Infrastructure-as-Code series - Ondat: IaC is the means to a DevOps end

DevOps in IaC

DevOps principles further helped the adoption of IaC by promoting the concept of immutability to deploy and also operate the platform. Updating a system means re-deploying a new version of that system, deleting and replacing the old one. As DevOps heavily relies on software development principles, it makes sense to leverage IaC to perform these operations.

Ondat’s Vermandé: Well-versed in working with the ‘re-shaped’ datacentre.

So then, logically, we can say that IaC is a means to a DevOps end.

IaC principles such as immutability and resources defined as code are also present in the cloud-native landscape. Cloud-native relies on immutable software containers and orchestrators such as Kubernetes to manage the lifecycle and deliver a cutting-edge cloud operating system for modern applications.

Kubernetes, like IaC, brings a standard framework to make cloud infrastructures portable and easily repeatable across all providers.

As another evolution, the intersection of IaC and Kubernetes is now defining a new way of managing cloud environments. Since Kubernetes hinges on a declarative and extensible API, it can natively represent IaC resources as first-class citizens. This means cloud workloads and other infrastructure services can be codified and stored in the Kubernetes platform as native objects and take advantage of its capabilities. This includes the automation of Create, Read, Update, Delete (CRUD) operations based on events attached to Kubernetes objects.

Deploying an AWS instance becomes as easy as creating a YAML file and sending it to Kubernetes. Similarly, deleting or updating infrastructure components is achieved by executing trivial Kubernetes operations.

(Crossplane.io is an open-source project that perfectly illustrates this concept). It allows developers to reduce the friction between software and infrastructure even more. A unique platform is now hosting both the application code and the infrastructure definition. These components are always aligned and managed the same way, substantially simplifying the enforcement of compliance, security, audit and monitoring rules. The benefits of this approach are not only technical, but they also impact the business by providing more visibility, resilience, and correlation capabilities.

IaC maturity

Since the early days of DevOps, IaC has been a core component that ultimately helps build software in a much more scalable and resilient way. From managing simple resources in the cloud using Terraform to deploying a cluster of databases in AWS using Kubernetes Custom Resource Definitions, IaC concepts have matured over time.

Although Terraform and Ansible have been paving the way for a long time, more recent players such as Pulumi take an approach that is less declarative. It makes use of standard programming language primitives, which unlocks additional use cases and provides more flexibility for developers.

On the flip side, the adoption of DevOps, IaC and cloud-native workflows requires operational teams to develop their knowledge and architects to understand all the moving parts. The learning curve is steep, but recent AWS failures have shown that mastering these concepts can greatly improve business continuity. Extending cloud resources to multiple AZ or regions (or even different CSP) is mandatory to keep the lights green.

The standardisation and automation brought by the technologies we’ve described are key components required to achieve this goal.

About Ondat

Ondat is a Kubernetes-native platform for running stateful applications, anywhere, at scale. Ondat delivers persistent storage directly onto any Kubernetes cluster for running business-critical, stateful applications safely across any public, private and hybrid clouds. It provides an agnostic platform to run any data service anywhere.