Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Test in Production: Infrastructure Edition

Rosemary Wang
November 04, 2019
Technology
0
320

Test in Production: Infrastructure Edition

Originally presented at Test in Production (Berlin) MeetUp on November 4, 2019.

How do we feature toggle, canary test, and AB test on production infrastructure? In this talk, we'll give some brief examples on each approach.

CORRECTIONS

- Initial example for talk briefly showed feature toggle for network. Updated example has a more clear framing of what the feature toggle looks like.
- Updated example for canary explicitly calls out a "green" VPC, as denoted in diagram.

Rosemary Wang

November 04, 2019
Tweet

More Decks by Rosemary Wang

See All by Rosemary Wang
Secure Day 2 operations with Boundary and Vault
joatmon08
0
15
Can You Test Your Infrastructure as Code?
joatmon08
1
51
Multi-Account, Multi-Region, Multi-Runtime
joatmon08
1
21
Building a multi-account, multi-runtime service-oriented architecture
joatmon08
0
26
Choose Your Own Abstraction: Iterating on Developer Experience
joatmon08
0
31
Break Glass, Repair Fast, Reconcile Automation
joatmon08
2
40
Building a Developer Platform? Ask these questions.
joatmon08
0
27
From Cloud-Hosted to Cloud-Native
joatmon08
0
53
Refactoring Applications for Dynamic Secrets
joatmon08
1
37

Other Decks in Technology

See All in Technology
なぜ今 AI Agent なのか _近藤憲児
kenjikondobai
4
1.3k
TanStack Routerに移行するのかい しないのかい、どっちなんだい! / Are you going to migrate to TanStack Router or not? Which one is it?
kaminashi
0
580
OCI Network Firewall 概要
oracle4engineer
PRO
0
4.1k
隣接領域をBeyondするFinatextのエンジニア組織設計 / beyond-engineering-areas
stajima
1
270
AWS Lambdaと歩んだ“サーバーレス”と今後 #lambda_10years
yoshidashingo
1
170
Lambda10周年!Lambdaは何をもたらしたか
smt7174
2
110
AWS Media Services 最新サービスアップデート 2024
eijikominami
0
190
IBC 2024 動画技術関連レポート / IBC 2024 Report
cyberagentdevelopers
PRO
0
110
TypeScript、上達の瞬間
sadnessojisan
46
13k
初心者向けAWS Securityの勉強会mini Security-JAWSを9ヶ月ぐらい実施してきての近況
cmusudakeisuke
0
120
Shopifyアプリ開発における Shopifyの機能活用
sonatard
4
250
【Startup CTO of the Year 2024 / Audience Award】アセンド取締役CTO 丹羽健
niwatakeru
0
930

Featured

See All Featured
A Modern Web Designer's Workflow
chriscoyier
693
190k
Mobile First: as difficult as doing things right
swwweet
222
8.9k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
31
2.7k
No one is an island. Learnings from fostering a developers community.
thoeni
19
3k
Embracing the Ebb and Flow
colly
84
4.5k
A better future with KSS
kneath
238
17k
How to train your dragon (web standard)
notwaldorf
88
5.7k
RailsConf 2023
tenderlove
29
900
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
4
370
Raft: Consensus for Rubyists
vanstee
136
6.6k
Producing Creativity
orderedlist
PRO
341
39k
Fontdeck: Realign not Redesign
paulrobertlloyd
82
5.2k

Transcript

  1. Copyright © 2019 HashiCorp Test in Production: Infrastructure Edition Test

    in Production Berlin | Nov. 4, 2019 Rosemary Wang | @joatmon08

  2. Network engineers live dangerously.

  3. My users = developers ▪ Push and deliver code at

    any time ▪ Availability of application depends on system

  4. How do we change infrastructure without impacting applications?*

  5. * While not spending extra money on staging.

  6. Approaches ▪ Shift-left testing (e.g., staging) ▪ Feature Toggles ▪

    Canary Testing ▪ A/B Testing

  7. Feature Toggles ▪ Preserve state, if possible ▪ Inject with

    roll forward mindset ▪ Don’t write toggles at the start

  8. Feature Toggles CODE EDITOR resource "aws_instance" "example_bionic" { count =

    var.enable_new_ami ? 1 : 0 instance_type = "t2.micro" ami = data.aws_ami.ubuntu_bionic.id vpc_security_group_ids = [aws_security_group.instances.1.id] subnet_id = aws_subnet.public.1.id tags = { Terraform = "true" Owner = var.owner Has_Toggle = var.enable_new_ami } }

  9. Canary Testing ▪ Smoke test before release ▪ Easier with

    container architectures – e.g., VM images for Kubernetes worker nodes

  10. Canary Testing CODE EDITOR resource "aws_instance" "canary" { count =

    var.enable_new_network ? 1 : 0 instance_type = "t2.micro" ami = data.aws_ami.ubuntu.id vpc_security_group_ids = [aws_security_group.instances _green.id] subnet_id = aws_subnet.public_green.id tags = { Name = "${var.prefix}-canary" Owner = var.owner } }

  11. VPC (blue) 10.128.0.0/24 VPC (green) 10.128.0.0/28 APP APP APP APP

    KITCHEN INSTANCE APP APP CANARY CAN I CONNECT?

  12. Kubernetes Control Plane Kubernetes Node Group (Insecure OS) Kubernetes Node

    Group (Secure OS) INTERNAL EXTERNAL EXTERNAL EXTERNAL EXTERNAL INTERNAL INTERNAL kubectl taint nodes external=true:NoExecute

  13. A/B Testing ▪ Infrastructure that affect upstream Service Level Objectives

    ▪ Hypotheses: –Does X batch process more quickly than Y? –Does X cost more than Y?

  14. Kafka FaaS “Data Lake” versus Kafka Spark “Data Lake” APPLICATION

    APPLICATION APPLICATION APPLICATION Does Spark + Kafka architecture process faster with lower cost?

  15. Conclusions ▪ Test in production organizes infrastructure blast radius ▪

    Risk mitigation over risk aversion ▪ “Infrastructure-as-Code” is heuristic

  16. github.com/joatmon08/test-in-production-for-infrastructure Rosemary Wang (she/her) Developer Advocate at HashiCorp @joatmon08 joatmon08

    linkedin.com/in/rosemarywang/ 16