divergent patterns for devops …res.cdn.sys-con.com/session/3460/gordon_haff_ devops.pdfdivergent...
TRANSCRIPT
GENERALISTS AND SPECIALISTS:DIVERGENT PATTERNS FOR DEVOPS
GORDON HAFFTechnology Evangelist, Red Hat
@ghaff
IN THE BEGINNING
Source: Cisco
Source: http://www.agilebuddha.com/agile/demystifying-devops/
WIDENING AGILE PRINCIPLES TO CROSS- FUNCTIONAL TEAM
Source: Michael Coté, flickr/CC https://www.flickr.com/photos/cote/5559360372
“TWO PIZZA” TEAMS
● Autonomous● Cross-functional ● Responsible for a well-defined
function/service● Developing and running
CONWAY’S LAW
Any organization that designs a system (defined broadly) will produce a design whose structure is a copy of the organization's communication structure.
ONE OPPOSING VIEW
"I want to change my job because there is this horrible concept of "pager duty" or "oncall". Where the developer has to be ready for any issues that may occur. Are most software jobs like this? Is this a norm? Where can I find software development positions without such concepts?"
Anonymous Quora user
NO OPS? (OR IS IT EVOLVED DEVOPS?)
"We have built tooling that removes many of the operations tasks completely from the developer, and which makes the remaining tasks quick and self service. "
Adrian Cockroft, Netflix, 2012
You do not, in fact, want to communicate with a bank teller more efficiently
Source: Flickr/cc Ning Hamhttps://www.flickr.com/photos/ningham/525770546
12
THE PROCESSStill involves people and communication
• The most effective processes have continuous communication - think scrums and kanban
• Allows for collaboration that can identify failures before they happen
• Allows for feedback to continuously improve and cultivate growth
• Provides transparency
FOCUS ON IMPROVED APP ARCHITECTURES &DEVELOPER WORKFLOWS
● Cloud-native app development● Collaboration● CI/CD● Issue tracking● Source code control● Code review● IDE● xPaaS
Source: Esti Alvarez cc license
16
MICROSERVICES ARE NOT SOA. REALLY!
Source: PWC
Lighter-weight communicationsprotocols
Improved understanding of functional separation
More open source and vendor-neutral philosophies
Scale-out infrastructure standardization and automation
17
SIGNS YOU MIGHT NEED MICROSERVICES
Source: Daniel Pratts CC/flickr https://flic.kr/p/7RE6yc
● Having trouble coordinating function teams like DBAs and UI engineers
● Brittle apps. Minor changes cause major breakage
● Your CICD process is bogged down by big deployments
● Different teams keep reinventing the wheel (in gratuitously different ways)
● Hard to experiment
18
DESIRABLE ENTERPRISE CI/CD WORKFLOW
myRepo ProjectRepo
CI
Commit Push
Pass/Fail
Local Test
BuildRepo
CD
ReleaseRepo
Monitor
Build Test Review/Appr Deliver Deploy
3rd Party
19
CONTINUOUS BORINGDEPLOYMENTS
● Software (trunk) is always deployable
● Everyone is checking into trunk daily (at least), not feature branches
● If the build breaks it is fixed in 10 minutes (all hands on deck)
● Deployment is a low-risk push button affair
● Blue/Green and Canary deployments
FOCUS ON PROVIDING CORE SERVICES AND GETTING OUT OF THE WAY
● Deploy a modern scalable container platform
● Enable automated developer workflows
● Mitigate risk and automate security
OPERATED AT SCALE ACROSS HYBRID CLOUDS
● Different aspects of scale:○ Large scale workloads ○ Diverse workloads (batch and services)○ Complex resource management (QoS,
latency sensitivity, etc.)
● Focus on lightweight containerized instances
● Orchestration and resource management
24
THE RIGHT WORKFLOWRepeatably automate for consistency
● Goal is repeatable automation
● Configuration as code
● Monitoring and alerting strategy
● Initially pipelines may be very different for traditional vs. cloud-native
● It’s a journey that evolves
25
LOGGING WITH EFK STACK
● ElasticSearch, Fluentd, Kibana
● Based on log aggregation
● Event system - all events container, system, kubernetes, captured by EFK and issues or errors
● Good for ad hoc analytics
● Good for post mortem forensics because of extensive log information
26
MONITOR AND MEASURE AGAINST METRICSMetrics tools tend to make more use of APIs than logs. You need to figure out your organizational needs.
Hawkular is ideal for large scale central IT teams with lots of apps
Prometheus is ideal for WebScale DevSecOps
MANA
ReuseAutomationMicroservices Immutability
Pervasive accessSpeed
Rapid tech churn
Flexible deploysContainers
Software-defined
MANAGED RISKDev Ops
INTEGRATE SECURITY
"Our goal as information security architects must be to automatically incorporate security controls without manual
configuration throughout this cycle in a way that is as transparent as possible to DevOps teams and doesn't impede DevOps agility,
but fulfills our legal and regulatory compliance requirements as well as manages risk. "
DevSecOps: How to Seamlessly Integrate Security Into DevOps
Gartner. DevSecOps: How to Seamlessly Integrate Security Into DevOps. September 2016. G00315283
MAKING CONTAINERS SECURE AND TRUSTED
ISOLATION OF HOSTS
ARE SOURCES TRUSTED?
WHAT’S INSIDE CONTAINERS
TRUST IS TEMPORAL
Host OS + SELinux maintained by trusted kernel engineers and frequently updated.
A validated supply chain helps ensure use of tested and patched
software.
Red Hat + Black Duck = secure, trusted model
for validatingcontainer contents.
New vulnerabilities are identified daily and containers become
stale over time.
QUESTIONS TO ASK
● What’s the business problem?
● Where am I today?
● How big are my teams?
● What skills do I have (or can hire)?
● On-premise and/or public clouds?