GitOps and Immutable
Infrastructure
Bolzano, 15/11/19
Marco Bizzantino
Kiratech CTO
@bizzam
Why we are talking about it?
Tool Centric Approach = IT Silos
Common Pre-DevOps Structure
New Approach: Shift-Left
Create a DevOps Toolchain
Everything as a Code: Enable GitOps
Operations by Pull Request
• Git as a single source of truth
• Jenkins Pipeline fully integrated
• Standard workflow from code to management extended by custom
bots
• Works great in a cloud native or multi cloud environment
• Manage configurations, automation and legacy infrastructure
• Documentation, markdown, notifications on ChatOps
• Easy recovery from a total wipeout
The Twelve Factor
Methodology for building software-as-a-service that:
• Use declarative formats for setup automation, to minimize time and cost
for new developers joining the project
• Have a clean contract with the underlying operating system, offering
maximum portability between execution environments
• Are suitable for deployment on modern cloud platforms, obviating the
need for servers and systems administration
• Minimize divergence between development and production, enabling
continuous deployment for maximum agility
• Can scale up without significant changes to tooling, architecture, or
development practices
Immutable Infrastructure: DevOps final Boss
(for now)
• Strong DevOps culture
• No more snowflake systems
• Automation and monitoring on steroids
• Infrastructure agnostic
• Remove legacy process
• (Almost) Ticketless
Standard (mutable) infrastructure
The advantages:
• The infrastructure can more precisely fit the needs of the applications that are running
on the server.
• Updates are usually faster and can be adapted to each individual server.
• Rather than needing to create a new server from scratch (which can seem like a scary
prospect), IT staff get to know each server on a “personal” level, which can sometimes
help fix problems more quickly.
The drawbacks:
• Technical issues are difficult to diagnose or reproduce because each server has a unique
configuration, a phenomenon often known as configuration drift
• Changes to the server are not necessarily documented, making version tracking more
difficult.
• Provisioning servers is usually a long process due to the need for manual configuration.
Immutable infrastructure
The advantages:
• Version tracking and rollbacks are much easier. The IT department can keep tabs
on each new server or virtual machine as it is deployed.
• Tests are easier to run thanks to the consistency in configurations between
different servers.
• Configuration drift is not possible. If a server is up and running, the IT staff know
the exact state of that server and can avoid any unexpected surprises.
The drawbacks:
• The infrastructure is completely unable to be modified in-place. In the event of a
zero-day vulnerability, for example, all servers with the same configuration must
receive a security update.
• The improved agility and dynamism of immutable infrastructure can sometimes
be misaligned with traditional IT security practices.
On premise, cloud and multicloud
• Unifying deployment, management and monitoring
• System’s desired state as-a-code
• All intended operations are triggered by pull request
• All diffs between intended and observed state with automatic
convergence
• All changes are observable, verifiable and auditable
• All changes are versioned
How we provision a system
• Open a PR
• Set an IP address in the IPAM and fill all the required fields
• Have a coffee
• Start using the new system
Tools involved: github, jenkins, ansible, terraform, icinga, elastic,
phpipam, packer
Thank You
Marco Bizzantino
marco.bizzantino@kiratech.it
@bizzam

SFScon19 - Marco Bizzantino - GitOps and Immutable Infrastructure

  • 1.
    GitOps and Immutable Infrastructure Bolzano,15/11/19 Marco Bizzantino Kiratech CTO @bizzam
  • 2.
    Why we aretalking about it?
  • 3.
  • 4.
  • 5.
  • 6.
    Create a DevOpsToolchain
  • 7.
    Everything as aCode: Enable GitOps Operations by Pull Request • Git as a single source of truth • Jenkins Pipeline fully integrated • Standard workflow from code to management extended by custom bots • Works great in a cloud native or multi cloud environment • Manage configurations, automation and legacy infrastructure • Documentation, markdown, notifications on ChatOps • Easy recovery from a total wipeout
  • 8.
    The Twelve Factor Methodologyfor building software-as-a-service that: • Use declarative formats for setup automation, to minimize time and cost for new developers joining the project • Have a clean contract with the underlying operating system, offering maximum portability between execution environments • Are suitable for deployment on modern cloud platforms, obviating the need for servers and systems administration • Minimize divergence between development and production, enabling continuous deployment for maximum agility • Can scale up without significant changes to tooling, architecture, or development practices
  • 9.
    Immutable Infrastructure: DevOpsfinal Boss (for now) • Strong DevOps culture • No more snowflake systems • Automation and monitoring on steroids • Infrastructure agnostic • Remove legacy process • (Almost) Ticketless
  • 10.
    Standard (mutable) infrastructure Theadvantages: • The infrastructure can more precisely fit the needs of the applications that are running on the server. • Updates are usually faster and can be adapted to each individual server. • Rather than needing to create a new server from scratch (which can seem like a scary prospect), IT staff get to know each server on a “personal” level, which can sometimes help fix problems more quickly. The drawbacks: • Technical issues are difficult to diagnose or reproduce because each server has a unique configuration, a phenomenon often known as configuration drift • Changes to the server are not necessarily documented, making version tracking more difficult. • Provisioning servers is usually a long process due to the need for manual configuration.
  • 11.
    Immutable infrastructure The advantages: •Version tracking and rollbacks are much easier. The IT department can keep tabs on each new server or virtual machine as it is deployed. • Tests are easier to run thanks to the consistency in configurations between different servers. • Configuration drift is not possible. If a server is up and running, the IT staff know the exact state of that server and can avoid any unexpected surprises. The drawbacks: • The infrastructure is completely unable to be modified in-place. In the event of a zero-day vulnerability, for example, all servers with the same configuration must receive a security update. • The improved agility and dynamism of immutable infrastructure can sometimes be misaligned with traditional IT security practices.
  • 12.
    On premise, cloudand multicloud • Unifying deployment, management and monitoring • System’s desired state as-a-code • All intended operations are triggered by pull request • All diffs between intended and observed state with automatic convergence • All changes are observable, verifiable and auditable • All changes are versioned
  • 13.
    How we provisiona system • Open a PR • Set an IP address in the IPAM and fill all the required fields • Have a coffee • Start using the new system Tools involved: github, jenkins, ansible, terraform, icinga, elastic, phpipam, packer
  • 14.