Liz Fong-Jones (方禮真) Profile picture
May 16, 2018 29 tweets 11 min read Read on X
Next in the #devops track at #gluecon: @lindydonna on using code to accomplish immutability!
What if we could just use real code rather than domain specific languages for immutability? What are the advantages of this approach? [ed: p.s. I'm super excited to have met her in person finally!!!] #gluecon
Previously worked at Azure on Azure Functions. Letting people be really productive using serverless offerings.

Where did people struggle? Doing deployments in repeatable fashions. The problem is not the atoms of code, it's deploying the dependency graph. #gluecon
Example: your cloud function won't work if a storage bucket it depends upon doesn't exist yet. This isn't just a problem with Azure, it's a problem with all cloud platforms. #gluecon
People no longer have just 4 services to think about, and the way we build apps has changed to using managed services rather than self-managing on top of raw VMs. #gluecon
.@lindydonna doesn't think "serverless" is a meaningful term; "servicefull" is a better way of thinking about it.

Instead of using raw VMs, we're just using higher level abstractions on managed services. #gluecon
Application developers have to understand the cloud. [ed: standing ovation]. Your ops team won't do this for you. The burden is on *you* as an app developer. #gluecon
People are being given business directives to just use the cloud services rather than writing it themselves. But people struggle because of boundary between how appdev and devops think about the cloud.

Who manages your managed services? #gluecon
"The console is a technical debt generator" -- friend of @lindydonna. [ed: yes yes yes]. Every time you do a bespoke cloud console operation, you have something that's now non-reproducible. #gluecon
The tutorials don't tell you that because they *want* you to have techdebt, they tell you to use a web UI because they don't want to scare you off with YAML. #gluecon
There's a disconnect between experienced DevOps people that say "of course you should do it with config" and people new who are afraid and want to use the console.

Why is this? Because config languages are hard to use and require very specific custom syntax. #gluecon
The best in class tools are still based on the idea of using a DSL. Terraform gives you a higher level model but lacks loops, conditionals, and models. And it's still considered best practice.

There's a class of people turned off by learning curve of config languages. #gluecon
People wind up specializing and being pigeonholed into being the 'terraform experts' who wind up doing just that job and everyone else blocks on them. [ed: I'm now recognizing this pattern in one of my clients...] #gluecon
They also don't promote code reuse. People wind up copying and pasting rather than refactoring to common code.

We use code as the template for every new project we start, then we can't fix it in one place. #gluecon
We don't tolerate cut/paste in application code. Why do we tolerate it in config?

Your code reviewers wouldn't tolerate you copy pasting an entire NPM module into your code. #gluecon
Defining infrastructure in JavaScript or Python and transforming it into declarative plans is the best of both worlds.

Common language and toolchain between operators and developers. #gluecon
Move people towards everyone being empowered to deploy infrastructure rather than one or two "experts" on a team. #gluecon
[ed: you'll get some... interesting stories, both positive and negative, if you ask Google SREs about how we use vanilla-ish Python to configure Monarch.] #gluecon
500 lines of cloudformation to develop a "simple" service winds up missing abstraction because it doesn't match how we think about the problem. No hierarchy/decomposition, just tons of low level assembly-like code. #gluecon
"Your tutorials on how to do basic setup of your dependencies should not be so complex that they require a congratulations message at the end." --@lindydonna #gluecon
We need to abstract our low level building blocks into common patterns that we can instantiate. Use libraries/packages in a real programming language instead. #gluecon
If you do this right, you don't need to do specialized toolchain work to support your DSL, because the native toolchain of your real language will do documentation/completion/typechecking/etc. for you. #gluecon
Giving someone a graphical console for the raw building blocks (or even an API to do the raw building blocks) is insufficient. Reusable and customizable libraries around the API are what you really need. #gluecon
And if you're sneaky and clever, you can make your application code check if its dependencies exist, and launch its dependencies on the fly using the libraries for talking to the cloud provider! #gluecon
Separation of the config from the application code is a purely artificial construct. [ed: this is making me think about the fact that all the production DSLs at Google that aren't already Python dialects rapidly become Turing-complete, but w/ custom syntax] #gluecon
Adding steps into your pipeline needs to be modular rather than procedural.

Should every person need to know how to provision a new pubsub topic, and wire up a new service to push to a ML service and receive results? Ugh. Of course not. So you need a library. #gluecon
If you've done it right, it's *easier* to stand up a new instance via pulling in a library and plugging in your code than doing the clicky clicky work in the web console. Give your developers the right incentives, so they do things the immutable, reproducible way. [fin] #gluecon
[and there was a cool cat picture/video demo].

[ed: it's a super pitchy talk, but I happen to *love* where they're going and think it brings the public world to where Google SREs have been for a while so it's hard for me to mind the pitchiness.] #gluecon
[ed: because, oh goodness, I *hatehatehate* seeing people use the console to provision more than toy resources, and I *hatehatehate* seeing SRE pigeonholed as "the people who do terraform" so any way forward is great] #gluecon

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Liz Fong-Jones (方禮真)

Liz Fong-Jones (方禮真) Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @lizthegrey

Oct 3, 2018
Final talk I'll be getting to at #VelocityConf before I dash to Toronto: @IanColdwater on improving container security on k8s.
@IanColdwater She focuses on hardening her employer's cloud container infrastructure, including doing work on k8s.

She also was an ethical hacker before she went into DevOps and DevSecOps. #VelocityConf
She travels around doing competitive hacking with CTFs. It's important to think like an attacker rather than assuming good intents and nice user personas that use our features in the way the devs intended things to be used. #VelocityConf
Read 36 tweets
Oct 3, 2018
My colleague @sethvargo on microservice security at #VelocityConf: traditionally we've thought of traditional security as all-or-nothing -- that you put the biggest possible padlock on your perimeter, and you have a secure zone and untrusted zone.
@sethvargo We know that monoliths don't actually work, so we're moving towards microservices. But how does this change your security model?

You might have a loadbalancer that has software-defined rules. And you have a variety of compartmentalized networks. #VelocityConf
You might also be communicating with managed services such as Cloud SQL that are outside of your security perimeter.

You no longer have one resource, firewall, loadbalancer, and security team. You have many. Including "Chris." #VelocityConf
Read 19 tweets
Oct 3, 2018
Leading off the k8s track today is @krisnova on migrating monoliths to k8s! #VelocityConf
@krisnova [ed: p.s. her ponies and rainbows dress is A+++]

She starts by providing a resources link: j.hept.io/velocity-nyc-2…

The problems we're solving:
(1) why are monoliths harder to migrate?
(2) Should you?
(3) How do I start?
(4) Best practices #VelocityConf
.@krisnova is a Gaypher (gay gopher), is a k8s maintainer, and is involved in two k8s SIGs (cluster lifecycle & aws, but she likes all the clouds. depending upon the day). And she did SRE before becoming a Dev Advocate! #VelocityConf
Read 29 tweets
Oct 3, 2018
Final keynote block: @lxt of Mozilla on practical ethics and user data. #VelocityConf
@lxt And also ethics of experimentation!

"just collect data and figure out later how you'll use it" doesn't work any more. #VelocityConf
We used to be optimistic before we ruined everything.

Mozilla also used to not collect data, and only had data on number of downloads, but its market share went down because they weren't measuring user satisfaction and actual usage. #VelocityConf
Read 25 tweets
Oct 3, 2018
Next up is @mrb_bk on why marketing matters. #VelocityConf
@mrb_bk Hypothesis: marketing >> code in terms of software adoption. [ed: and this is why I became a developer advocate!] #VelocityConf
You need to consider community early when developing a product.

Always ask, "Why do people matter?" "Why does adoption matter?" #VelocityConf
Read 17 tweets
Oct 3, 2018
Next up is @rogerm on O'Reilly's insights into trends with Radar. #VelocityConf
@rogerm They look at changes in search terms year on year; the two largest increases are k8s and blockchain. #VelocityConf
People are becoming less interested in broader topics and more interested in specific technologies e.g. pytorch. #VelocityConf
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(