In the era of cloud and containerisation, infrastructure as code (IAC) is invaluable. In this talk, we will explore the evolution of Infrastructure practices and tools. We will further look at the practices and tools before the emergence of the clouds. Then we will explore how the rise of the cloud changed the infrastructure automation practices and made the IAC a mainstream practice.
We will also explore what it means to treat infrastructure as code. We will talk about Code vs Configuration, versioning, Configurability vs Standardisation, Modularity and code organisation for infrastructure code.
3. Why understand evolution of practices?
◎ Understand the need for newer tools and practices.
◎ Right tool for the right job
◎ Previous good practices might not work in new
context.
7. ◎ High risk manual changes.
◎ Repeat changes for every server / environment.
◎ Different servers look completely different (changed at
different time)
10. Scripting Cont...
◎ Server state matters (Different start state require
different steps to reach desired state).
◎ Idempotent steps.
◎ Imperative and error prone.
◎ Difficult to understand state of the server.
11. Configuration Management Tools
◎ Chef, Puppet, Ansible.
◎ Declarative (Desired State).
◎ Tools takes care of what changes to apply (diff)
◎ Widely successful and works great.
12. Configuration Management Tools - Challenges
◎ Configuration Drifts
◎ Automation gaps due to manual changes.
◎ Afraid to run automation.
◎ Difficult to reproduce from scratch
13. Moving away from Physical Machines
◎ Virtualisation
◎ Software defined Networking (SDN)
15. Clouds changed the game.
◎ On Demand infrastructure
◎ Dynamic infrastructure
◎ Service discovery, Private DNS
◎ Self service & API based.
◎ Elastic infrastructure
◎ Disposable infrastructure
18. Immutable infrastructure
◎ Configuration at build time (AMI)
◎ Configuration at runtime time (user-data)
◎ Changes by replacing servers instead of updating.
◎ Reduced configuration drift.
◎ Manual changes reverted next deployment.
22. IAC
◎ Everything is code (Infrastructure, Configuration,
Pipelines etc).
◎ All infra code in version control.
Are we managing Infra code as application code?
27. Code vs Configuration
Code same for all environments
Configuration different per environment.
Code version is deployed to environment
No versioning required for Configuration (always latest)
Overridable defaults
Environment config change should not require code
promotion.
35. Code vs Configuration - Summary
Terraform modules with Registry or Git tags (versioned)
Helm chart with helm registry (versioned)
Versioned Ansible Roles with Git tag
Versioned Kops template with Git Tags
Versioned Deployment scripts with Git Tags
37. GitOps
◎ Git as source of truth.
◎ Git changes to trigger pipelines.
○ No build with parameters
○ No manual builds
◎ Continuously sync between Infra and Git state (not
only on commits).
◎ K8s operators (Pull based model)
38. Apply changes continuously not only on Change
◎ Keep the infrastructure in Sync with automation
◎ Keep things up today (versions, security patches etc).
◎ Auto update things only at entry level (First
environment).
39. Code - Configurability vs Standardization
Highly configuration modules - Be careful.
Some examples
◎ Different AMIs
◎ Different docker images
40. Practices to keep in mind
◎ Name collisions
◎ Create before destroy (or rolling deployments)
◎ Handle Graceful shutdown
◎ Naming strategy for dynamic environment (terraform
workspaces)
◎ Plan for output values as well
41. Modularity vs Orchestration
Independently deployable
Different modules for different infra component.
Orchestration Module dependencies.
Well defined input and outputs for composable modules.
42. Conclusion
Use right tools for the right job.
Follow the same CI/CD practices for Infra code.
Reduce drift between code and Infrastructure
Keep the IAC code modular while managing the
orchestration.
This include infra changes => Manual. Fixed Infra with configuration management. On Demand Dynamic Infrastructure (Service discovery, DNS for services, Dynamic SSH Config, Dynamic Application Configuration). Elastic nature of the cloud.
12 factor apps. Everything is code. Code vs Configuration. Code is always versioned.