Architecting the Future: Abstractions and Metadata

alright I'm not going to be about a few dollars softer and they were at the beach so I'll start out with the distraction and select a big response about why you're tracking something today you're not going to be able to you shouldn't necessarily understand athletes so on your compass crosses but just like we according probably understand online teachers of freedom job so this is my confession of a little extracted but here we have a dead realm six times and probably because I had the developer role shooting something random update and everything and then has the weekly it's a little bit older and because we're local Acosta's and your mistakes in those environments and the production and coming six six

because happen to daily ever touched production and then at some point working on that occasion I mean access the production data and so we provision that have bought I have acted here that especially as we go and devoted wisely and then that one is the things that we're gonna vote for even now it's just woken us up with then we create a new app the latest version development we create big things that I can color shoe the problems that are set and then six four because you know early is Rambla six seven I could let the demo know we have you part two probably next edition or something and then we are off description we can

finally does problem because everything's broken it's fun probably on page eight properties of a change or some rings in Braille so we're another admin and then of course I've sold it now the last time I sold a good one that somehow and we start looking at the text and then we need add another element and another another and another and I pushed it abroad with admin picking up strangers and please don't do this and then here the night hope we have wanted here so all serviced nathan's niblet happening all right so as a complicated message and is usually that he a large blob doesn't move up the same every environment it would probably be spun up

with the newest of how different versions and development so the newer data center that I'd like to Brienne a platform extracting where you're confused storage and network and then you have the deployment pipeline that delivers your artifacts across all the environments so if you're spinning up a new application it will be well fixed nine and your athlete would be now with the pairs or VM these two lakes a principle for you to build docker containers so then you can deploy that image and to test and maybe in second or third vironment in your developer access only area which secure thing that every company happens to and then a separate completely sever production control area where developers don't have access any

of that you can think that they were that Floyd up there um she ate the environment and they have a couple inches of the proj and then when you come can you do a second application you can use the same bait them into Braille 6:9 still set a plate on top and you can set a couple for test and maybe you have three and prod at the exact same any every time so how many people here know where I've used up my password the early data certain like 2013 it was really awful well today there was kernel panics commonplace doctor the distractions of really just teachers in a paper that are very impressed Milwaukee included for the metadata

volumes secret we observances and the necklace Sophie is open Edward pretty much every time because it's so complicated in once very time volumes or a mess you just kept throwing up your hard drive and now you have volume abstractions you can handle them as first-class bf secrets and these are both about seven secret here that has the few secret accent Krypton and acceptance tips that are always the memory so they're encrypted in flight perfect for the rest and you have Network extraction plus different overlay they tear plugins which allows you used to integrate that you can swap them out over there at the moment and services would abstract away the individual containers and label Toki's

select on all these so you can say I want a thing that has the label on it so this is a easy way to understand what like images want to configure it used to be much more complicated topic right now I think everybody understands that the container is the writable piece of the image the images below and that'll wreck on the kernel and this kind of shows the namespaces right there tea group and as you like living that traditionally we do turn to permissive because it's complicated apart and you end up walking yourself a file these I do anyway actually understand it operated that be helpful just like meet the hundred makovan simply helped out with this

traumatically Amanda boldly so who here at this annoyed with Cooper nature is used to vanetti me though doctor small bezel is larger so create also has secrets these are these are back speakers don't ever use these are not so addicted so these aren't encrypted they're just encoding and they're sorted ste now also they all tool and obviously does not these are not secure they're basically environment variables with the current indicators and tell them something different but there is worth fixing right now specifically with similar to volunteering and doctor and the leader of slightly different instruction and their services and the services in urban areas based on and stretching away pods so that having individual containers you

now have grouping of containers and access that grouping that's called a pod guarantee that are on stainless see also now kubernetes three reasons you have what's called ingress which is away traffic comes into the culture from outside you can also call from inside the cluster into an aggressive than that you can go through whatever reach across your asada David said these are basically your agents that you run on all the notes need a double you can have them on inside of kubernetes and ensure that either one on one instance is running on every node or that one instances running on every node based off the labels that you get the egos a drop latest effort they will kick

you for writing cluster and we can run luster and Nathan Evans blood hair label and your only bombs a replica set is also he called replication controller naming as art and kubernetes of a lot of different names and its history replica set is just maintaining the exact number of odd so if you have three pods that you want and there are only 2,000 the environment illustrated on the top and a fourth one turns up to protect our segmentation okay then you have deployments which is kind of aggregation a lot of these this is the document that you can write that will then deploy your replica technology services and this is the accumulated architecture kind of shows you your tube control is

your actual man you have your factor which runs your API and scheduler processes replicating controllers it's actually a lot of different controllers if you want to go see it really good be better than this there was a DevOps KP meetup earlier this week and that should be on YouTube soon but it's not better employed is for his story yes how you're going to get people in it you know coffee and your doctor came in with a pop all right who here is worked with token ship Oh all right so in ocean ships again they meet her so they created well and they can upstream those that it conveys ingress for some reason and the crowd

has more features than ingress could little cockpit right now that an open shifty be use either one you hear the same thing with the point to Sagan wanting sort of what I could date a promoter ship the upstream did they call this point and now we have a confusing mess so he can you either want to know they also have industry others horrible demonic that this one is pretty significant and still contain so because syllogism has in turn releases this kind of help describe how your application will be built and deployed this is architecture open chest they are developer outreach and all going through the same system and then you have on the top your routing layer

which is your route and your service layer which is your service and then your underlying infrastructure there they have persistent storage now of course all your nose was hot there's some particular security aspects that are important now is when external capabilities and so originally the doctor was pretty quiet opens their default ones they just have everything they basically read if you want to group yet yet convinced up to thousands but doctor on your host and I ever so right now they have three specific privileges but there is the helpless Advent capability which had like a fat also good they were there are those 32 or something based off of that it may be a thought you have now they just kept

going up the last one so what doctor does they figured out that there's a certain their certification have so for example you're going to set up a compare that once what's operating so they just give you a capability to listen to make a network connection report and the problem of these that they aren't quite regular enough so like a thing this is like kind of a catch-all one that just your back you have to allow feel with your surface community funding so improvement but you better hop spirit profile is familiar with a compromise so these are tool for being able to control the self you can tell a doctor candidate oh he needs to tell the tribunal

experiment opium zoophile that level right now they're saying assault we're trying to make it easier changes because it's very complicated but we want to we want to monitor what the application doing and then configure to second base top of that no problem it is critical to the Leapster blood loss so we can't get there relaxed capabilities so we can with that positive there they draw any system and that's a massive improvement from master so they won't confuse any question you don't get that question all right the thurible dig into the soul so it identified based off of label collectors it can be any label that you want however you should be careful because if you have if your scope for

that service in multiple different applications and use a tear fronting then you're going to be fronting all of that patient have dear friend I could get breaking people they're probably really annoying fries the services past request internally so internal internal communication and it does something so that it doesn't have to make another stop it just changes the injuries for your DNS and Lebanon to instead of routing it to another service actual distal day it just wrapped it directly to of all the endpoint letters that are flipped on and the different routes because services are only internal wellness or technology and you can have a service that is external to the point like your mainframes have you

then you can point your name during the service and then that so it what happens with the router service communication is the route is constantly reconfigure that the different endpoint that a service has on so you're so your route will not happen if you observe it will just pass directly to the instances that are running it was kind of a diagram from Kelvin ship so much it has an awesome blog and lost a really nice picture that you can shows that whatever needs to be done so there's a good service at the top called web and there's a thing on both advance and there's a replication controllers maintain the number of so here's the application that can't really

read unfortunately so appears throughout this is actually open shift this is what the OpenShift GUI looks like to the round and application 0 which is the application name and presentation is the namesake maybe of hard in station security project so consistent the service in application zero and deposit one project isn't there we have one route web service one application here's kind of the description and all the descriptions are enamel or takeoff and it showed that our host is welcome pointing at the application tier presentation and third the route and the host service of a point adaptation zero you can wait Dec and employs Agra version beyond a quantitative or services or the absence is your beta testing

10% your traffic sir the service subscription is selected on the point I can see application of zero so that's going to be very specific no other applications have that sooner you get complex of you pointing at multiple different applications and this is the product the Polish description matrix and here you can see that there is actually the point the application

so let's change it to tear fronting sorcerer's is now pointing at pier front and we have the same route and we have the service thing that both say application zero because this one appears to the application zero for the application name and application one to the application name and they look so we have one route one service pointing to different applications because this is some of the complexity you come into you have you know random labels of they're pretty generic placed here in front so you can see up here we have taking the wild fly and doors and burning our old in a wonderful application numbers

here's the deposit Michigan and the secure funding and we have changed now to the app name and application zero net beta and show that there you can also do a beta set so now you have your same while like a application and some of the traffic will go here and get the beta version right so that would service business if they have any questions services all right so industries are an abstraction around images for particularly containers that technically could be anything to the future so this picture also again from open tips blog so it shows that right here you have in this is representing a pipeline industry and in this internal is pointing to the

Ovid ship internal registry and so to the point there you also have other industries the latest is actually just pointing at three hot date and then external registries the 306 3 of 5 are both pointing at dr. hunt so you can have this one abstraction and can abstract you away from all the different registries from I have inside of you a large enterprise man thorough this registry on even four different environments you's want even streams will hold them in from different environments and puts them into a new environment it's when you put an image into an industry very similar to an image in a repository it will trigger events so you can say ok once this is

updated I went back with Floyd where I want to call chicas job and start running the test so you can ought to be here entire place the inside industry of glass which metadata that it contains contains all the commands that were used to create images it with the entry points the Impala virus variable that reuse discrete image that excludes the secrets include all the layers every single layer completed in a doctor doctor images to man you know with all the labels that are attached to each image and all this all the ports that are expected to be open honest and it's kind of a quick diagram of this because of the image stream you can employ for

three verse 18 of experiments whatever environment you want you can deploy to deliver 18 think I'm going to read employers and and accuse a history inside of the industry region was named so there's a forest cat operator who I got a big full money so core OS through your go-to for Watson few people so poor was created something in December called operators and it took me a while to really understand them I thought they were like magical creatures I didn't really understand what they were doing so I was thinking oh great you can package up all of our all of our knowledge and it'll be magic but really what I want to do is packaged up all the

knowledge and make it be clear people what we're trying to do we don't want to hide you know distract away everything from you so operators does enjoy they can describe them different human operation operational knowledge and software specifically coding your day-to-day operational activities they used concept and proven a called third party resources so that their party resources so all the things I talked about earlier that are in kubernetes our first party resources or controllers so you're Damon set the controller your pods our resources everything an open shift is essentially a third party resource securities the memory resources you create you to create a controller that controls replication controllers and Danis that and pod and then create each

other to control other controllers and you get a little complicated in there controller of controllers and resources is identical model for the current beta stage controllers typically little loop they also use the low AOM applied to dilute observe orient decide line for sorry I do you observe the currency you orientate someone it's both to be inside you need to act and you have done [Music] they're sadly not support an open ship yet I'm working on getting that into the outlet terminates or working on getting all all the things on the checklist of the pull of the issue and get cleared out we're actually data came [Music] Jefferson currencies so you deploy these into kubernetes there's actually companies who are

operating there to create clusters with operators deployed in the canary clusters so they jail up there to grenades cluster with the operator running and if you ran a cluster yes excuse danger they're also working on the other food straps so they can stab a single node and have nicer to self-replicate its culture all the interactions occurring through the view controller that's been created that operator so does anybody here know what Ferguson for the cloud near computer foundation now started there all these early early that dirt on this like the first volume of the reason is it all compadre but you can use your regular command brief even normally the queue control here Taj you can treat them just like the first time

so subscribe to make primitives because users just want to use my people and don't want that understandable words and they don't have to wait on someone to fix it was also admin so I've got to do all the work across everybody has you much easier to say I need to update my operation sequence and I have to get across all of your questions so this accomplished athlete keeper form using these that things like rotating your credential the sort of grading version upgrading David version probably annoying often annoying because they own essence or special sequence event that they have to have a purpose to be able to program though then they were on from 3.5 3.6 do these things and you can also

schedule your backup and have them restored so this book or what better at beating and against the observe analyze at blow and you have but Dre has you running odd a zero and a zero watch and their first one is that person free up your own online you get on the three out 1.0 but you actually need free instances and they should all be a 3.10 so as we have a problem so it will go ahead decide that if you to recover one member and backed up the cluster because of dodging upgrade and then do an upgrade 3.10 and assault is not automatically a little cautious in this area because they think that someone needs to be aware that

these things are happening and be ready to respond if one of the worst things you can do is have these types of complex actions taken in your environment and don't know what does happen now certain thing this information with observability tools in her employment the am i living anyone yet and I'm like tell me [Music] voila

camis are always been here all right there was life like I believe the phone behind geniuses like a decade moved and they going to finally updated it and the something results so and we started looking for agency to cover but we start looking for solution I I don't want to keep using taken literally so we tried find some of the solution there's even one those released recently by the average and yeah boo was yeah I'm sure everybody else a haters a yes you think they play happen interfaces while there's still company probably sorry people are certain but yeah I was like okay you know what a ridiculous the call screwdriver is actually really cool I suggest

a little too early for production but it was the closest thing I could find that Loki is you mean was that

anyway with stuff that they can for a while so we'll make it right so we created a little bit of abstraction around pipeline and employment stuffer for Tobin shifts because we feel that those are a little more with moggy and rocket engine over time and we want a common configuration that we can state with all of our different theme that declares with them on their environment to look like and keep that in their repo with their cousins so we create so we looked at all different solutions and tried to this is ours Marcus coming up with what that document was like and what the names are you know what's the actual abstractions are that we want and

we initially we're starting with a whittled out version to avoid the adverse issues that we reported but we we said war that station again and they incited state as we would have that and we would have applications as they highlight high level constructs we also very well documents and other types of things for pipelines or allow the pipeline Simplot so this kind of to myself daily feels like 500 apps and we come from a company that used by companies to fill them consumer products going to integral the Act where is operating company and so to introduce any kind of change and the old pipeline that take the water pepper so any type of use any tool or anything

that is jamming it in my email has its own take you we're trying to short-circuit that to get everybody business and pipeline necklaces will allow it to inject some control the guardrail and any type of testing you need to do and then that will produce a high whitening thing so here's a somewhat generic the animal documents that the kind of application getting ardency kind of application includes the template here and it comes from our fruit template like tom canty in real life these names are much longer you can have your notification set up you have all the dependencies that you're going to need for the service type dependency you've got your library that you're going

as disease both sides are network connections and then you have your different stages the ala build stage that action will be drill directly in this version of the death phase well where you'll probably deploy it if any one of these stages we have a troopers so you have to approve to get into the stage and out of students so when you give the qh2 a small prisoner that white somebody ask you a that way so there's some sort of manuals that will say hey I'm ready to take on this new version and a manual step saying this one it sounds free to move on and then we layer on the pipeline triplet and my wife

niblet has a particular thing that he mandate and other things that are optional and that has combined to create a column I might be liable to use to Traxxas our entire environments that we understand what is expected to be so that when we read this point or another has a fellow user there's loud so I find purity of really they really like this much the environment section be what actually is as we can see when things might be occurring and we have another document that we produce out of these which is for deployment condition so it takes the same documents and create a new document that the deployment papers clearly the open ship one interface so we can

produce that as a confrontation and never to allow that we ever wanted to some other system we just three right micro-services train ladies of the train break something

the distract away the audit compliance and keeps every all the directors in one place people a needs to see what happened or and what was changed they can go get a everyone so the approvals are added dynamically to what that file changes maybe particularly that connections change they probably want hear you review that make sure that those connections early when you open up to action you want to you know be open to the internet that's what I'm going to get reviewed by someone still add someone from the network side of security so the past versus haters argument account we just you know these documents establish now you need to format a month with lot of our tech a sling over how we

got format job or how we're going to pop actually what we just do it for you so it was a SWAT it at the come and that's going against two you can have whatever you want and say was very thoughtful

so one of the big pushes for getting this out there field-interview Security checks into all of our pipelines and banking services and health care companies we have like every regulation preserving the ages of life so it was very important that we be able to inject any type of securities and dispersing any reputation to come down all of our thoughts so this allows us to inject you know breathing white hat or ver code we can switch and nobody out know that we all suspected we can interview scholars something applications everything the services they will get notified early and often they will get feedback on how to fix what so we want to say your thing bro stop

closer closer burned your glass needs to get laughter clothes your clothes rumors requests going pulverize feedback inside the burger quest where people are actually done right now and so yes that's all the things we can inject all those tests it allows security to be more nimble I can make those choices and new things come out to be able to expiry - absolutely ordinances decisions getting to relieve difference they made we can move so real Rilke are common are back countering the same buddy know what I mean right they have chaplains the left paddle go broke the internet huge on Monday a year ago where the guy pulled a package for him p.m. and basically everybody broke four

lines of code or something so I was ever even I thought that people all controlled it an entity no certainly not but it's really important if you have a defense to you vote for someone else or if you're an enterprise or somebody got into out behaviors home store it locally we avoided one of those when I just pull mark the reason I expect got it office for more filters and redeployed into retro it also allows you to research the benefi so if you know that there are aliens and then it sees employers out at the first layer and then you can notify people it is very low ability they were healed and one of the packages they had where she was the

resume it was not how to talk but now we discovered it now they get outpatient and we can even rebuild it for them

although the standardized centralized approval system so you want to jump everywhere to through everything and we're now making our application secure by default so they get all of their checks if you know Charlotte so if there's no option you want to share via not don't work of me he had to be the possible end that I have at this prod and ever get past image gets out there and you end up with ten applications growing out into the joist early succession product

all right clearly questions

our countries to investigate would probably function technology yes to the questions around us any preferences around and leave after eagle or the factory and axis so work with both our Factory and axis people they're incapable fool the artifactory you islands more modern and the Nexus mod with any more teachable takeaway I have usually a five other people tool properly securities of these things are factories where the Nexus they're kind of built from Scherzer otherwise my houses of that we use artifactory on a big leagues laptop over a TFT and in some has Nexus responded Elizabeth and then Nathan and in Gradle help me try to be somewhat agnostic this is the affordable and a high abuse

really developed and I liked it my talent is denim Gina anything could be resuming is killing program doing anything better than commencement I waited a day if we trying to do without Peter one we well maybe because that's what everybody has been out yet so someone came yes one of me allow the other one nation primary anyway of any questions

feel free to come up to town