Trent Hornibrook gave a recent talk at the Infracoders meet-up playing a thought experiment with the audience on 'what would be your tech decisions if you were given a blank cheque at at startup'.
Trent, recently working for a start-up then shared what decisions he made, and why
5. Day 1
• Two java apps iterated on for the past 10 years
• SQLSERVER datastores
• Think we may need to deploy on physical tin
• Does 80% of what we want from a business
perspective
28. Buildkite
• Fully described pipelines as code in the code
• Manage nothing (well very little)
• Autoscale builds
• Great security pattern
• Local community
• Have you tried Bamboo?
29. Where to host
• Where would you host the app?
• Would you choose a IaaS platform or PaaS?
• What would you use?
30. Where to host
• IaaS
• AWS
• Azure
• Google Cloud
• PaaS
• Beanstalk
• Heroku
31. Where to host
• IaaS
• AWS
• Azure
• Google Cloud
• PaaS
• Beanstalk
• Heroku
32. AWS Account layout
• Account layout phase 1
• nonprod - staging
• prod - prod
• build - where we build & package - ci things
• audit - cloudtrail
• billing - consolidated billing
37. Where to host
• The AWS horse is a safe bet
• Know we were going to grow and wanted more
control (IaaS over PaaS)
• Almost everyone knows AWS - skills transference
• Strong knowledge in good AWS security
• IAM / Security groups etc
38. AWS Account Layout
• Lay out everything the same
• Exceptions will occur, but don't start with them
• Seperate account by access control
• Avoid VPC peering!
• If you VPC peer, why have different accounts?
43. The Artefact / packaging
• Hedged bets on needing to deploy onto
physical tin
• Like baking AMIs without the cost
• Helps (or should help) local development
44. Config as code
• What would you use?
• Caveat - it is just this for the moment:
45. Config as code
• Just cloudformation
• Ansible
• Chef
• Puppet
• Confluence doc
46. Config as code
• Just cloudformation
• Ansible
• Chef
• Puppet
• Confluence doc
49. Config as code
• Simplest solution
• Not complex enough to introduce Ansible /
Chef / Puppet / etc
• Not big enough for service discovery
• Most minimal repeatable solution
57. Logging
• Prefer to pay for a SaaS provider for this
• You look after the logs, I’ll look after the app
• SumoLogic was Splunk like without $plunk
• Didn't spend a lot of time deciding - picked one
and moved on
61. What I start with
• Application performance (NewRelic)
• Mobile crash (NewRelic)
• Web endpoint from a third party (NewRelic)
• (Basic) Server metrics (NewRelic / Cloudwatch)
• Internal API HTTP endpoints (Cloudwatch)
• SQS queues (Cloudwatch)
• RDS disk usage (Cloudwatch)
62. What I avoid
• Application disk / CPU / memory usage (thats
not already free)
• Email queues
• MySQL ‘slave lag’
64. Monitoring / Alerting
• Pick a SaaS that works at an affordable price
• Don't spend too much time picking one
• Refine overtime once the app is up and running
65. The second month
• The app does 80% of what we want from a
business perspective
• Lets get a team together to work on the 20%
• Old-code-phobia
• Microservices-all-the-things
66. Config as code
• What would you use?
• Caveat - it is just this for the moment:
68. Config as code
Three approaches spring to mind:
• Extend the one ec2 instance docker run
approach
• ‘docker-compose’ on the ec2 instance
• Docker Scheduler
69. What I like
• Awesome security
• Tight IAM policies
• Security groups between the things
• Write once, deploy everywhere
72. Rancher
• Really easy to visualise what is going on
• Obtain access to the console logs
• Even run commands on the console!
• Can be controlled by docker-compose (plus a
rancher-compose file)
• Local dev++
81. Rancher - neg
• Doesn't fit well with IAM
• It looses its shit when ec2 hosts go away
• ECR container support is flimsy
• No scaling support
• Hard to be half in AWS (eg RDS) & Rancher
90. ECS - pro
• In the AWS ecosystem
• Surely ECS will get better, no?
• Task based IAM
91. ECS - neg
• Have to duplicate docker-compose into Task Definitions
• How you control the state
• Use ecs-cli ? Use ecs-deploy ? Use cloudformation?
• You MUST have log aggregation
• The UI is messy
• Hard to diagnose what is happening
• Task based IAM has wedged us - maturity?
92. Lessons
• Try and pick tools that have strong community
support & have common knowledge in the community
• Pick the solution that your broad team members
knows about
• Config-as-code all-the-things
• git blame away from understanding why
• Start simple and iterate