This article is part of a series on Immutable Infrastructure and discusses the scenario of production release. It may be valuable to review Immutable Infrastructure Basics before reading this article. What is production? At first glance one might expect a straight forward answer to that question like: Any system that directly serves authoritative resources to the intended end user. That might be broad and general enough to capture most situations, but what about A single user’s laptop that is setup to compiler a binary that controls a production machine. Is that laptop considered......
Continue Reading
This article is part of a series on Immutable Infrastructure and discusses the scenario of CI/CD pipelines to deliver high quality software quickly. It may be valuable to review Immutable Infrastructure Basics before reading this article. Continuous Integration and Continuous Delivery, CI/CD, is a practice in software development that aims to ensure high quality updates efficiently progress toward a release. The “Integration” part of CI/CD seeks to confirm that a software change will work with related systems. The divergence of systems that occurs without immutable infrastructure can reduce the effectiveness of CI/CD pipelines.......
Continue Reading
This article is part of a series on Immutable Infrastructure and discusses the scenario of Development Environments and Team Collaboration. It may be valuable to review Immutable Infrastructure Basics before reading this article. Development environments are intended to be flexible and in motion by design. At the same time, teams need to be able to work together and eventually deliver their work to other environments. As teams form and change over time, these objectives are often at odds with each other. The illustration below shows this dynamic at play over time. The above......
Continue Reading
One of the biggest shifts in technology that can be attributed to cloud is the move from away from hand crafting systems to defining systems and letting automation create them. This is often referred to as Infrastructure as Code, and is manifested along a spectrum. Toward the more “cloudy” end of the spectrum is the concept of immutable infrastructure, which means that once created, infrastructure exists in the same state until it is replaced by something new, but it is never changed. Some Examples A good example of immutability is a Java jar......
Continue Reading
UPDATE: Beginning in June, 2020, GKE will charge for the control plane. This means the design below will jump from $5/month to nearly $80/month. I was recently inspired by a post claiming it was possible to run kubernetes on Google for $5 per month. One reason I have been shy to jump all in with kubernetes is the cost of running a cluster for development work and later for production. After going through the post above, I realized that I could actually afford double that amount and end up with a very usable......
Continue Reading
Often in development or when working on proofs of concept (PoC), I need working SSL to protect an endpoint. If I controlled the domain, I would use Lets Encrypt to generate a certificate. When I don’t control the domain, I often use self signed certificates. Below is how I create them and then use them to create a Secret in kubernetes. Choosing a domain (common name) When I don’t control the domain, that usually means I can’t setup a subdomain with appropriate name resolution for my project. In this case I use a......
Continue Reading
Introduction Kubernetes (also written k8s) is a powerful container orchestration platform that works with Docker. This first video provides a high level explanation of how kubernetes differs from traditional application deployment and infrastructure management. Overview A kubernetes cluster is made up of masters and nodes. The masters are responsible for orchestration and the nodes host the orchestrated containers. In addition to orchestrating containers, it is helpful to have a gateway to route traffic through the cluster and a persistent storage mechanism. While these last two components aren’t strictly part of kubernetes, I consider......
Continue Reading
Kubernetes is getting a lot of attention recently, and there is good reason for that. Docker containers alone are little more than a developer convenience. Orchestration moves containers from laptop into the datacenter. Kubernetes does that in a way that simplifies development and operations. Unfortunately I struggled to find easy to understand high level descriptions of how kubernetes worked, so I made the diagram below. Operations While I don’t show the operator specifically (usually someone in IT, or a managed offering like GKE), everything in the yellow box would be managed by the......
Continue Reading
IT general controls are important for various reasons, such as business continuity and regulatory compliance. Traditionally, controls have focused on the infrastructure itself. In the context of long running servers in fixed locations, this was often an effective approach. As virtualization and container technologies become more prevalent, especially in public cloud, infrastructure focused IT controls can start to get in the way of realizing the following benefits: Just in time provisioning Workload migration Network isolation Tight capacity management DevOps Automated deployments Automated remediation One way to maintain strong IT controls can still get......
Continue Reading
I found this article on serverwatch today: http://www.serverwatch.com/server-trends/why-kubernetes-is-all-conquering.html It’s not technically deep, but it does highlight the groundswell of interest for and adoption of kubernetes. It’s also worth noting that GCE and Azure will now both have a native, fully managed kubernetes offering. I haven’t found a fully managed docker datacenter offering, but I’m sure there is one. It would be interesting to compare the two from a public cloud offering perspective. I’ve worked a lot with OpenStack for on premises clouds. This naturally leads to the idea of using OpenStack as a......
Continue Reading