In a traditional mutable server infrastructure, servers are continually updated and modified in place. Using GitOps approach we can enable a different paradigm, Immutable Infrastructure, embracing DevOps methodology and Cloud-Native architecture to create a more resilient, scalable, predictive and “as a Code” infrastructure.

1. GitOps and Immutable
Infrastructure
Bolzano, 15/11/19
Marco Bizzantino
Kiratech CTO
@bizzam

2. Why we are talking about it?

3. Tool Centric Approach = IT Silos

4. Common Pre-DevOps Structure

5. New Approach: Shift-Left

6. Create a DevOps Toolchain

7. Everything as a Code: Enable GitOps
Operations by Pull Request
• Git as a single source of truth
• Jenkins Pipeline fully integrated
• Standard workflow from code to management extended by custom
bots
• Works great in a cloud native or multi cloud environment
• Manage configurations, automation and legacy infrastructure
• Documentation, markdown, notifications on ChatOps
• Easy recovery from a total wipeout

8. The Twelve Factor
Methodology for building software-as-a-service that:
• Use declarative formats for setup automation, to minimize time and cost
for new developers joining the project
• Have a clean contract with the underlying operating system, offering
maximum portability between execution environments
• Are suitable for deployment on modern cloud platforms, obviating the
need for servers and systems administration
• Minimize divergence between development and production, enabling
continuous deployment for maximum agility
• Can scale up without significant changes to tooling, architecture, or
development practices

9. Immutable Infrastructure: DevOps final Boss
(for now)
• Strong DevOps culture
• No more snowflake systems
• Automation and monitoring on steroids
• Infrastructure agnostic
• Remove legacy process
• (Almost) Ticketless

10. Standard (mutable) infrastructure
The advantages:
• The infrastructure can more precisely fit the needs of the applications that are running
on the server.
• Updates are usually faster and can be adapted to each individual server.
• Rather than needing to create a new server from scratch (which can seem like a scary
prospect), IT staff get to know each server on a “personal” level, which can sometimes
help fix problems more quickly.
The drawbacks:
• Technical issues are difficult to diagnose or reproduce because each server has a unique
configuration, a phenomenon often known as configuration drift
• Changes to the server are not necessarily documented, making version tracking more
difficult.
• Provisioning servers is usually a long process due to the need for manual configuration.

11. Immutable infrastructure
The advantages:
• Version tracking and rollbacks are much easier. The IT department can keep tabs
on each new server or virtual machine as it is deployed.
• Tests are easier to run thanks to the consistency in configurations between
different servers.
• Configuration drift is not possible. If a server is up and running, the IT staff know
the exact state of that server and can avoid any unexpected surprises.
The drawbacks:
• The infrastructure is completely unable to be modified in-place. In the event of a
zero-day vulnerability, for example, all servers with the same configuration must
receive a security update.
• The improved agility and dynamism of immutable infrastructure can sometimes
be misaligned with traditional IT security practices.

12. On premise, cloud and multicloud
• Unifying deployment, management and monitoring
• System’s desired state as-a-code
• All intended operations are triggered by pull request
• All diffs between intended and observed state with automatic
convergence
• All changes are observable, verifiable and auditable
• All changes are versioned

13. How we provision a system
• Open a PR
• Set an IP address in the IPAM and fill all the required fields
• Have a coffee
• Start using the new system
Tools involved: github, jenkins, ansible, terraform, icinga, elastic,
phpipam, packer

14. Thank You
Marco Bizzantino
marco.bizzantino@kiratech.it
@bizzam