Инфраструктура как TypeScript

Инфраструктура
как TypeScript

View Slide

План

View Slide

Автоматизация
Cloud
3

View Slide

API управления ресурсами

View Slide

Сервисы HTTP/REST
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Amz-Date: 20130813T150211Z
Host: ec2.amazonaws.com
Authorization: AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20130813/us-east-
1/ec2/aws4_request, SignedHeaders=content-type;host;x-amz-
date, Signature=ced6826de92d2bdeed8f846f0bf508e8559e98e4b0194b84example54174deb456c
http://ec2.amazonaws.com/?Action=RunInstances
ImageId=ami-2bb65342
&MaxCount=3
&MinCount=1
&Monitoring.Enabled=true
&Placement.AvailabilityZone=us-east-1a
&Version=2016-11-15

View Slide

var launchRequest = new RunInstancesRequest()
{
ImageId = amiID,
InstanceType = "t1.micro",
MinCount = 1,
MaxCount = 1,
KeyName = keyPairName,
SecurityGroupIds = groups
};
var launchResponse = ec2Client.RunInstances(launchRequest);
var instances = launchResponse.Reservation.Instances;
SDK для вызова REST сервисов

View Slide

az storage account create \
--location westus \
--name samplesa \
--resource-group myrg \
--sku LRS
Командная строка

View Slide

Сложности со скриптами

View Slide

Desired State
Configuration
6

View Slide

Описание целевого состояния

View Slide

Управление графами ресурсов

View Slide

Характеристики

View Slide

Инструменты от вендоров

View Slide

Языки разметки
9
Yet
Another
Markup
Language

View Slide

Azure ARM Templates: JSON
"resources": [
{
"apiVersion": "2016-01-01",
"type": "Microsoft.Storage/storageAccounts",
"name": "mystorageaccount",
"location": "westus",
"sku": {
"name": "Standard_LRS"
},
"kind": "Storage",
"properties": {
}
}
]

View Slide

AWS CloudFormation: YAML
Resources:
S3BucketForURLs:
Type: "AWS::S3::Bucket"
DeletionPolicy: Delete
Properties:
BucketName: !If [ "CreateNewBucket", !Ref "AWS::NoValue", !Ref S3BucketName ]
WebsiteConfiguration:
IndexDocument: "index.html"
LifecycleConfiguration:
Rules:
-
Id: DisposeShortUrls
ExpirationInDays: !Ref URLExpiration
Prefix: "u"
Status: Enabled

View Slide

resource "azurerm_storage_account" "sa" {
name = "mysa"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
account_tier = "Standard"
account_replication_type = "LRS"
}
Terraform:
HashiCorp Configuration Language

View Slide

Языки разметки

View Slide

Пример: Соотношение кода и разметки
KV Store
Table “URLs”
Function
“Add URL”
Function
“Open URL”

View Slide

{
"Resources": {
"InstanceSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"SecurityGroupIngress": [ ... ]
}
},
"EC2Instance": {
"Type": "AWS::EC2::Instance",
"Properties": {
"InstanceType": "t2.micro",
"SecurityGroups": [ { "Ref": "InstanceSecurityGroup" } ],
"ImageId": "ami-0080e4c5bc078760e"
}
}
}
}
Ссылки на ресурсы

View Slide

{
"condition": "[equals(parameters('production'), 'Yes')]",
"type": "Microsoft.Compute/availabilitySets",
"apiVersion": "2017-03-30",
"name": "[variables('availabilitySetName')]",
"location": "[resourceGroup().location]",
"properties": {
"platformFaultDomainCount": 2,
"platformUpdateDomainCount": 3
}
}
Условия

View Slide

locals {
files = ["index.php","main.php"]
}
resource "aws_s3_bucket_object" "files" {
count = "${length(local.files)}"
key = "${local.files[count.index]}"
bucket = "${aws_s3_bucket.examplebucket.id}"
source = "./src/${local.files[count.index]}"
}
Циклы

View Slide

Повторное использование

View Slide

Тестирование

View Slide

Кажется,
мы это
уже
когда-то
делали?

View Slide

IDEs
Code completion
Unit tests
Types
Functions
Package managers
Versioning
Classes
Code reviews
Contracts
SDKs
Workflows
Refactoring

View Slide

Pulumi
14

View Slide

Универсальные языки программирования

View Slide

•
•
•
•
•
Провайдеры
•
•
•
•
•

View Slide

const resourceGroup = new azure.core.ResourceGroup("rg");
const storageAccount = new azure.storage.Account("storage", {
resourceGroupName: resourceGroup.name,
accountReplicationType: "LRS",
accountTier: "Standard",
});
Пример TypeScript

View Slide

const storageAccount = new azure.storage.Account("storage", {
resourceGroupName: resourceGroup.name,
accountReplicationType: "LRS",
accountTier: "Standard",
});
Desired
State

View Slide

Как
работает
Pulumi

View Slide

Static Website
on AWS
17

View Slide

N провайдеров, M языков

View Slide

Сложность O(N*M)

View Slide

Сложность O(N+M)

View Slide

Управление
состоянием

View Slide

Serverless
Functions
в Azure
22

View Slide

Ресурсы, нужные для Azure Function

View Slide

// A resource group to contain our Azure Functions
// A Node.js Azure Function
const nodeApp = new azure.appservice.ArchiveFunctionApp("http", {
resourceGroup,
archive: new pulumi.asset.FileArchive("./javascript"),
});
export const nodeEndpoint = nodeApp.endpoint;
Node.js Azure Function

View Slide

Запустим pulumi up …
Type Name Plan
+ pulumi:pulumi:Stack functions-dev create
+ ├─ azure:appservice:ArchiveFunctionApp http create
+ │ ├─ azure:storage:Account http create
+ │ ├─ azure:appservice:Plan http create
+ │ ├─ azure:storage:Container http create
+ │ ├─ azure:storage:ZipBlob http create
+ │ └─ azure:appservice:FunctionApp http create
+ └─ azure:core:ResourceGroup rg create

View Slide

// A .NET (C#) Azure Function
const dotnetApp = new azure.appservice.ArchiveFunctionApp("dotnet", {
resourceGroup,
archive: new pulumi.asset.FileArchive("./dotnet/publish/"),
appSettings: {
runtime: "dotnet",
},
});
.NET Azure Function

View Slide

const linuxResourceGroup = new azure.core.ResourceGroup("linuxrg");
const linuxPlan = new azure.appservice.Plan("linux-asp", {
resourceGroupName: linuxResourceGroup.name,
kind: "Linux",
sku: { tier: "Dynamic", size: "Y1" },
reserved: true,
});
const pythonApp = new azure.appservice.ArchiveFunctionApp(...);
Python Azure Function on Linux

View Slide

const f = new azure.appservice.HttpEventSubscription("greeting", {
resourceGroup,
callback: async (context, req) => {
return {
status: 200,
body: `Hello ${req.params.name}!`,
};
},
});
Callbacks => Serverless Functions

View Slide

Containers
27

View Slide

Crosswalk for AWS

View Slide

Load-
balanced
container
instances
Load
Balancer
Container
Container

View Slide

const listener = new awsx.elasticloadbalancingv2.NetworkListener("lb",{
port: 80 });
const service = new awsx.ecs.FargateService("nginx", {
desiredCount: 2,
taskDefinitionArgs: {
containers: {
nginx: {
image: "jonashackt/spring-boot-vuejs",
memory: 512,
portMappings: [listener],
}}}});
Nginx + Fargate + Load Balancer

View Slide

Запустим pulumi up …
Type Name Status
+ pulumi:pulumi:Stack pulumi-typescript-aws-fargate-dev created
+ ├─ awsx:x:ec2:SecurityGroup nginx created
+ │ └─ aws:ec2:SecurityGroup nginx created
+ ├─ awsx:x:ec2:Vpc default-vpc-accd9bc5 created
+ │ ├─ awsx:x:ec2:Subnet default-vpc-accd9bc5-public-1 created
+ │ └─ awsx:x:ec2:Subnet default-vpc-accd9bc5-public-0 created
+ ├─ awsx:x:ecs:FargateService spring-boot-vuejs created
+ │ └─ aws:ecs:Service spring-boot-vuejs created
+ ├─ awsx:x:ecs:FargateTaskDefinition spring-boot-vuejs created
+ │ ├─ aws:cloudwatch:LogGroup spring-boot-vuejs created
+ │ ├─ aws:iam:Role spring-boot-vuejs-execution created
+ │ ├─ aws:iam:Role spring-boot-vuejs-task created
+ │ ├─ aws:iam:RolePolicyAttachment spring-boot-vuejs-execution-9a42f520 created
+ │ ├─ aws:iam:RolePolicyAttachment spring-boot-vuejs-task-32be53a2 created
+ │ ├─ aws:iam:RolePolicyAttachment spring-boot-vuejs-task-fd1a00e5 created
+ │ └─ aws:ecs:TaskDefinition spring-boot-vuejs created
+ ├─ awsx:x:ecs:Cluster default-cluster created
+ │ ├─ awsx:x:ec2:SecurityGroup default-cluster created
+ │ │ ├─ awsx:x:ec2:IngressSecurityGroupRule default-cluster-ssh created
+ │ │ │ └─ aws:ec2:SecurityGroupRule default-cluster-ssh created
+ │ │ ├─ awsx:x:ec2:IngressSecurityGroupRule default-cluster-containers created
+ │ │ │ └─ aws:ec2:SecurityGroupRule default-cluster-containers created
+ │ │ ├─ awsx:x:ec2:EgressSecurityGroupRule default-cluster-egress created
+ │ │ │ └─ aws:ec2:SecurityGroupRule default-cluster-egress created
+ │ │ └─ aws:ec2:SecurityGroup default-cluster created
+ │ └─ aws:ecs:Cluster default-cluster created
+ └─ aws:lb:ApplicationLoadBalancer nginx created
+ ├─ awsx:lb:ApplicationTargetGroup nginx created
+ │ └─ aws:lb:TargetGroup nginx created
+ ├─ awsx:lb:ApplicationListener nginx created
+ │ ├─ awsx:x:ec2:IngressSecurityGroupRule nginx-external-0-ingress created
+ │ │ └─ aws:ec2:SecurityGroupRule nginx-external-0-ingress created
+ │ ├─ awsx:x:ec2:EgressSecurityGroupRule nginx-external-0-egress created
+ │ │ └─ aws:ec2:SecurityGroupRule nginx-external-0-egress created
+ │ └─ aws:lb:Listener nginx created
+ └─ aws:lb:LoadBalancer nginx created

View Slide

Cosmos App
30

View Slide

Cosmos App
(1)

View Slide

Cosmos App
(2)

View Slide

Cosmos App
(3)

View Slide

export const functions = new CosmosApp("urls", {
resourceGroup,
locations: ["WestEurope", "WestUS", "SouthEastAsia"],
factory: ({location, cosmosdb}) => {
const app = new azure.appservice.ArchiveFunctionApp("app", {
location,
archive: new pulumi.asset.FileArchive("./app"),
appSettings: {
COSMOSDB_ENDPOINT: cosmosdb.endpoint,
},
});
return { id: app.functionApp.id };
}});
Глобальные приложения

View Slide

Kubernetes
33

View Slide

class AksCluster extends pulumi.ComponentResource {
constructor(name: string,
args: AksClusterArgs,
opts: pulumi.ComponentResourceOptions = {}) {
super("examples:aks:AksCluster", name, args, opts);
const password = new random.RandomPassword("password"/*, {...}*/);
const sshPublicKey = new tls.PrivateKey("key"/*, {...}*/);
const adApp = new azuread.Application("aks"/*, {...}*/);
const adSp = new azuread.ServicePrincipal("aksSp"/*, {...}*/);
const vnet = new azure.network.VirtualNetwork("vnet"/*, {...}*/);
const subnet = new azure.network.Subnet("subnet"/*, {...}*/);
const cluster = new azure.containerservice.KubernetesCluster("aksCluster"/*, {...}*/)
}
}
Managed Clusters

View Slide

Crosswalk
for
Kubernetes

View Slide

// Define the application Pod.
const appPod = new kx.PodBuilder({
containers: [{
image: "app:1.0.0",
env: { "APP_CONFIG_PATH": "/app/config" },
volumeMounts: [configs.mount("/app/config")],
}],
});
// Create a Kubernetes Deployment using the previous Pod definition.
const deployment = new kx.Deployment("nginx", {
spec: appPod.asDeploymentSpec({ replicas: 3 }),
});
// Expose the Deployment with a load balancer using a Kubernetes Service.
const service = deployment.createService({
type: kx.types.ServiceType.LoadBalancer,
});
Библиотека Kx

View Slide

// Find all distinct versions of MySQL running in your cluster.
const mySqlVersions = kq
.list("v1", "Pod")
.flatMap(pod => pod.spec.containers)
.map(container => container.image)
.filter(imageName => imageName.includes("mysql"))
.distinct();
mySqlVersions.forEach(console.log);
Запросы

View Slide

Контроль
качества
36

View Slide

Языки
программирования
для
инфраструктуры?
Точно?

View Slide

AWS Cloud
Development Kit
(CDK)?
39

View Slide

м
TypeScript
Python
Java
.NET
Транслируется в
CloudFormation

View Slide

const hello = new lambda.Function(this, 'HelloHandler', {
runtime: lambda.Runtime.NODEJS_8_10,
code: lambda.Code.asset('lambda'),
handler: 'hello.handler'
});
new apigw.LambdaRestApi(this, 'Endpoint', {
handler: hello
});
Пример AWS CDK

View Slide

Примеры из моей презентации
✓ ✓
✓ 
✓ ✓
✓ 
✓ 
✓ 

View Slide

Выводы
40

View Slide

Используйте
Инфраструктуру как
код
Создаёте
приложения
для cloud?

View Slide

Меньшие
компоненты
Лучшая
автоматизация

View Slide

Преимущества кода

View Slide

м
Инфраструктура
как код
Архитектура
как код

View Slide

View Slide

Инфраструктура как TypeScript

Инфраструктура как TypeScript

Mikhail Shilkov

More Decks by Mikhail Shilkov

Other Decks in Programming

Featured

Transcript