GOTO Amsterdam 2015: A Cloud Infrastructure for Scaling Innovation Across Autonomous Teams

A Cloud Infrastructurefor Scaling Innovation Across Autonomous [email protected] / @try_except_GOTO Amsterdam 2015

ARCHITECTURE

RADICAL AGILITY

ABOUT US

HISTORY

INFRASTRUCTURE

AGENDA

Henning Jacobs

● STUPS Hacker

● Twitter: @try_except_

● [email protected]

ABOUT ME

15 countries3 fulfillment centers15+ million active customers2.2+ billion € revenue 2014130+ million visits per month8.000+ employees

ONE OF EUROPE’S LARGEST ONLINE FASHION RETAILERS

Visit us: tech.zalando.com

A BRIEF HISTORY OF ZALANDOTECHNOLOGY

A BRIEF HISTORY OF ZALANDO TECH

ZALANDO PLATFORM

~70% of all applications

WAR deployment

Single deployment tool

On-premise data center

MAIN PRODUCTION STACK SINCE 2010

Platform

THE CHALLENGE

Platform team

request serversdeploy

Platform

THE CHALLENGE

80+ delivery teams

Platform team

deploy

request serversrequest storage

RADICAL AGILITY

GOAL

DELIVER AMAZING PRODUCTS EFFICIENTLY AT SCALE, AND FEELING GREAT ABOUT IT.

3 PRINCIPLES

PURPOSE

AUTONOMY

MASTERY

LEADERSHIP

FROM CONTROL & COMMANDTO PURPOSE AND TRUST

NEW LEADERSHIP

DELIVERYLEAD

PEOPLELEAD

ARCHITECTURE

AN ARCHITECTURE FOR INNOVATION

API FIRST

REST

SAAS

MICROSERVICES

CLOUD

STUPSSTUPS To Unleash Penguin Swarms

AWS

STUPS

DOCKERDEPLOY

SSH ACCESS

AUDIT REPORTS

FULL AWS ACCESS

A PLATFORM ON TOP OF AMAZON WEB SERVICES

AUTONOMY AND COMPLIANCE

STUPS offers maximum freedom for developers while enabling near-real-time audit compliance for every single application.

One AWS account per Team

Deployment with Docker

Managed SSH Access

REST/OAuth 2.0 mandatory

Supports Traceability of Changes

STUPS IN A NUTSHELL

Public Internet

*.foo.example.org *.bar.example.org

Team “Foo” Team “Bar”ELB ELB

EC2Instance

EC2InstanceEC2

InstanceEC2Instance

EC2InstanceEC2

InstanceData Center LB

EC2InstanceEC2

InstanceLegacyInstances

ISOLATED AWS ACCOUNTS

DEPLOYMENT

IMMUTABLE STACKS

AWS

DEPLOYMENT WITH SENZA

Senza CLI

Pier One

docker pull

docker push

Taupage

SENZA: DEFINITION YAML

SENZA: BOOTSTRAP NEW CLOUD FORMATION STACK

SENZA: MANAGE STACKS

LOGGING

APPLICATION LOGS: TAUPAGE SUPPORTS LOGENTRIES AND SCALYR

SSH ACCESS

SSH ACCESS: TIME-LIMITED ACCESS TO ANY TEAM SERVER

MONITORING

TODO: Screenshot

ZMON

ZMON APPLIANCE

*.foo.example.org *.bar.example.org

Team “Foo” Team “Bar”

EC2Instance

EC2InstanceEC2

InstanceEC2

Instance

ZMON Appliance

ZMON Appliance

KairosDB

EC2Instance

EC2Instance

ZMONController

ELB ELB

HYSTRIX TURBINE

FULLSTOP: REPORT VIOLATIONS

OAUTH

OAUTH: APPLICATION REGISTRATION IN YOUR TURN

OAUTH: CREDENTIAL DISTRIBUTION VIA S3 BUCKETS

AWS

YOUR TURN

get access token

Taupage

Kio Mint

OAuthProvider

store passwords

get passwordS3

rotate passwords

STUPS Frontpagehttp://stups.ioSTUPS Documentationhttp://docs.stups.ioGitHub Repositorieshttps://github.com/zalando-stupsTrying out Senza and Taupagehttp://docs.stups.io/en/latest/user-guide/standalone-deployment.html

LINKS

QUESTIONS?

http://stups.io@try_except_

BACKUP

STUPS COMPONENTS

● ELB forinbound traffic

● NAT instancesfor outbound

● HTTPS Only● Internal subnets

for app instances

DMZ DMZ DMZ

internalinternal

eu-west-1a eu-west-1b eu-west-1c

ELB

EC2

internal

EC2

NAT

STUPS: AWS ACCOUNT VPC SETUP

Pier One Docker Reg.

build

approve

EC2 Instances

Docker Container

Application “myapp”issue_management: Jira

Application Version “1.0”artifact: docker/myart:1.0

Taupage AMI

Ticket System

Kio Application RegistryTicket System

SCM

Image “docker/myart:1.0”commit: afb123Issue “ABC-123”

spec: [...]

Commit “afb123”msg: ABC-123..

✓ specs approved✓ artifact tested✓ artifact approved

STUPS: TRACEABILITY

ZALANDO TECH CONSTITUTION PT. 1

ZALANDO TECH CONSTITUTION PT. 2