SlideShare a Scribd company logo

Manage your bare-metal infrastructure with a CI/CD-driven approach

inovex GmbH
inovex GmbH

If you want to provide Kubernetes on your bare-metal infrastructure you need to configure and manage multiple components, like PKI, DHCP, iPXE and some more. Deploying your infrastructure as immutable without SSH access will confront you with some additional challenges, because traditional configuration management tools like Puppet or Ansible require SSH access to each node. Within the scope of this workshop we will present you a practicable way to manage your bare-metal Kubernetes clusters by the use of a CI/CD-driven approach, including Gitlab CI, Terraform, Confd, Vault and some others. As an extra we will keep a fully functional local development setup ready, so you can gain real hands-on experience. The whole configuration is written in code (Infrastructure as Code – IaC) and will automatically update all components the moment you update your configuration. Der komplette Workshop ist hier zu finden: https://github.com/inovex/fluffy-unicorn Speaker: Johannes M. Scheuermann Event: ContainerDays 2018 Mehr Tech-Vorträge: https://www.inovex.de/de/content-pool/vortraege/ Mehr Tech-Artikel: https://www.inovex.de/blog/

Software
1 of 50
Download to read offline
Manage your bare-metal infrastructure with a CI/CD-driven approach Johannes M. Scheuermann inovex
Johannes M. Scheuermann Cloud Platform Engineer @ inovex 〉 Software-Defined Datacenters 〉 Infrastructure Services 〉 High Availability /Scalability / Resilience 〉 CKA / Linux Foundation Trainer 2 inovex.de/jobs
What about you?
4 Agenda ● Immutable infrastructure ● Kubernetes on bare-metal ● Big Picture ● CI/CD for the infrastructure ● Example Gitlab (CI)
5 Exercises Can be found here: ● Github Link: https://github.com/inovex/fluffy-unicorn
6 What I assume ● You know what Kubernetes is ● You know the basic components of Kubernetes ● You already did some bare-metal installation ● ..?
What is immutable infrastructure?
8 “Traditional” infrastructure ● Continuous updates/modification ● Machines get changed after they are created ● Often configuration management is used ● Typically ssh access is required ○ LDAP/Kerberos ... ● Static monitoring
An immutable infrastructure is another infrastructure paradigm in which servers are never modified after they're deployed. If something needs to be updated, fixed, or modified in any way, new servers built from a common image with the appropriate changes are provisioned to replace the old ones. After they're validated, they're put into use and the old ones are decommissioned. 9 https://www.digitalocean.com/community/tutorials/what-is-immutable-infrastruc ture
10 Immutable infrastructure ● “The” “Golden” image is built ● Never modified after they are deployed ● Update means a new deployment ○ Before you should update the image :) ● No need for ssh access ● Dynamic monitoring ○ Service Discovery needed
11 Building the “golden” image ● Probably most famous: https://www.packer.io ● Create provider specific images ● Multiple provisioners ● Clean up after provisioning ● Use the distro-specific tooling ● OS image as Code ○ Packer configuration ○ OS configuration
12 Challenges ● Image must be kept up-to-date ○ CVE’s ○ CI/CD for the image ● New images must be constantly deployed ● External configuration is needed in most cases ○ Certificates ○ Configuration for different stages ○ dev-prod-parity
13 What we ended up ● Using vanilla Container Linux as base ● Ignition as provisioning tool ○ Only executed once at boot time ● Consul-template + confd for configuration files ● Static certificates are baked into ignition ○ e.g. for secure access to the etcd CMDB
14 Recap immutable infrastructure ● Vanilla Container Linux ✅ ● ignition is only executed once during boot ✅ ● Updates means new deployment ❌ ○ Until now we didn’t deployed anything :) ● No need for ssh access ✅
Kubernetes on bare-metal
16 Bare-metal deployments ● “Many roads lead to Rome” ● Actually a (more or less) solved problem ○ OpenStack ○ Foreman ○ Maas ○ Matchbox ○ ….
17 What do we need? ● DHCP/proxyDHCP ● PXE/iPXE ● TFTP ● OS image ● OS configuration ● Role-based configuration (e.g. Master/Worker)
18 Container Linux bare-metal deployment ● Bare-metal deployment with the default toolstack ○ DHCP / TFTP / DNS ● CoreOS Matchbox ○ iPXE Service ○ Deliver assets based on predefined roles ● CoreOS ignition ○ Configure servers on boot-time
Source: https://github.com/coreos/matchbox/blob/master/Documentation/network-booting.md#ipxe 19 How does the Setup work
Time estimation : 10-20 minutes 20 Exercise 1: Setup Matchbox + PXE boot ● What we do: ○ Setup Wifi/Network (for your laptop) ○ Download: https://github.com/inovex/fluffy-unicorn ○ Setup Matchbox + terraform ○ Setup DHCP ○ Setup DNS ○ Provision 2 Container Linux nodes ○ Look into the general flow ● Example is under /exercise_1
21 Recap: Kubernetes on bare-metal ● Bare-metal provisioning of OS ✅ ● OS configuration with ignition ✅ ● Always PXE boot ❌ ● Role-based configuration ❌ ● Kubernetes cluster installed ❌ ● Deployment with a pipeline ❌
22 Challenge always PXE boot ● Matchbox is a pretty simple rendering engine ● Doesn’t hold any state ○ e.g. machine X is provisioned ● How to solve this issue? ○ Any ideas?
23 Challenge always PXE boot (our solution) ● No access to IPMI ● External DB that holds the state ○ In our case an etcd cluster ● Machine sets its state to “deployed” ● DHCP server decides what to do ○ Provision from Matchbox ○ Boot from disk ● DHCP config is generated with confd
24 Why etcd? ● Simple to cluster (HA) ● Allows to watch events ● Confd for configuration generation ● Can be used as Vault backend ● … ?
Time estimation : 10-20 minutes 25 Exercise 2: Always PXE boot ● What we do (additional): ○ Setup etcd ○ Setup confd ○ Generate DHCP config based on Machine state ● Example is under /exercise_2
26 Recap: Kubernetes on bare-metal ● Bare-metal provisioning of OS ✅ ● OS configuration with ignition ✅ ● Always PXE boot ✅ ● Role-based configuration ❌ ● Kubernetes cluster installed ❌ ● Deployment with a pipeline ❌
Source: https://github.com/coreos/matchbox/blob/master/Documentation/getting-started.md#groups 27 Role-based configuration ● Matchbox groups ● Selectors can be used ○ MAC ○ label (e.g. os=installed) ○ UUID ● Semantic AND (no list support) ○ https://github.com/coreos/matchbox/issues/586
Source: https://github.com/coreos/matchbox/blob/master/Documentation/getting-started.md#groups 28 Role-based configuration
Time estimation : 10-20 minutes 29 Exercise 3: Role-based provisioning ● What we do (additional): ○ Setup two groups ■ based on the MAC ○ Setup write a file on the host (/etc/my_type) ■ MAC -> content ■ 52:54:00:fb:53:a6 -> “I’m a master” ■ 52:54:00:fb:53:a9 -> “I’m a worker” ● Example is under /exercise_3
30 Recap: Kubernetes on bare-metal ● Bare-metal provisioning of OS ✅ ● OS configuration with ignition ✅ ● Always PXE boot ✅ ● Role-based configuration ✅ ● Kubernetes cluster installed ❌ ● Deployment with a pipeline ❌
Kubernetes what do we need?
Read: https://github.com/kelseyhightower/kubernetes-the-hard-way 32 K8s - what do we need? ● etcd cluster ● At least one Master ● Worker nodes ● Certificates for TLS ○ PKI ○ Or manually generated ● Load Balancer in a multi master setup ○ e.g. https://metallb.universe.tf or HAProxy/Nginx/...
Read: https://jvns.ca/blog/2017/08/05/how-kubernetes-certificates-work 33 Kubernetes/etcd PKI ● PKI is also needed for the etcd cluster ○ Use TLS everywhere! ● Self-generated certificates ○ Hard to manage the certificates ○ Certificates must be “copied” onto the machines ● Central PKI ○ Auto-generated Certificates ○ Auto-renewal ○ Revocation list
Read: https://www.vaultproject.io/docs/secrets/pki/index.html 34 Vault as central PKI ● Simple REST API ● Allows to create multiple CA’s ● Based on policies allow or deny certificate requests ● Can be combined with consul_tempalte ○ Auto-renew certificates (short TTL)
Read: https://www.vaultproject.io/docs/auth/approle.html 35 Vault AppRoles ● Authentication mechanism for machines or applications ● Create AppRole ID and SecretID ○ similar to username + password ● Can be used to fetch an Vault token
36 Big Picture IPAM Asset Mgmt. Asset Mgmt. Asset Mgmt.etcd DHCP/ TFTP Matchbox confd Asset Mgmt. Asset Mgmt.Node Vault 1 2 3 4 5
Time estimation : 30-45 minutes 37 Exercise 4: Deploy your K8s cluster ● What we do (additional): ○ Setup Vault ○ Setup consul_template ○ Setup Kubernetes ● Example is under /exercise_4
38 Recap: Kubernetes on bare-metal ● Bare-metal provisioning of OS ✅ ● OS configuration with ignition ✅ ● Always PXE boot ✅ ● Role-based configuration ✅ ● Kubernetes cluster installed ✅ ● Deployment with a pipeline ❌
Who knows what CI/CD is?
40 Continuous integration ● Push into you branch and get Feedback ● Merge changes fast into the master ● Automated build is triggered ● Test run automatically after each push ● Fail fast in the pipeline ● Avoid integration hell → “worked on my machine”
41 Continuous delivery ● Same as continuous integration ● Allow you to release changes quickly ● Release is completely automated ● Deploy is only clicking one button
42 Continuous deployment ● Same as continuous delivery ● Every change that passes all stages will be deployed ● No human interaction needed
43 CI/CD for the infrastructure ● More or less the same as with SE ● Lint/check your configuration files ○ shellcheck / hadolint / … ○ kubeval / kubetest ● Test any transformation steps ● Spin up test infrastructure (virtualized) ● Possibility to update your infrastructure by one click ○ Incremental changes have some benefits
https://about.gitlab.com/ 44 Gitlab (CI) ● Free git repository ○ Can be self-hosted ● Integrated CI ○ Different types of runners ○ Supports building pipelines ○ Specified as a YAML file
Time estimation : 30-45 minutes 45 Exercise 5: Deploy your K8s cluster over CI/CD ● What we do (additional): ○ Install Gitlab → https://about.gitlab.com/installation/#debian ○ Install a Gitlab runner ○ Create a new Repository and push all files to it ○ Create a dummy pipeline ○ Replace some of the makefile steps ● Example is under /exercise_5
46 Recap: Kubernetes on bare-metal ● Bare-metal provisioning of OS ✅ ● OS configuration with ignition ✅ ● Always PXE boot ✅ ● Role-based configuration ✅ ● Kubernetes cluster installed ✅ ● Deployment with a pipeline ✅
Q&A
Johannes M. Scheuermann inovex GmbH jscheuermann@inovex.de github.com/johcsheuer inovex.de youtube.com/inovexGmbH CC BY-NC-ND @johscheuer gitlab.com/inovex Feedback & Questions: sayat.me/johscheuer
49 Reading list ● https://www.digitalocean.com/community/tutorials/what-is-immutable- infrastructure ● https://www.oreilly.com/ideas/an-introduction-to-immutable-infrastruc ture ● https://martinfowler.com/bliki/PhoenixServer.html ● https://maas.io ● https://www.theforeman.org ● https://wiki.openstack.org/wiki/Ironic ● https://github.com/coreos/matchbox ● https://cfssl.org
50 Reading list ● https://blog.digitalocean.com/vault-and-kubernetes ● https://kubernetes.io/docs/concepts/cluster-administration/certificates ● https://github.com/hashicorp/consul-template ● https://about.gitlab.com

Recommended

MySQL5.7 GA の Multi-threaded slave
MySQL5.7 GA の Multi-threaded slaveMySQL5.7 GA の Multi-threaded slave
MySQL5.7 GA の Multi-threaded slave
Takanori Sejima
 
High Availability PostgreSQL with Zalando Patroni
High Availability PostgreSQL with Zalando PatroniHigh Availability PostgreSQL with Zalando Patroni
High Availability PostgreSQL with Zalando Patroni
Zalando Technology
 
#logstudy 01 rsyslog入門
#logstudy 01 rsyslog入門#logstudy 01 rsyslog入門
#logstudy 01 rsyslog入門
Takashi Takizawa
 
Making MySQL highly available using Oracle Grid Infrastructure
Making MySQL highly available using Oracle Grid InfrastructureMaking MySQL highly available using Oracle Grid Infrastructure
Making MySQL highly available using Oracle Grid Infrastructure
Ilmar Kerm
 
Security Monitoring with eBPF
Security Monitoring with eBPFSecurity Monitoring with eBPF
Security Monitoring with eBPF
Alex Maestretti
 
Unified JVM Logging
Unified JVM LoggingUnified JVM Logging
Unified JVM Logging
Yuji Kubota
 
re:Invent 2019 BPF Performance Analysis at Netflix
re:Invent 2019 BPF Performance Analysis at Netflixre:Invent 2019 BPF Performance Analysis at Netflix
re:Invent 2019 BPF Performance Analysis at Netflix
Brendan Gregg
 
Velocity 2015 linux perf tools
Velocity 2015 linux perf toolsVelocity 2015 linux perf tools
Velocity 2015 linux perf tools
Brendan Gregg
 

Recommended

MySQL5.7 GA の Multi-threaded slave
MySQL5.7 GA の Multi-threaded slaveMySQL5.7 GA の Multi-threaded slave
MySQL5.7 GA の Multi-threaded slave
Takanori Sejima
 
High Availability PostgreSQL with Zalando Patroni
High Availability PostgreSQL with Zalando PatroniHigh Availability PostgreSQL with Zalando Patroni
High Availability PostgreSQL with Zalando Patroni
Zalando Technology
 
#logstudy 01 rsyslog入門
#logstudy 01 rsyslog入門#logstudy 01 rsyslog入門
#logstudy 01 rsyslog入門
Takashi Takizawa
 
Making MySQL highly available using Oracle Grid Infrastructure
Making MySQL highly available using Oracle Grid InfrastructureMaking MySQL highly available using Oracle Grid Infrastructure
Making MySQL highly available using Oracle Grid Infrastructure
Ilmar Kerm
 
Security Monitoring with eBPF
Security Monitoring with eBPFSecurity Monitoring with eBPF
Security Monitoring with eBPF
Alex Maestretti
 
Unified JVM Logging
Unified JVM LoggingUnified JVM Logging
Unified JVM Logging
Yuji Kubota
 
re:Invent 2019 BPF Performance Analysis at Netflix
re:Invent 2019 BPF Performance Analysis at Netflixre:Invent 2019 BPF Performance Analysis at Netflix
re:Invent 2019 BPF Performance Analysis at Netflix
Brendan Gregg
 
Velocity 2015 linux perf tools
Velocity 2015 linux perf toolsVelocity 2015 linux perf tools
Velocity 2015 linux perf tools
Brendan Gregg
 
[OpenStack Days Korea 2016] Track1 - All flash CEPH 구성 및 최적화
[OpenStack Days Korea 2016] Track1 - All flash CEPH 구성 및 최적화[OpenStack Days Korea 2016] Track1 - All flash CEPH 구성 및 최적화
[OpenStack Days Korea 2016] Track1 - All flash CEPH 구성 및 최적화
OpenStack Korea Community
 
TiDBのトランザクション
TiDBのトランザクションTiDBのトランザクション
TiDBのトランザクション
Akio Mitobe
 
Optimizing MariaDB for maximum performance
Optimizing MariaDB for maximum performanceOptimizing MariaDB for maximum performance
Optimizing MariaDB for maximum performance
MariaDB plc
 
Linux KVM のコードを追いかけてみよう
Linux KVM のコードを追いかけてみようLinux KVM のコードを追いかけてみよう
Linux KVM のコードを追いかけてみよう
Tsuyoshi OZAWA
 
High Performance Storage Devices in the Linux Kernel
High Performance Storage Devices in the Linux KernelHigh Performance Storage Devices in the Linux Kernel
High Performance Storage Devices in the Linux Kernel
Kernel TLV
 
PgTAP Best Practices
PgTAP Best PracticesPgTAP Best Practices
PgTAP Best Practices
David Wheeler
 
오픈소스로 구축하는 클라우드 이야기
오픈소스로 구축하는 클라우드 이야기오픈소스로 구축하는 클라우드 이야기
오픈소스로 구축하는 클라우드 이야기Nalee Jang
 
IntelON 2021 Processor Benchmarking
IntelON 2021 Processor BenchmarkingIntelON 2021 Processor Benchmarking
IntelON 2021 Processor Benchmarking
Brendan Gregg
 
Group Replication in MySQL 8.0 ( A Walk Through )
Group Replication in MySQL 8.0 ( A Walk Through ) Group Replication in MySQL 8.0 ( A Walk Through )
Group Replication in MySQL 8.0 ( A Walk Through )
Mydbops
 
High-Performance Networking Using eBPF, XDP, and io_uring
High-Performance Networking Using eBPF, XDP, and io_uringHigh-Performance Networking Using eBPF, XDP, and io_uring
High-Performance Networking Using eBPF, XDP, and io_uring
ScyllaDB
 
New Ways to Find Latency in Linux Using Tracing
New Ways to Find Latency in Linux Using TracingNew Ways to Find Latency in Linux Using Tracing
New Ways to Find Latency in Linux Using Tracing
ScyllaDB
 
YOW2018 Cloud Performance Root Cause Analysis at Netflix
YOW2018 Cloud Performance Root Cause Analysis at NetflixYOW2018 Cloud Performance Root Cause Analysis at Netflix
YOW2018 Cloud Performance Root Cause Analysis at Netflix
Brendan Gregg
 
High Performance Networking with DPDK & Multi/Many Core
High Performance Networking with DPDK & Multi/Many CoreHigh Performance Networking with DPDK & Multi/Many Core
High Performance Networking with DPDK & Multi/Many Core
slankdev
 
High Availability and Disaster Recovery in PostgreSQL - EQUNIX
High Availability and Disaster Recovery in PostgreSQL - EQUNIXHigh Availability and Disaster Recovery in PostgreSQL - EQUNIX
High Availability and Disaster Recovery in PostgreSQL - EQUNIX
Julyanto SUTANDANG
 
MySQL負荷分散の方法
MySQL負荷分散の方法MySQL負荷分散の方法
MySQL負荷分散の方法佐久本正太
 
PostgreSQL replication
PostgreSQL replicationPostgreSQL replication
PostgreSQL replication
NTT DATA OSS Professional Services
 
Systems@Scale 2021 BPF Performance Getting Started
Systems@Scale 2021 BPF Performance Getting StartedSystems@Scale 2021 BPF Performance Getting Started
Systems@Scale 2021 BPF Performance Getting Started
Brendan Gregg
 
OpenStack上の環境構築自動化に向けたTerraform/Pulumiの活用
OpenStack上の環境構築自動化に向けたTerraform/Pulumiの活用OpenStack上の環境構築自動化に向けたTerraform/Pulumiの活用
OpenStack上の環境構築自動化に向けたTerraform/Pulumiの活用
Keiichi Hikita
 
Linux kernel tracing
Linux kernel tracingLinux kernel tracing
Linux kernel tracing
Viller Hsiao
 
Head First to Container&Kubernetes
Head First to Container&KubernetesHead First to Container&Kubernetes
Head First to Container&Kubernetes
HungWei Chiu
 
OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka
OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph GaluschkaOpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka
OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka
NETWAYS
 
OpenNebulaConf 2014 - CentOS, QA and OpenNebula - Christoph Galuschka
OpenNebulaConf 2014 - CentOS, QA and OpenNebula - Christoph GaluschkaOpenNebulaConf 2014 - CentOS, QA and OpenNebula - Christoph Galuschka
OpenNebulaConf 2014 - CentOS, QA and OpenNebula - Christoph GaluschkaOpenNebula Project
 

More Related Content

What's hot

[OpenStack Days Korea 2016] Track1 - All flash CEPH 구성 및 최적화
[OpenStack Days Korea 2016] Track1 - All flash CEPH 구성 및 최적화[OpenStack Days Korea 2016] Track1 - All flash CEPH 구성 및 최적화
[OpenStack Days Korea 2016] Track1 - All flash CEPH 구성 및 최적화
OpenStack Korea Community
 
TiDBのトランザクション
TiDBのトランザクションTiDBのトランザクション
TiDBのトランザクション
Akio Mitobe
 
Optimizing MariaDB for maximum performance
Optimizing MariaDB for maximum performanceOptimizing MariaDB for maximum performance
Optimizing MariaDB for maximum performance
MariaDB plc
 
Linux KVM のコードを追いかけてみよう
Linux KVM のコードを追いかけてみようLinux KVM のコードを追いかけてみよう
Linux KVM のコードを追いかけてみよう
Tsuyoshi OZAWA
 
High Performance Storage Devices in the Linux Kernel
High Performance Storage Devices in the Linux KernelHigh Performance Storage Devices in the Linux Kernel
High Performance Storage Devices in the Linux Kernel
Kernel TLV
 
PgTAP Best Practices
PgTAP Best PracticesPgTAP Best Practices
PgTAP Best Practices
David Wheeler
 
오픈소스로 구축하는 클라우드 이야기
오픈소스로 구축하는 클라우드 이야기오픈소스로 구축하는 클라우드 이야기
오픈소스로 구축하는 클라우드 이야기Nalee Jang
 
IntelON 2021 Processor Benchmarking
IntelON 2021 Processor BenchmarkingIntelON 2021 Processor Benchmarking
IntelON 2021 Processor Benchmarking
Brendan Gregg
 
Group Replication in MySQL 8.0 ( A Walk Through )
Group Replication in MySQL 8.0 ( A Walk Through ) Group Replication in MySQL 8.0 ( A Walk Through )
Group Replication in MySQL 8.0 ( A Walk Through )
Mydbops
 
High-Performance Networking Using eBPF, XDP, and io_uring
High-Performance Networking Using eBPF, XDP, and io_uringHigh-Performance Networking Using eBPF, XDP, and io_uring
High-Performance Networking Using eBPF, XDP, and io_uring
ScyllaDB
 
New Ways to Find Latency in Linux Using Tracing
New Ways to Find Latency in Linux Using TracingNew Ways to Find Latency in Linux Using Tracing
New Ways to Find Latency in Linux Using Tracing
ScyllaDB
 
YOW2018 Cloud Performance Root Cause Analysis at Netflix
YOW2018 Cloud Performance Root Cause Analysis at NetflixYOW2018 Cloud Performance Root Cause Analysis at Netflix
YOW2018 Cloud Performance Root Cause Analysis at Netflix
Brendan Gregg
 
High Performance Networking with DPDK & Multi/Many Core
High Performance Networking with DPDK & Multi/Many CoreHigh Performance Networking with DPDK & Multi/Many Core
High Performance Networking with DPDK & Multi/Many Core
slankdev
 
High Availability and Disaster Recovery in PostgreSQL - EQUNIX
High Availability and Disaster Recovery in PostgreSQL - EQUNIXHigh Availability and Disaster Recovery in PostgreSQL - EQUNIX
High Availability and Disaster Recovery in PostgreSQL - EQUNIX
Julyanto SUTANDANG
 
MySQL負荷分散の方法
MySQL負荷分散の方法MySQL負荷分散の方法
MySQL負荷分散の方法佐久本正太
 
PostgreSQL replication
PostgreSQL replicationPostgreSQL replication
PostgreSQL replication
NTT DATA OSS Professional Services
 
Systems@Scale 2021 BPF Performance Getting Started
Systems@Scale 2021 BPF Performance Getting StartedSystems@Scale 2021 BPF Performance Getting Started
Systems@Scale 2021 BPF Performance Getting Started
Brendan Gregg
 
OpenStack上の環境構築自動化に向けたTerraform/Pulumiの活用
OpenStack上の環境構築自動化に向けたTerraform/Pulumiの活用OpenStack上の環境構築自動化に向けたTerraform/Pulumiの活用
OpenStack上の環境構築自動化に向けたTerraform/Pulumiの活用
Keiichi Hikita
 
Linux kernel tracing
Linux kernel tracingLinux kernel tracing
Linux kernel tracing
Viller Hsiao
 
Head First to Container&Kubernetes
Head First to Container&KubernetesHead First to Container&Kubernetes
Head First to Container&Kubernetes
HungWei Chiu
 

What's hot (20)

[OpenStack Days Korea 2016] Track1 - All flash CEPH 구성 및 최적화
[OpenStack Days Korea 2016] Track1 - All flash CEPH 구성 및 최적화[OpenStack Days Korea 2016] Track1 - All flash CEPH 구성 및 최적화
[OpenStack Days Korea 2016] Track1 - All flash CEPH 구성 및 최적화
 
TiDBのトランザクション
TiDBのトランザクションTiDBのトランザクション
TiDBのトランザクション
 
Optimizing MariaDB for maximum performance
Optimizing MariaDB for maximum performanceOptimizing MariaDB for maximum performance
Optimizing MariaDB for maximum performance
 
Linux KVM のコードを追いかけてみよう
Linux KVM のコードを追いかけてみようLinux KVM のコードを追いかけてみよう
Linux KVM のコードを追いかけてみよう
 
High Performance Storage Devices in the Linux Kernel
High Performance Storage Devices in the Linux KernelHigh Performance Storage Devices in the Linux Kernel
High Performance Storage Devices in the Linux Kernel
 
PgTAP Best Practices
PgTAP Best PracticesPgTAP Best Practices
PgTAP Best Practices
 
오픈소스로 구축하는 클라우드 이야기
오픈소스로 구축하는 클라우드 이야기오픈소스로 구축하는 클라우드 이야기
오픈소스로 구축하는 클라우드 이야기
 
IntelON 2021 Processor Benchmarking
IntelON 2021 Processor BenchmarkingIntelON 2021 Processor Benchmarking
IntelON 2021 Processor Benchmarking
 
Group Replication in MySQL 8.0 ( A Walk Through )
Group Replication in MySQL 8.0 ( A Walk Through ) Group Replication in MySQL 8.0 ( A Walk Through )
Group Replication in MySQL 8.0 ( A Walk Through )
 
High-Performance Networking Using eBPF, XDP, and io_uring
High-Performance Networking Using eBPF, XDP, and io_uringHigh-Performance Networking Using eBPF, XDP, and io_uring
High-Performance Networking Using eBPF, XDP, and io_uring
 
New Ways to Find Latency in Linux Using Tracing
New Ways to Find Latency in Linux Using TracingNew Ways to Find Latency in Linux Using Tracing
New Ways to Find Latency in Linux Using Tracing
 
YOW2018 Cloud Performance Root Cause Analysis at Netflix
YOW2018 Cloud Performance Root Cause Analysis at NetflixYOW2018 Cloud Performance Root Cause Analysis at Netflix
YOW2018 Cloud Performance Root Cause Analysis at Netflix
 
High Performance Networking with DPDK & Multi/Many Core
High Performance Networking with DPDK & Multi/Many CoreHigh Performance Networking with DPDK & Multi/Many Core
High Performance Networking with DPDK & Multi/Many Core
 
High Availability and Disaster Recovery in PostgreSQL - EQUNIX
High Availability and Disaster Recovery in PostgreSQL - EQUNIXHigh Availability and Disaster Recovery in PostgreSQL - EQUNIX
High Availability and Disaster Recovery in PostgreSQL - EQUNIX
 
MySQL負荷分散の方法
MySQL負荷分散の方法MySQL負荷分散の方法
MySQL負荷分散の方法
 
PostgreSQL replication
PostgreSQL replicationPostgreSQL replication
PostgreSQL replication
 
Systems@Scale 2021 BPF Performance Getting Started
Systems@Scale 2021 BPF Performance Getting StartedSystems@Scale 2021 BPF Performance Getting Started
Systems@Scale 2021 BPF Performance Getting Started
 
OpenStack上の環境構築自動化に向けたTerraform/Pulumiの活用
OpenStack上の環境構築自動化に向けたTerraform/Pulumiの活用OpenStack上の環境構築自動化に向けたTerraform/Pulumiの活用
OpenStack上の環境構築自動化に向けたTerraform/Pulumiの活用
 
Linux kernel tracing
Linux kernel tracingLinux kernel tracing
Linux kernel tracing
 
Head First to Container&Kubernetes
Head First to Container&KubernetesHead First to Container&Kubernetes
Head First to Container&Kubernetes
 

Similar to Manage your bare-metal infrastructure with a CI/CD-driven approach

OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka
OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph GaluschkaOpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka
OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka
NETWAYS
 
OpenNebulaConf 2014 - CentOS, QA and OpenNebula - Christoph Galuschka
OpenNebulaConf 2014 - CentOS, QA and OpenNebula - Christoph GaluschkaOpenNebulaConf 2014 - CentOS, QA and OpenNebula - Christoph Galuschka
OpenNebulaConf 2014 - CentOS, QA and OpenNebula - Christoph GaluschkaOpenNebula Project
 
LinuxKit Deep Dive
LinuxKit Deep DiveLinuxKit Deep Dive
LinuxKit Deep Dive
Docker, Inc.
 
Strategies for developing and deploying your embedded applications and images
Strategies for developing and deploying your embedded applications and imagesStrategies for developing and deploying your embedded applications and images
Strategies for developing and deploying your embedded applications and images
Mender.io
 
WKSctl: Gitops Management of Kubernetes Clusters
WKSctl: Gitops Management of Kubernetes ClustersWKSctl: Gitops Management of Kubernetes Clusters
WKSctl: Gitops Management of Kubernetes Clusters
Weaveworks
 
Webinar - Unbox GitLab CI/CD
Webinar - Unbox GitLab CI/CD Webinar - Unbox GitLab CI/CD
Webinar - Unbox GitLab CI/CD
Annie Huang
 
Heroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success storyHeroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success story
Jérémy Wimsingues
 
MIPS-X
MIPS-XMIPS-X
MIPS-X
Zoltan Balazs
 
To Russia with Love: Deploying Kubernetes in Exotic Locations On Prem
To Russia with Love: Deploying Kubernetes in Exotic Locations On PremTo Russia with Love: Deploying Kubernetes in Exotic Locations On Prem
To Russia with Love: Deploying Kubernetes in Exotic Locations On Prem
CloudOps2005
 
Introduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionIntroduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" Edition
Jérôme Petazzoni
 
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme PetazzoniWorkshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
TheFamily
 
EclipseCon Eu 2012 - Buildroot Eclipse Bundle : A powerful IDE for Embedded L...
EclipseCon Eu 2012 - Buildroot Eclipse Bundle : A powerful IDE for Embedded L...EclipseCon Eu 2012 - Buildroot Eclipse Bundle : A powerful IDE for Embedded L...
EclipseCon Eu 2012 - Buildroot Eclipse Bundle : A powerful IDE for Embedded L...
melbats
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
Stanislav Pogrebnyak
 
Introduction to containers
Introduction to containersIntroduction to containers
Introduction to containers
Nitish Jadia
 
6 Months Sailing with Docker in Production
6 Months Sailing with Docker in Production 6 Months Sailing with Docker in Production
6 Months Sailing with Docker in Production
Hung Lin
 
[KubeConEU] Building images efficiently and securely on Kubernetes with BuildKit
[KubeConEU] Building images efficiently and securely on Kubernetes with BuildKit[KubeConEU] Building images efficiently and securely on Kubernetes with BuildKit
[KubeConEU] Building images efficiently and securely on Kubernetes with BuildKit
Akihiro Suda
 
Building images efficiently and securely on Kubernetes with BuildKit
Building images efficiently and securely on Kubernetes with BuildKitBuilding images efficiently and securely on Kubernetes with BuildKit
Building images efficiently and securely on Kubernetes with BuildKit
NTT Software Innovation Center
 
Making your app soar without a container manifest
Making your app soar without a container manifestMaking your app soar without a container manifest
Making your app soar without a container manifest
LibbySchulze
 
Continuous Delivery: 5 years later (Incontro DevOps 2018)
Continuous Delivery: 5 years later (Incontro DevOps 2018)Continuous Delivery: 5 years later (Incontro DevOps 2018)
Continuous Delivery: 5 years later (Incontro DevOps 2018)
Giovanni Toraldo
 
Engage 2020 - Kubernetes for HCL Connections Component Pack - Build or Buy?
Engage 2020 - Kubernetes for HCL Connections Component Pack - Build or Buy?Engage 2020 - Kubernetes for HCL Connections Component Pack - Build or Buy?
Engage 2020 - Kubernetes for HCL Connections Component Pack - Build or Buy?
panagenda
 

Similar to Manage your bare-metal infrastructure with a CI/CD-driven approach (20)

OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka
OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph GaluschkaOpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka
OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka
 
OpenNebulaConf 2014 - CentOS, QA and OpenNebula - Christoph Galuschka
OpenNebulaConf 2014 - CentOS, QA and OpenNebula - Christoph GaluschkaOpenNebulaConf 2014 - CentOS, QA and OpenNebula - Christoph Galuschka
OpenNebulaConf 2014 - CentOS, QA and OpenNebula - Christoph Galuschka
 
LinuxKit Deep Dive
LinuxKit Deep DiveLinuxKit Deep Dive
LinuxKit Deep Dive
 
Strategies for developing and deploying your embedded applications and images
Strategies for developing and deploying your embedded applications and imagesStrategies for developing and deploying your embedded applications and images
Strategies for developing and deploying your embedded applications and images
 
WKSctl: Gitops Management of Kubernetes Clusters
WKSctl: Gitops Management of Kubernetes ClustersWKSctl: Gitops Management of Kubernetes Clusters
WKSctl: Gitops Management of Kubernetes Clusters
 
Webinar - Unbox GitLab CI/CD
Webinar - Unbox GitLab CI/CD Webinar - Unbox GitLab CI/CD
Webinar - Unbox GitLab CI/CD
 
Heroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success storyHeroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success story
 
MIPS-X
MIPS-XMIPS-X
MIPS-X
 
To Russia with Love: Deploying Kubernetes in Exotic Locations On Prem
To Russia with Love: Deploying Kubernetes in Exotic Locations On PremTo Russia with Love: Deploying Kubernetes in Exotic Locations On Prem
To Russia with Love: Deploying Kubernetes in Exotic Locations On Prem
 
Introduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionIntroduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" Edition
 
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme PetazzoniWorkshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
 
EclipseCon Eu 2012 - Buildroot Eclipse Bundle : A powerful IDE for Embedded L...
EclipseCon Eu 2012 - Buildroot Eclipse Bundle : A powerful IDE for Embedded L...EclipseCon Eu 2012 - Buildroot Eclipse Bundle : A powerful IDE for Embedded L...
EclipseCon Eu 2012 - Buildroot Eclipse Bundle : A powerful IDE for Embedded L...
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
 
Introduction to containers
Introduction to containersIntroduction to containers
Introduction to containers
 
6 Months Sailing with Docker in Production
6 Months Sailing with Docker in Production 6 Months Sailing with Docker in Production
6 Months Sailing with Docker in Production
 
[KubeConEU] Building images efficiently and securely on Kubernetes with BuildKit
[KubeConEU] Building images efficiently and securely on Kubernetes with BuildKit[KubeConEU] Building images efficiently and securely on Kubernetes with BuildKit
[KubeConEU] Building images efficiently and securely on Kubernetes with BuildKit
 
Building images efficiently and securely on Kubernetes with BuildKit
Building images efficiently and securely on Kubernetes with BuildKitBuilding images efficiently and securely on Kubernetes with BuildKit
Building images efficiently and securely on Kubernetes with BuildKit
 
Making your app soar without a container manifest
Making your app soar without a container manifestMaking your app soar without a container manifest
Making your app soar without a container manifest
 
Continuous Delivery: 5 years later (Incontro DevOps 2018)
Continuous Delivery: 5 years later (Incontro DevOps 2018)Continuous Delivery: 5 years later (Incontro DevOps 2018)
Continuous Delivery: 5 years later (Incontro DevOps 2018)
 
Engage 2020 - Kubernetes for HCL Connections Component Pack - Build or Buy?
Engage 2020 - Kubernetes for HCL Connections Component Pack - Build or Buy?Engage 2020 - Kubernetes for HCL Connections Component Pack - Build or Buy?
Engage 2020 - Kubernetes for HCL Connections Component Pack - Build or Buy?
 

More from inovex GmbH

lldb – Debugger auf Abwegen
lldb – Debugger auf Abwegenlldb – Debugger auf Abwegen
lldb – Debugger auf Abwegen
inovex GmbH
 
Are you sure about that?! Uncertainty Quantification in AI
Are you sure about that?! Uncertainty Quantification in AIAre you sure about that?! Uncertainty Quantification in AI
Are you sure about that?! Uncertainty Quantification in AI
inovex GmbH
 
Why natural language is next step in the AI evolution
Why natural language is next step in the AI evolutionWhy natural language is next step in the AI evolution
Why natural language is next step in the AI evolution
inovex GmbH
 
WWDC 2019 Recap
WWDC 2019 RecapWWDC 2019 Recap
WWDC 2019 Recap
inovex GmbH
 
Network Policies
Network PoliciesNetwork Policies
Network Policies
inovex GmbH
 
Interpretable Machine Learning
Interpretable Machine LearningInterpretable Machine Learning
Interpretable Machine Learning
inovex GmbH
 
Jenkins X – CI/CD in wolkigen Umgebungen
Jenkins X – CI/CD in wolkigen UmgebungenJenkins X – CI/CD in wolkigen Umgebungen
Jenkins X – CI/CD in wolkigen Umgebungen
inovex GmbH
 
AI auf Edge-Geraeten
AI auf Edge-GeraetenAI auf Edge-Geraeten
AI auf Edge-Geraeten
inovex GmbH
 
Prometheus on Kubernetes
Prometheus on KubernetesPrometheus on Kubernetes
Prometheus on Kubernetes
inovex GmbH
 
Deep Learning for Recommender Systems
Deep Learning for Recommender SystemsDeep Learning for Recommender Systems
Deep Learning for Recommender Systems
inovex GmbH
 
Azure IoT Edge
Azure IoT EdgeAzure IoT Edge
Azure IoT Edge
inovex GmbH
 
Representation Learning von Zeitreihen
Representation Learning von ZeitreihenRepresentation Learning von Zeitreihen
Representation Learning von Zeitreihen
inovex GmbH
 
Talk to me – Chatbots und digitale Assistenten
Talk to me – Chatbots und digitale AssistentenTalk to me – Chatbots und digitale Assistenten
Talk to me – Chatbots und digitale Assistenten
inovex GmbH
 
Künstlich intelligent?
Künstlich intelligent?Künstlich intelligent?
Künstlich intelligent?
inovex GmbH
 
Dev + Ops = Go
Dev + Ops = GoDev + Ops = Go
Dev + Ops = Go
inovex GmbH
 
Das Android Open Source Project
Das Android Open Source ProjectDas Android Open Source Project
Das Android Open Source Project
inovex GmbH
 
Machine Learning Interpretability
Machine Learning InterpretabilityMachine Learning Interpretability
Machine Learning Interpretability
inovex GmbH
 
Performance evaluation of GANs in a semisupervised OCR use case
Performance evaluation of GANs in a semisupervised OCR use casePerformance evaluation of GANs in a semisupervised OCR use case
Performance evaluation of GANs in a semisupervised OCR use case
inovex GmbH
 
People & Products – Lessons learned from the daily IT madness
People & Products – Lessons learned from the daily IT madnessPeople & Products – Lessons learned from the daily IT madness
People & Products – Lessons learned from the daily IT madness
inovex GmbH
 
Infrastructure as (real) Code – Manage your K8s resources with Pulumi
Infrastructure as (real) Code – Manage your K8s resources with PulumiInfrastructure as (real) Code – Manage your K8s resources with Pulumi
Infrastructure as (real) Code – Manage your K8s resources with Pulumi
inovex GmbH
 

More from inovex GmbH (20)

lldb – Debugger auf Abwegen
lldb – Debugger auf Abwegenlldb – Debugger auf Abwegen
lldb – Debugger auf Abwegen
 
Are you sure about that?! Uncertainty Quantification in AI
Are you sure about that?! Uncertainty Quantification in AIAre you sure about that?! Uncertainty Quantification in AI
Are you sure about that?! Uncertainty Quantification in AI
 
Why natural language is next step in the AI evolution
Why natural language is next step in the AI evolutionWhy natural language is next step in the AI evolution
Why natural language is next step in the AI evolution
 
WWDC 2019 Recap
WWDC 2019 RecapWWDC 2019 Recap
WWDC 2019 Recap
 
Network Policies
Network PoliciesNetwork Policies
Network Policies
 
Interpretable Machine Learning
Interpretable Machine LearningInterpretable Machine Learning
Interpretable Machine Learning
 
Jenkins X – CI/CD in wolkigen Umgebungen
Jenkins X – CI/CD in wolkigen UmgebungenJenkins X – CI/CD in wolkigen Umgebungen
Jenkins X – CI/CD in wolkigen Umgebungen
 
AI auf Edge-Geraeten
AI auf Edge-GeraetenAI auf Edge-Geraeten
AI auf Edge-Geraeten
 
Prometheus on Kubernetes
Prometheus on KubernetesPrometheus on Kubernetes
Prometheus on Kubernetes
 
Deep Learning for Recommender Systems
Deep Learning for Recommender SystemsDeep Learning for Recommender Systems
Deep Learning for Recommender Systems
 
Azure IoT Edge
Azure IoT EdgeAzure IoT Edge
Azure IoT Edge
 
Representation Learning von Zeitreihen
Representation Learning von ZeitreihenRepresentation Learning von Zeitreihen
Representation Learning von Zeitreihen
 
Talk to me – Chatbots und digitale Assistenten
Talk to me – Chatbots und digitale AssistentenTalk to me – Chatbots und digitale Assistenten
Talk to me – Chatbots und digitale Assistenten
 
Künstlich intelligent?
Künstlich intelligent?Künstlich intelligent?
Künstlich intelligent?
 
Dev + Ops = Go
Dev + Ops = GoDev + Ops = Go
Dev + Ops = Go
 
Das Android Open Source Project
Das Android Open Source ProjectDas Android Open Source Project
Das Android Open Source Project
 
Machine Learning Interpretability
Machine Learning InterpretabilityMachine Learning Interpretability
Machine Learning Interpretability
 
Performance evaluation of GANs in a semisupervised OCR use case
Performance evaluation of GANs in a semisupervised OCR use casePerformance evaluation of GANs in a semisupervised OCR use case
Performance evaluation of GANs in a semisupervised OCR use case
 
People & Products – Lessons learned from the daily IT madness
People & Products – Lessons learned from the daily IT madnessPeople & Products – Lessons learned from the daily IT madness
People & Products – Lessons learned from the daily IT madness
 
Infrastructure as (real) Code – Manage your K8s resources with Pulumi
Infrastructure as (real) Code – Manage your K8s resources with PulumiInfrastructure as (real) Code – Manage your K8s resources with Pulumi
Infrastructure as (real) Code – Manage your K8s resources with Pulumi
 

Recently uploaded

Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Mind IT Systems
 
A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
Philip Schwarz
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Łukasz Chruściel
 
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Crescat
 
Empowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - DeugloEmpowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - Deuglo
Deuglo Infosystem Pvt Ltd
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
Shane Coughlan
 
Artificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension FunctionsArtificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension Functions
Octavian Nadolu
 
Enterprise Resource Planning System in Telangana
Enterprise Resource Planning System in TelanganaEnterprise Resource Planning System in Telangana
Enterprise Resource Planning System in Telangana
NYGGS Automation Suite
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
Neo4j
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
Max Andersen
 
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppAI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
Google
 
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket ManagementUtilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate
 
E-commerce Application Development Company.pdf
E-commerce Application Development Company.pdfE-commerce Application Development Company.pdf
E-commerce Application Development Company.pdf
Hornet Dynamics
 
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
rickgrimesss22
 
Using Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional SafetyUsing Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional Safety
Ayan Halder
 
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
Łukasz Chruściel
 
AI Genie Review: World’s First Open AI WordPress Website Creator
AI Genie Review: World’s First Open AI WordPress Website CreatorAI Genie Review: World’s First Open AI WordPress Website Creator
AI Genie Review: World’s First Open AI WordPress Website Creator
Google
 
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata
 
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissancesAtelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Neo4j
 
APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)
Boni García
 

Recently uploaded (20)

Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
 
A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
 
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
 
Empowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - DeugloEmpowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - Deuglo
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
 
Artificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension FunctionsArtificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension Functions
 
Enterprise Resource Planning System in Telangana
Enterprise Resource Planning System in TelanganaEnterprise Resource Planning System in Telangana
Enterprise Resource Planning System in Telangana
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
 
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppAI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
 
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket ManagementUtilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
 
E-commerce Application Development Company.pdf
E-commerce Application Development Company.pdfE-commerce Application Development Company.pdf
E-commerce Application Development Company.pdf
 
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
 
Using Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional SafetyUsing Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional Safety
 
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
 
AI Genie Review: World’s First Open AI WordPress Website Creator
AI Genie Review: World’s First Open AI WordPress Website CreatorAI Genie Review: World’s First Open AI WordPress Website Creator
AI Genie Review: World’s First Open AI WordPress Website Creator
 
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024
 
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissancesAtelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissances
 
APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)
 

Manage your bare-metal infrastructure with a CI/CD-driven approach

  • 1. Manage your bare-metal infrastructure with a CI/CD-driven approach Johannes M. Scheuermann inovex
  • 2. Johannes M. Scheuermann Cloud Platform Engineer @ inovex 〉 Software-Defined Datacenters 〉 Infrastructure Services 〉 High Availability /Scalability / Resilience 〉 CKA / Linux Foundation Trainer 2 inovex.de/jobs
  • 4. 4 Agenda ● Immutable infrastructure ● Kubernetes on bare-metal ● Big Picture ● CI/CD for the infrastructure ● Example Gitlab (CI)
  • 5. 5 Exercises Can be found here: ● Github Link: https://github.com/inovex/fluffy-unicorn
  • 6. 6 What I assume ● You know what Kubernetes is ● You know the basic components of Kubernetes ● You already did some bare-metal installation ● ..?
  • 7. What is immutable infrastructure?
  • 8. 8 “Traditional” infrastructure ● Continuous updates/modification ● Machines get changed after they are created ● Often configuration management is used ● Typically ssh access is required ○ LDAP/Kerberos ... ● Static monitoring
  • 9. An immutable infrastructure is another infrastructure paradigm in which servers are never modified after they're deployed. If something needs to be updated, fixed, or modified in any way, new servers built from a common image with the appropriate changes are provisioned to replace the old ones. After they're validated, they're put into use and the old ones are decommissioned. 9 https://www.digitalocean.com/community/tutorials/what-is-immutable-infrastruc ture
  • 10. 10 Immutable infrastructure ● “The” “Golden” image is built ● Never modified after they are deployed ● Update means a new deployment ○ Before you should update the image :) ● No need for ssh access ● Dynamic monitoring ○ Service Discovery needed
  • 11. 11 Building the “golden” image ● Probably most famous: https://www.packer.io ● Create provider specific images ● Multiple provisioners ● Clean up after provisioning ● Use the distro-specific tooling ● OS image as Code ○ Packer configuration ○ OS configuration
  • 12. 12 Challenges ● Image must be kept up-to-date ○ CVE’s ○ CI/CD for the image ● New images must be constantly deployed ● External configuration is needed in most cases ○ Certificates ○ Configuration for different stages ○ dev-prod-parity
  • 13. 13 What we ended up ● Using vanilla Container Linux as base ● Ignition as provisioning tool ○ Only executed once at boot time ● Consul-template + confd for configuration files ● Static certificates are baked into ignition ○ e.g. for secure access to the etcd CMDB
  • 14. 14 Recap immutable infrastructure ● Vanilla Container Linux ✅ ● ignition is only executed once during boot ✅ ● Updates means new deployment ❌ ○ Until now we didn’t deployed anything :) ● No need for ssh access ✅
  • 16. 16 Bare-metal deployments ● “Many roads lead to Rome” ● Actually a (more or less) solved problem ○ OpenStack ○ Foreman ○ Maas ○ Matchbox ○ ….
  • 17. 17 What do we need? ● DHCP/proxyDHCP ● PXE/iPXE ● TFTP ● OS image ● OS configuration ● Role-based configuration (e.g. Master/Worker)
  • 18. 18 Container Linux bare-metal deployment ● Bare-metal deployment with the default toolstack ○ DHCP / TFTP / DNS ● CoreOS Matchbox ○ iPXE Service ○ Deliver assets based on predefined roles ● CoreOS ignition ○ Configure servers on boot-time
  • 20. Time estimation : 10-20 minutes 20 Exercise 1: Setup Matchbox + PXE boot ● What we do: ○ Setup Wifi/Network (for your laptop) ○ Download: https://github.com/inovex/fluffy-unicorn ○ Setup Matchbox + terraform ○ Setup DHCP ○ Setup DNS ○ Provision 2 Container Linux nodes ○ Look into the general flow ● Example is under /exercise_1
  • 21. 21 Recap: Kubernetes on bare-metal ● Bare-metal provisioning of OS ✅ ● OS configuration with ignition ✅ ● Always PXE boot ❌ ● Role-based configuration ❌ ● Kubernetes cluster installed ❌ ● Deployment with a pipeline ❌
  • 22. 22 Challenge always PXE boot ● Matchbox is a pretty simple rendering engine ● Doesn’t hold any state ○ e.g. machine X is provisioned ● How to solve this issue? ○ Any ideas?
  • 23. 23 Challenge always PXE boot (our solution) ● No access to IPMI ● External DB that holds the state ○ In our case an etcd cluster ● Machine sets its state to “deployed” ● DHCP server decides what to do ○ Provision from Matchbox ○ Boot from disk ● DHCP config is generated with confd
  • 24. 24 Why etcd? ● Simple to cluster (HA) ● Allows to watch events ● Confd for configuration generation ● Can be used as Vault backend ● … ?
  • 25. Time estimation : 10-20 minutes 25 Exercise 2: Always PXE boot ● What we do (additional): ○ Setup etcd ○ Setup confd ○ Generate DHCP config based on Machine state ● Example is under /exercise_2
  • 26. 26 Recap: Kubernetes on bare-metal ● Bare-metal provisioning of OS ✅ ● OS configuration with ignition ✅ ● Always PXE boot ✅ ● Role-based configuration ❌ ● Kubernetes cluster installed ❌ ● Deployment with a pipeline ❌
  • 27. Source: https://github.com/coreos/matchbox/blob/master/Documentation/getting-started.md#groups 27 Role-based configuration ● Matchbox groups ● Selectors can be used ○ MAC ○ label (e.g. os=installed) ○ UUID ● Semantic AND (no list support) ○ https://github.com/coreos/matchbox/issues/586
  • 29. Time estimation : 10-20 minutes 29 Exercise 3: Role-based provisioning ● What we do (additional): ○ Setup two groups ■ based on the MAC ○ Setup write a file on the host (/etc/my_type) ■ MAC -> content ■ 52:54:00:fb:53:a6 -> “I’m a master” ■ 52:54:00:fb:53:a9 -> “I’m a worker” ● Example is under /exercise_3
  • 30. 30 Recap: Kubernetes on bare-metal ● Bare-metal provisioning of OS ✅ ● OS configuration with ignition ✅ ● Always PXE boot ✅ ● Role-based configuration ✅ ● Kubernetes cluster installed ❌ ● Deployment with a pipeline ❌
  • 31. Kubernetes what do we need?
  • 32. Read: https://github.com/kelseyhightower/kubernetes-the-hard-way 32 K8s - what do we need? ● etcd cluster ● At least one Master ● Worker nodes ● Certificates for TLS ○ PKI ○ Or manually generated ● Load Balancer in a multi master setup ○ e.g. https://metallb.universe.tf or HAProxy/Nginx/...
  • 33. Read: https://jvns.ca/blog/2017/08/05/how-kubernetes-certificates-work 33 Kubernetes/etcd PKI ● PKI is also needed for the etcd cluster ○ Use TLS everywhere! ● Self-generated certificates ○ Hard to manage the certificates ○ Certificates must be “copied” onto the machines ● Central PKI ○ Auto-generated Certificates ○ Auto-renewal ○ Revocation list
  • 34. Read: https://www.vaultproject.io/docs/secrets/pki/index.html 34 Vault as central PKI ● Simple REST API ● Allows to create multiple CA’s ● Based on policies allow or deny certificate requests ● Can be combined with consul_tempalte ○ Auto-renew certificates (short TTL)
  • 35. Read: https://www.vaultproject.io/docs/auth/approle.html 35 Vault AppRoles ● Authentication mechanism for machines or applications ● Create AppRole ID and SecretID ○ similar to username + password ● Can be used to fetch an Vault token
  • 37. Time estimation : 30-45 minutes 37 Exercise 4: Deploy your K8s cluster ● What we do (additional): ○ Setup Vault ○ Setup consul_template ○ Setup Kubernetes ● Example is under /exercise_4
  • 38. 38 Recap: Kubernetes on bare-metal ● Bare-metal provisioning of OS ✅ ● OS configuration with ignition ✅ ● Always PXE boot ✅ ● Role-based configuration ✅ ● Kubernetes cluster installed ✅ ● Deployment with a pipeline ❌
  • 39. Who knows what CI/CD is?
  • 40. 40 Continuous integration ● Push into you branch and get Feedback ● Merge changes fast into the master ● Automated build is triggered ● Test run automatically after each push ● Fail fast in the pipeline ● Avoid integration hell → “worked on my machine”
  • 41. 41 Continuous delivery ● Same as continuous integration ● Allow you to release changes quickly ● Release is completely automated ● Deploy is only clicking one button
  • 42. 42 Continuous deployment ● Same as continuous delivery ● Every change that passes all stages will be deployed ● No human interaction needed
  • 43. 43 CI/CD for the infrastructure ● More or less the same as with SE ● Lint/check your configuration files ○ shellcheck / hadolint / … ○ kubeval / kubetest ● Test any transformation steps ● Spin up test infrastructure (virtualized) ● Possibility to update your infrastructure by one click ○ Incremental changes have some benefits
  • 44. https://about.gitlab.com/ 44 Gitlab (CI) ● Free git repository ○ Can be self-hosted ● Integrated CI ○ Different types of runners ○ Supports building pipelines ○ Specified as a YAML file
  • 45. Time estimation : 30-45 minutes 45 Exercise 5: Deploy your K8s cluster over CI/CD ● What we do (additional): ○ Install Gitlab → https://about.gitlab.com/installation/#debian ○ Install a Gitlab runner ○ Create a new Repository and push all files to it ○ Create a dummy pipeline ○ Replace some of the makefile steps ● Example is under /exercise_5
  • 46. 46 Recap: Kubernetes on bare-metal ● Bare-metal provisioning of OS ✅ ● OS configuration with ignition ✅ ● Always PXE boot ✅ ● Role-based configuration ✅ ● Kubernetes cluster installed ✅ ● Deployment with a pipeline ✅
  • 47. Q&A
  • 48. Johannes M. Scheuermann inovex GmbH jscheuermann@inovex.de github.com/johcsheuer inovex.de youtube.com/inovexGmbH CC BY-NC-ND @johscheuer gitlab.com/inovex Feedback & Questions: sayat.me/johscheuer
  • 49. 49 Reading list ● https://www.digitalocean.com/community/tutorials/what-is-immutable- infrastructure ● https://www.oreilly.com/ideas/an-introduction-to-immutable-infrastruc ture ● https://martinfowler.com/bliki/PhoenixServer.html ● https://maas.io ● https://www.theforeman.org ● https://wiki.openstack.org/wiki/Ironic ● https://github.com/coreos/matchbox ● https://cfssl.org
  • 50. 50 Reading list ● https://blog.digitalocean.com/vault-and-kubernetes ● https://kubernetes.io/docs/concepts/cluster-administration/certificates ● https://github.com/hashicorp/consul-template ● https://about.gitlab.com