, docker-swarm 覚書
docker-machine, docker-compose, docker-swarm 覚書
じゅん なかざ
 
Packer + Ansible을 이용한 AMI 생성 및 AutoScaling Group 이미지 교체 이야기
Packer + Ansible을 이용한 AMI 생성 및 AutoScaling Group 이미지 교체 이야기Packer + Ansible을 이용한 AMI 생성 및 AutoScaling Group 이미지 교체 이야기
Packer + Ansible을 이용한 AMI 생성 및 AutoScaling Group 이미지 교체 이야기
창훈 정
 
CloudStack S3
CloudStack S3CloudStack S3
CloudStack S3
Sebastien Goasguen
 
Spinnaker 파트 1
Spinnaker 파트 1Spinnaker 파트 1
Spinnaker 파트 1
Steven Shim
 
Ansible and AWS
Ansible and AWSAnsible and AWS
Ansible and AWS
Peter Sankauskas
 
Basics of Ansible - Sahil Davawala
Basics of Ansible - Sahil DavawalaBasics of Ansible - Sahil Davawala
Basics of Ansible - Sahil Davawala
Sahil Davawala
 
Cyansible
CyansibleCyansible
Cyansible
Alan Norton
 

What's hot (20)

Create Microservice with Spring Boot and Docker
Create Microservice with Spring Boot and DockerCreate Microservice with Spring Boot and Docker
Create Microservice with Spring Boot and Docker
 
Docker 1.12 (dockercon recap)
Docker 1.12 (dockercon recap)Docker 1.12 (dockercon recap)
Docker 1.12 (dockercon recap)
 
Amazon EC2 Container Service: Manage Docker-Enabled Apps in EC2
Amazon EC2 Container Service: Manage Docker-Enabled Apps in EC2Amazon EC2 Container Service: Manage Docker-Enabled Apps in EC2
Amazon EC2 Container Service: Manage Docker-Enabled Apps in EC2
 
Setup Kubernetes Cluster On AWS Using KOPS
Setup Kubernetes Cluster On AWS Using KOPSSetup Kubernetes Cluster On AWS Using KOPS
Setup Kubernetes Cluster On AWS Using KOPS
 
No Docker? No Problem: Automating installation and config with Ansible
No Docker? No Problem: Automating installation and config with AnsibleNo Docker? No Problem: Automating installation and config with Ansible
No Docker? No Problem: Automating installation and config with Ansible
 
Getting Started with Amazon ECS
Getting Started with Amazon ECSGetting Started with Amazon ECS
Getting Started with Amazon ECS
 
Setting up Kubernetes with tectonic
Setting up Kubernetes with tectonicSetting up Kubernetes with tectonic
Setting up Kubernetes with tectonic
 
London HUG 12/4
London HUG 12/4London HUG 12/4
London HUG 12/4
 
20명 규모의 팀에서 Vault 사용하기
20명 규모의 팀에서 Vault 사용하기20명 규모의 팀에서 Vault 사용하기
20명 규모의 팀에서 Vault 사용하기
 
Managing Your Cisco Datacenter Network with Ansible
Managing Your Cisco Datacenter Network with AnsibleManaging Your Cisco Datacenter Network with Ansible
Managing Your Cisco Datacenter Network with Ansible
 
Automated Deployment with Capistrano
Automated Deployment with CapistranoAutomated Deployment with Capistrano
Automated Deployment with Capistrano
 
Automating aws infrastructure and code deployments using Ansible @WebEngage
Automating aws infrastructure and code deployments using Ansible @WebEngageAutomating aws infrastructure and code deployments using Ansible @WebEngage
Automating aws infrastructure and code deployments using Ansible @WebEngage
 
Docker on AWS OpsWorks
Docker on AWS OpsWorksDocker on AWS OpsWorks
Docker on AWS OpsWorks
 
docker-machine, docker-compose, docker-swarm 覚書
docker-machine, docker-compose, docker-swarm 覚書docker-machine, docker-compose, docker-swarm 覚書
docker-machine, docker-compose, docker-swarm 覚書
 
Packer + Ansible을 이용한 AMI 생성 및 AutoScaling Group 이미지 교체 이야기
Packer + Ansible을 이용한 AMI 생성 및 AutoScaling Group 이미지 교체 이야기Packer + Ansible을 이용한 AMI 생성 및 AutoScaling Group 이미지 교체 이야기
Packer + Ansible을 이용한 AMI 생성 및 AutoScaling Group 이미지 교체 이야기
 
CloudStack S3
CloudStack S3CloudStack S3
CloudStack S3
 
Spinnaker 파트 1
Spinnaker 파트 1Spinnaker 파트 1
Spinnaker 파트 1
 
Ansible and AWS
Ansible and AWSAnsible and AWS
Ansible and AWS
 
Basics of Ansible - Sahil Davawala
Basics of Ansible - Sahil DavawalaBasics of Ansible - Sahil Davawala
Basics of Ansible - Sahil Davawala
 
Cyansible
CyansibleCyansible
Cyansible
 

Viewers also liked

ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...
ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...
ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...
DynamicInfraDays
 
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
Outlyer
 
Dynamic Database Credentials: Security Contingency Planning
Dynamic Database Credentials: Security Contingency PlanningDynamic Database Credentials: Security Contingency Planning
Dynamic Database Credentials: Security Contingency Planning
Sean Chittenden
 
Using ansible vault to protect your secrets
Using ansible vault to protect your secretsUsing ansible vault to protect your secrets
Using ansible vault to protect your secrets
Excella
 
Vault - Secret and Key Management
Vault - Secret and Key ManagementVault - Secret and Key Management
Vault - Secret and Key Management
Anthony Ikeda
 
HashiCorp's Vault - The Examples
HashiCorp's Vault - The ExamplesHashiCorp's Vault - The Examples
HashiCorp's Vault - The Examples
Michał Czeraszkiewicz
 
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultChickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Jeff Horwitz
 
Using Vault to decouple MySQL Secrets
Using Vault to decouple MySQL SecretsUsing Vault to decouple MySQL Secrets
Using Vault to decouple MySQL Secrets
Derek Downey
 
Modern tooling to assist with developing applications on FreeBSD
Modern tooling to assist with developing applications on FreeBSDModern tooling to assist with developing applications on FreeBSD
Modern tooling to assist with developing applications on FreeBSD
Sean Chittenden
 
Like Ruby on Rails for Node - the Sails js framework
Like Ruby on Rails for Node - the Sails js frameworkLike Ruby on Rails for Node - the Sails js framework
Like Ruby on Rails for Node - the Sails js framework
Stenio Ferreira
 
SF HashiCorp User Group at GitHub
SF HashiCorp User Group at GitHubSF HashiCorp User Group at GitHub
SF HashiCorp User Group at GitHub
Jon Benson
 
Hashicorp Tooling: Value, efficiency & security
Hashicorp Tooling: Value, efficiency & securityHashicorp Tooling: Value, efficiency & security
Hashicorp Tooling: Value, efficiency & security
continohq
 
PostgreSQL High-Availability and Geographic Locality using consul
PostgreSQL High-Availability and Geographic Locality using consulPostgreSQL High-Availability and Geographic Locality using consul
PostgreSQL High-Availability and Geographic Locality using consul
Sean Chittenden
 
FreeBSD: Dev to Prod
FreeBSD: Dev to ProdFreeBSD: Dev to Prod
FreeBSD: Dev to Prod
Sean Chittenden
 
Vault: Beyond secret storage - Using Vault to harden your infrastructure
Vault: Beyond secret storage - Using Vault to harden your infrastructureVault: Beyond secret storage - Using Vault to harden your infrastructure
Vault: Beyond secret storage - Using Vault to harden your infrastructure
OpenCredo
 
AWS Billing Deep Dive (DMG203) | AWS re:Invent 2013
AWS Billing Deep Dive (DMG203) | AWS re:Invent 2013AWS Billing Deep Dive (DMG203) | AWS re:Invent 2013
AWS Billing Deep Dive (DMG203) | AWS re:Invent 2013
Amazon Web Services
 
Introduction to Data Vault Modeling
Introduction to Data Vault ModelingIntroduction to Data Vault Modeling
Introduction to Data Vault Modeling
Kent Graziano
 

Viewers also liked (17)

ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...
ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...
ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...
 
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
 
Dynamic Database Credentials: Security Contingency Planning
Dynamic Database Credentials: Security Contingency PlanningDynamic Database Credentials: Security Contingency Planning
Dynamic Database Credentials: Security Contingency Planning
 
Using ansible vault to protect your secrets
Using ansible vault to protect your secretsUsing ansible vault to protect your secrets
Using ansible vault to protect your secrets
 
Vault - Secret and Key Management
Vault - Secret and Key ManagementVault - Secret and Key Management
Vault - Secret and Key Management
 
HashiCorp's Vault - The Examples
HashiCorp's Vault - The ExamplesHashiCorp's Vault - The Examples
HashiCorp's Vault - The Examples
 
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultChickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
 
Using Vault to decouple MySQL Secrets
Using Vault to decouple MySQL SecretsUsing Vault to decouple MySQL Secrets
Using Vault to decouple MySQL Secrets
 
Modern tooling to assist with developing applications on FreeBSD
Modern tooling to assist with developing applications on FreeBSDModern tooling to assist with developing applications on FreeBSD
Modern tooling to assist with developing applications on FreeBSD
 
Like Ruby on Rails for Node - the Sails js framework
Like Ruby on Rails for Node - the Sails js frameworkLike Ruby on Rails for Node - the Sails js framework
Like Ruby on Rails for Node - the Sails js framework
 
SF HashiCorp User Group at GitHub
SF HashiCorp User Group at GitHubSF HashiCorp User Group at GitHub
SF HashiCorp User Group at GitHub
 
Hashicorp Tooling: Value, efficiency & security
Hashicorp Tooling: Value, efficiency & securityHashicorp Tooling: Value, efficiency & security
Hashicorp Tooling: Value, efficiency & security
 
PostgreSQL High-Availability and Geographic Locality using consul
PostgreSQL High-Availability and Geographic Locality using consulPostgreSQL High-Availability and Geographic Locality using consul
PostgreSQL High-Availability and Geographic Locality using consul
 
FreeBSD: Dev to Prod
FreeBSD: Dev to ProdFreeBSD: Dev to Prod
FreeBSD: Dev to Prod
 
Vault: Beyond secret storage - Using Vault to harden your infrastructure
Vault: Beyond secret storage - Using Vault to harden your infrastructureVault: Beyond secret storage - Using Vault to harden your infrastructure
Vault: Beyond secret storage - Using Vault to harden your infrastructure
 
AWS Billing Deep Dive (DMG203) | AWS re:Invent 2013
AWS Billing Deep Dive (DMG203) | AWS re:Invent 2013AWS Billing Deep Dive (DMG203) | AWS re:Invent 2013
AWS Billing Deep Dive (DMG203) | AWS re:Invent 2013
 
Introduction to Data Vault Modeling
Introduction to Data Vault ModelingIntroduction to Data Vault Modeling
Introduction to Data Vault Modeling
 

Similar to Hashicorp @ JUST EAT - Part 2

Kash Kubernetified
Kash KubernetifiedKash Kubernetified
Kash Kubernetified
Michael Wojcikiewicz
 
ProxySQL on Kubernetes
ProxySQL on KubernetesProxySQL on Kubernetes
ProxySQL on Kubernetes
René Cannaò
 
Ansible 2.0 - How to use Ansible to automate your applications in AWS.
Ansible 2.0 - How to use Ansible to automate your applications in AWS.Ansible 2.0 - How to use Ansible to automate your applications in AWS.
Ansible 2.0 - How to use Ansible to automate your applications in AWS.
Idan Tohami
 
Ansible 2.0 - How to use Ansible to automate your applications in AWS.
Ansible 2.0 - How to use Ansible to automate your applications in AWS.Ansible 2.0 - How to use Ansible to automate your applications in AWS.
Ansible 2.0 - How to use Ansible to automate your applications in AWS.
Idan Tohami
 
Run the elastic stack on kubernetes with eck
Run the elastic stack on kubernetes with eck Run the elastic stack on kubernetes with eck
Run the elastic stack on kubernetes with eck
Daliya Spasova
 
Build Your Own CaaS (Container as a Service)
Build Your Own CaaS (Container as a Service)Build Your Own CaaS (Container as a Service)
Build Your Own CaaS (Container as a Service)
HungWei Chiu
 
cloud conference 2013 - Infrastructure as a Service in Amazon Web Services
cloud conference 2013 - Infrastructure as a Service in Amazon Web Servicescloud conference 2013 - Infrastructure as a Service in Amazon Web Services
cloud conference 2013 - Infrastructure as a Service in Amazon Web Services
VMEngine
 
Bitbucket Pipelines - Powered by Kubernetes
Bitbucket Pipelines - Powered by KubernetesBitbucket Pipelines - Powered by Kubernetes
Bitbucket Pipelines - Powered by Kubernetes
Nathan Burrell
 
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECSWeaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Weaveworks
 
A 60-minute tour of AWS Compute (November 2016)
A 60-minute tour of AWS Compute (November 2016)A 60-minute tour of AWS Compute (November 2016)
A 60-minute tour of AWS Compute (November 2016)
Julien SIMON
 
LocalSocial, Dial2Do and the Cloud
LocalSocial, Dial2Do and the CloudLocalSocial, Dial2Do and the Cloud
LocalSocial, Dial2Do and the Cloud
Sean O'Sullivan
 
WebCamp 2016: DevOps. Ярослав Погребняк: Gobetween - новый лоад балансер для ...
WebCamp 2016: DevOps. Ярослав Погребняк: Gobetween - новый лоад балансер для ...WebCamp 2016: DevOps. Ярослав Погребняк: Gobetween - новый лоад балансер для ...
WebCamp 2016: DevOps. Ярослав Погребняк: Gobetween - новый лоад балансер для ...
WebCamp
 
Intuit Kubernetes Journey
Intuit Kubernetes JourneyIntuit Kubernetes Journey
Intuit Kubernetes Journey
Ravi Hari
 
Tech4Africa 2014
Tech4Africa 2014Tech4Africa 2014
Tech4Africa 2014
FAschenbrenner
 
Extending Kubernetes
Extending KubernetesExtending Kubernetes
Extending Kubernetes
Johannes Rudolph
 
Cobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale EnvironmentsCobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale Environments
ViSenze - Artificial Intelligence for the Visual Web
 
Cobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale EnvironmentsCobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale Environments
Michael Zhang
 
Kubernetes for Serverless - Serverless Summit 2017 - Krishna Kumar
Kubernetes for Serverless - Serverless Summit 2017 - Krishna KumarKubernetes for Serverless - Serverless Summit 2017 - Krishna Kumar
Kubernetes for Serverless - Serverless Summit 2017 - Krishna Kumar
CodeOps Technologies LLP
 
Why kubernetes for Serverless (FaaS)
Why kubernetes for Serverless (FaaS)Why kubernetes for Serverless (FaaS)
Why kubernetes for Serverless (FaaS)
Krishna-Kumar
 
Improving the Accumulo User Experience
Improving the Accumulo User Experience Improving the Accumulo User Experience
Improving the Accumulo User Experience
Accumulo Summit
 

Similar to Hashicorp @ JUST EAT - Part 2 (20)

Kash Kubernetified
Kash KubernetifiedKash Kubernetified
Kash Kubernetified
 
ProxySQL on Kubernetes
ProxySQL on KubernetesProxySQL on Kubernetes
ProxySQL on Kubernetes
 
Ansible 2.0 - How to use Ansible to automate your applications in AWS.
Ansible 2.0 - How to use Ansible to automate your applications in AWS.Ansible 2.0 - How to use Ansible to automate your applications in AWS.
Ansible 2.0 - How to use Ansible to automate your applications in AWS.
 
Ansible 2.0 - How to use Ansible to automate your applications in AWS.
Ansible 2.0 - How to use Ansible to automate your applications in AWS.Ansible 2.0 - How to use Ansible to automate your applications in AWS.
Ansible 2.0 - How to use Ansible to automate your applications in AWS.
 
Run the elastic stack on kubernetes with eck
Run the elastic stack on kubernetes with eck Run the elastic stack on kubernetes with eck
Run the elastic stack on kubernetes with eck
 
Build Your Own CaaS (Container as a Service)
Build Your Own CaaS (Container as a Service)Build Your Own CaaS (Container as a Service)
Build Your Own CaaS (Container as a Service)
 
cloud conference 2013 - Infrastructure as a Service in Amazon Web Services
cloud conference 2013 - Infrastructure as a Service in Amazon Web Servicescloud conference 2013 - Infrastructure as a Service in Amazon Web Services
cloud conference 2013 - Infrastructure as a Service in Amazon Web Services
 
Bitbucket Pipelines - Powered by Kubernetes
Bitbucket Pipelines - Powered by KubernetesBitbucket Pipelines - Powered by Kubernetes
Bitbucket Pipelines - Powered by Kubernetes
 
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECSWeaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
 
A 60-minute tour of AWS Compute (November 2016)
A 60-minute tour of AWS Compute (November 2016)A 60-minute tour of AWS Compute (November 2016)
A 60-minute tour of AWS Compute (November 2016)
 
LocalSocial, Dial2Do and the Cloud
LocalSocial, Dial2Do and the CloudLocalSocial, Dial2Do and the Cloud
LocalSocial, Dial2Do and the Cloud
 
WebCamp 2016: DevOps. Ярослав Погребняк: Gobetween - новый лоад балансер для ...
WebCamp 2016: DevOps. Ярослав Погребняк: Gobetween - новый лоад балансер для ...WebCamp 2016: DevOps. Ярослав Погребняк: Gobetween - новый лоад балансер для ...
WebCamp 2016: DevOps. Ярослав Погребняк: Gobetween - новый лоад балансер для ...
 
Intuit Kubernetes Journey
Intuit Kubernetes JourneyIntuit Kubernetes Journey
Intuit Kubernetes Journey
 
Tech4Africa 2014
Tech4Africa 2014Tech4Africa 2014
Tech4Africa 2014
 
Extending Kubernetes
Extending KubernetesExtending Kubernetes
Extending Kubernetes
 
Cobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale EnvironmentsCobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale Environments
 
Cobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale EnvironmentsCobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale Environments
 
Kubernetes for Serverless - Serverless Summit 2017 - Krishna Kumar
Kubernetes for Serverless - Serverless Summit 2017 - Krishna KumarKubernetes for Serverless - Serverless Summit 2017 - Krishna Kumar
Kubernetes for Serverless - Serverless Summit 2017 - Krishna Kumar
 
Why kubernetes for Serverless (FaaS)
Why kubernetes for Serverless (FaaS)Why kubernetes for Serverless (FaaS)
Why kubernetes for Serverless (FaaS)
 
Improving the Accumulo User Experience
Improving the Accumulo User Experience Improving the Accumulo User Experience
Improving the Accumulo User Experience
 

Recently uploaded

HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
alexjohnson7307
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
ScyllaDB
 
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Tatiana Kojar
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
Dinusha Kumarasiri
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Alex Pruden
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Wask
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
Intelisync
 

Recently uploaded (20)

HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
 
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
 

Hashicorp @ JUST EAT - Part 2

  • 1. Andrew Brown - Senior Platform Engineer Jan 18th 2016 HashiCorp at JUST EAT Part II
  • 3. JUST EAT “the world’s leading marketplace for online food delivery” - Amazon Web Services - Run hundreds of EC2 Instances at peak - Customers Worldwide - Microservices > 100 - Multiple accounts, environments - Using HashiCorp tools in since 2015
  • 4. Consul - Initial Rollout - Cluster Per Environment - Seed key/values from GitHub (git2consul) - Expand keys : true - Every EC2 Instance runs Consul Agent - Each microservice registers a service and has custom ACL - Used Consul-Template to generate .config files
  • 6. Consul Key/Values Feature Configuration /config/features/<featureName>/…. Environment Configuration /config/environment/monitoring/…. Settings /config/settings/messageRegion/….
  • 7. Consul-Template Setup - Consul-Template pre-baked on AMIs (Packer) - Service installed during deployment - Consul-Template files bundled with feature package - Generated *.config files (.Net) Lessons Learnt - Replacing static files meant more effort to run locally - Worked well - However... web.config and connectionstrings.config cannot be changed without cycling AppPool !
  • 8. Consul Libraries .NET Libraries - using https://github.com/PlayFab/consuldotnet JustEatConsul - Setup Client - Setup default endpoints - key prefixes - Create configuration object recursively checking all key/values (remove prefix) - Return configuration object: var defaultTimeout = configurationRoot[“timeout”]
  • 9. Consul Libraries AppSettings - Add AppSettings as a configuration source
  • 10. Consul Watches HttpReload - Endpoint to trigger rebuild of the ConfigurationRoot Consul Watch - Windows (NSSM) Service setup during deployment - “Watches” key prefixes for the feature deployed - Invokes a WebRequest to local endpoint - Only rebuild when a value used by the feature is changed
  • 11. Consul Watches Lessons Learnt - Building functionality into the Code vs Static files - Watch per key prefix….. - Reliable
  • 12. Consul ACLs ACL per Feature - Generated during Deployment Lessons Learnt - Adding new endpoints, meant a deployment to get new ACL - Use events and triggers - Avoid different rules across types of environment - Create Ad-hoc ACLs...and tidy them afterwards! - Clear browser local storage
  • 13. Source of Truth - Launched a Consul Cluster for Just Eat Source of Truth - Accounts, Environments, Features, Teams - UI has transformed JSON files to readable content - Reliable Use Case : Centralised Data
  • 14. Use Case : Consul Locks “Unique” Instance Value - Require unique node name, used for : - Consul Node - Monitoring Stats - Log Files - Each EC2 needs an instance position - Use AWS service SimpleDB - being retired…. Deployment - Instance Locks key/value - Finds free position, - Allocates values - Releases Lock
  • 15. Lessons Learnt - Very easy to setup - Configurable - retries, timeouts, number of locks - Reliable Consul Locks 001 003 002
  • 16. Vault “Why aren’t you using Vault?” - “We plan to….” Approach - Launch separate Vault Clusters - Keep “config” distinct - Not held in source control - Backed by Consul - Manually added passwords
  • 18. Vault Challenges - Mechanism to create “tokens” for EC2 instances - How to access the secrets - Keeping it simple vs making it secure - Backing up the data - Mechanism to add secrets - Alerting, Auditing, Logging
  • 20. .NET Library - using https://github.com/rajanadar/VaultSharp JustEatVault - Use token generated during deployment var password = configuration[“my_password”] Vault - Accessing Secrets
  • 21. Lessons Learnt - Vault instances didn’t forward requests….. - Look after your keys - Read the docs slowly Vault
  • 22. - Consul, Packer, Vault, Nomad…. - Use available open source tools - Newer versions solving workarounds Summary
  • 23. Summary - Some roll-out/migration pain - ports, stats - Read the docs - Use the features that suit your needs - Still making the case for Terraform