solving ci operational challenges
Post on 22-Jan-2018
Embed Size (px)
Solving CI ChallengesNicolas Corrarello @nomadic_geek May / 2017
- Nico - General geek and DadOps beginner - Opinionated Italian - Argentinian with a hard to pronounce surname - Red Hat, Symantec, Rackspace, Puppet, Hashicorp - ncorrare @github, sgtpepper @freenode - http://nicolas.corrarello.com
Issues with CI servers and pipelines
How do I ensure my build environment matches my actual environment?
How to provide an homogeneous workflow for consuming credentials in my
pipeline and in my production environment?
How do I store and retrieve credentials securely?
How do I sign and verify binaries to ensure parity between CI and
How do I know I am testing against the correct services in a very dynamic
Most importantly, how do I accomplish all of this programmatically?
Audience participation warning
Are you compromising on security for agility?
How close are your tests to your real world?
How many manual steps are there from development to production?
Throw it over the wall
Do both sides of the wall look the same?
Provision, secure, and run any infrastructure for any application
Provide Secret Governance
Privilege Access Management
Securely Store Any Secret
Encryption as a service
Eliminate Secret Sprawl
Service & System | Long runningDisbatch Workloads | Short-lived, elasticBatch Workloads | Big Data
High-Availability, Hybrid CloudEfficient Resource UtilizationHigh Performance
Event driven orchestration
Dynamic configuration at scale
Services can find other services
Vault as centralised secret store
Sign and verify artefacts with Vault
Encrypt and decrypt payloads with Vault
Nomad as a consistent way of scheduling tasks across multiple
datacenters, with diverse infrastructure
Service Discovery with Consul
Q / A github.com/ncorrare for