Devopsdays2024 Infrastructure from Code - Rich Lee

Transcript

1. 使用Infrastructure from Code建置更彈性與可移植 的雲端架構 DevOpsDays Taipei 2024 李琦 Rich Lee

   2024/07

2. [email protected] RICH0423 @rich04230 李琦 Rich Architect @ Cathay Holdings •

   Cloud Native Development • Microservices • Event-driven

3. Agenda • IaC面臨的挑戰 – 工具/人/架構 • IfC概念與工具

4. IaC帶來的好處 • 自動化和效率 • 一致性與可重復性 • 版本控制(sing source of truth)

   • 模組化與可移植性 IaC (main.tf) Version Control CI/CD Infra Provision Project-prod Project-sit

5. IaC面臨的問題 • Configuration Drift • 部分設定是依賴應用需求 • Application Code與IaC版本控管 •

   安全與合規 IaC (main.tf) Version Control CI/CD Infra Provision Project-prod Project-sit

6. Infrastructure Configuration Drift 有人手動登入web console改了配置，一段時間後，IaC與 運行環境的設定產生不一致!!

7. Infrastructure Configuration Drift 有人手動登入web console改了配置，一段時間後，IaC與 運行環境的設定產生不一致!!

8. Infrastructure Configuration Drift

9. 大部分Infrastructure配置是根據Application

10. 大部分Infrastructure配置是根據Application • Error Handling: (DLQ) Producer Consumer Broker

11. 雲原生與多雲環境，使得技術 人員面臨更多挑戰

12. 開發者面臨的挑戰

13. Infra/SRE工程師面臨的挑戰

14. 不同環境的Infra配置都不同 Producer Consumer Broker

15. 不同環境的Infra配置都不同 Producer Consumer Broker

16. 現代雲端應用使用Serverless 與Infrastructure緊密相關

17. About Application Architecture Resource Hierarchy - Layered Application Topology- Interwoven

18. About Application Architecture Resource Hierarchy - Layered Application Topology- Interwoven

    雲端自動化重點不再於如何建置服務，而是如何 關聯與整合應用服務

19. 面對雲端現代化架構演進， Infrastructure建置方式也須改變

20. Infrastructure from Code

21. Infrastructure from Application Code Instead of writing low-level, control-plane specific

    instructions, IfC infers requirements from application logic and provisions the optimal cloud infrastructure automatically.

22. Infrastructure from Application Code Instead of writing low-level, control-plane specific

    instructions, IfC infers requirements from application logic and provisions the optimal cloud infrastructure automatically.

23. IfC Methods and Flow Terraform Pulumi

24. Benefits of IfC IaC (main.tf) Version Control CI/CD Infra Provision

    Project-prod Project-sit Application code

25. IfC Tools

26. Klotho develop for local, deploy for the cloud • Klotho

    is an open source tool that transforms plain code into cloud native code. • is based only on in-code annotation with minimal modification to your code https://klo.dev/

27. Klotho Capabilities Annotations

28. Demo – REST API with Klotho REST API User Service

    (ExpressJS) Store (Map)

29. Demo – REST API with Klotho REST API User Service

    (ExpressJS) Store (Map)

30. Klotho Example REST API User Service (ExpressJS) Store (Map) Klotho

31. Winglang https://www.winglang.io/play/

32. Winglang Run locally or deploy to any cloud Use any

    cloud service and compile to multiple cloud providers and provisioning engines • Cloud-agnostic SDK for maximum portability • Customizable infrastructure through plugins • Supports any provider in the Terraform ecosystem

33. runs once, at compile time, to generate the infrastructure configuration

    of your cloud application runs at runtime to handle your application logic.

34. Winglang – AWS Provision AWS Lambda Amazon S3 bucket AWS

    IAM Policy AWS IAM Role CloudWatch upload file logs Execution role > wing compile --platform tf-aws

35. Winglang – GCP Provision > wing compile --platform tf-gcp Cloud

    Functions Cloud Storage Service Account Custom Role upload file connect Service Account role binding

36. Demo github

37. IfC Tools Comparison Infrastructure from Code Comparison

38. 重要的不是如何使用工具，而是 思維改變

39. 「Run, don’t walk..」 - Jensen Huang