- Declarative Deployments & why it matters
Over the last 30 years, the Configuration Management community has learned that using a declarative approach to resource management is beneficial for both stability and change management. How does this apply to the new paradigm of Kubernetes deployments?
YAML has become the de-facto standard to express resources in many fields linked to DevOps practices. What are YAML's strengths and weaknesses, and what are the other options going forward?
- Everything as code, A journey into IT Automation and Standardization
Infrastructure as Code, Configuration Management, Life-Cycle Management and Compliance as Code? Many principles that all converge in one direction. The principles of automation, driven by the DevOps movement among others, are embodied in the role of SRE (Site Reliability Engineer) which combines evolution and continuous automation but also operational considerations related to the responsibility and availability of the deployed services. The “Everything as Code” concept is a revelation (not to say a revolution) for many who are resolutely committed to standardizing and bringing environments into compliance. Many complementary open source software exist to implement these good practices, but all that remains is to use them for their intended purposes. This talk will present a way to use a series of tools to automate all aspects of SRE, from provisioning to configuration management, to monitoring and backups.
In an ever-so-fast technological world, Technical Debt can be a project breaker. But it doesn't have to be a fatality. What if the solution was not to run, but instead go steadily towards a well-known goal? In this talk, I will show how Standards & Loose Coupling can help limit technical debt.
Long Description:
This talk is the result of 2 years of reflection on Technical Debt and how it relates to the Cloud Native space.
It is mainly based on two blog posts from last year:
After introducing what Technical Debt is, I will go through various ways to avoid building up tech debt, in particular the importance of following —and influencing at times— standards, as well as the impact of loose coupling on both technical debt and human teams, and how it relates to the core principles of the DevOps movement.
An example of technology (eBPF) will be used to show how important technical choices can be to avoid building up technical debt in your stack.
I have recently presented this talk at DevOpsDays Geneva. The slides can be found here.
-
From Rancher to OpenShift: 4 years of Container Orchestration
-
Container Backups: Why & How?
Containers have become a great facility to easily deploy applications, whether locally or on orchestrated clusters. However, containers are ephemeral, meaning their data should be stored externally and should be backed up.
- Container Security: a toolchain for automatic image rebuilds
Containers and Kubernetes have revolutionized the way applications are deployed at scale. This new approach, along with the use of CI/CD for deployment automation, brings new challenges, in particular when it comes to security, as containers are static artifacts that require rebuilding and redeployment in order to perform updates.
This talk will demonstrate how to set up an automated CI/CD pipeline to deploy applications on Kubernetes using OpenShift and GitLab, so that updates of public base images trigger rebuilds and deployments of derivative containers. It will also show how static image analysis can be plugged into the pipeline to increase application security.
- Edge Computing: Reaching far & wide with k8s
Installing a Puppet Configuration Management system always starts with setting up the Puppet Master infrastructure. This is a complex task. Various installers exist, and managing the infrastructure on the long run isn't an easy task either.
At Camptocamp, we have decided to containerize the whole Puppet server stack to deploy it without the help of Puppet, and ease its scaling and updating. This talk outlines our journey and the benefits we got from this setup.
Everyone who has been using Puppet with a self-signed CA for over 5 years knows that dreaded time: the time when the CA and client certificates must be renewed.
This talk will present the ways to ease CA renewal, and present a new approach to renew Puppet client certificates in a secure and automated way.
As Puppet allows us to automate more and more of our Infrastructure, it becomes increasingly necessary to apply good QA practices to Infrastructure as Code.
This talk will present a Test Driven approach to Puppet module coding, using acceptance and unit tests to drive the development.
- Streamlining the r10k workflow (puppetfile-updater, r10k-dashboard, catalog diff)
R10k is a great tool to set up a Puppet workflow. It does however requires some set up, and utilities to ease its usage.
At Camptocamp, we've developed a set of open-source tools to go hand-in-hand with r10k. These tools cover tasks such as updating the Puppetfile, keeping an eye on new versions of modules, issues & PRs on modules, as well as testing and validating module updates.
Testing your Infrastructure code as you develop is good. Testing it as you deploy is even better.
This talk presents the Puppet Policy module, which provides plugins allowing to test Puppet catalogs before applying them, test the node state after applying the catalog using serverspec, and even generate serverspec tests automatically from the catalog. It also allows to launch such tests over MCollective to generate conformity reports.
Good practice usually encourages to use multiple environments in a Puppet setup. Once features have been tested on a first environment, it can be merged into a staging branch, where the changes will start affecting nodes pinned to that Puppet environment.
Validating a branch is often a lacking process though. Puppet Catalog Diff allows to calculate the differences between two Puppet environments prior to merging them.
This is useful for both feature branches and Puppet version migrations.
The Augeas type has been present in Puppet for a very long time. However, it is often hard to use, and even harder to make converging resources for complex configuration files.
The Augeasproviders project aims to ease the use of Augeas by providing native Ruby types and providers for Puppet, powered by the Augeas Ruby bindings under the hood. Augeasproviders comes as a library which can be used to write new Augeas-based providers, making it easy to write clean and well tested partial file Puppet resource types.
- Tuning the Puppetserver with Grafana
The Puppetserver is a well-oiled machine, with a few options to optimize its performance.
- File Management with Puppet: Know your options
Everything is a file in the Unix world, or so we've all heard.
Puppet has many ways to manage file content and state. But when to use each is not always the most obvious of choices.
This talk reviews the various file management approaches in Puppet.
The Terraform project has grown a lot in popularity since its inception in 2015. Many resources that were not automated as code yet can now be managed this way.The Terraboard project aims to provide a web interface to visualize and query Terraform states.