Detecting drift and dealing with the Silicon Valley mindset
Pulumi's CEO on new products and that other Infrastructure as Code company
Interview Infrastructure as code biz Pulumi has updated its eponymous Deployments product with drift detection and automated clean-up for an untidy reality.
Drift detection remains a challenge as systems scale up and become ever more automated. In an ideal world, everything would be controlled. However, in the real world, things tend to be a bit messier. Techies under pressure might open a port to SSH into a server to work on a problem or deal with a scale issue by temporarily increasing the instance count.
Joe Duffy, CEO at Pulumi tells The Reg: "The problem is, once you make a change like that, what you thought you deployed in your infrastructure as code and what the infrastructure reality is have drifted. They're different.
"And that's usually a bad thing. Because if you forget about it, and you lose track, next time you go to do a deployment, that's a disaster waiting to happen. It's a potential security issue. If you've opened a port temporarily to debug an issue, maybe that's a potential security liability that's now lingering."
Pulumi's Infrastructure Lifecycle Management, which contains drift detection, is intended to deal with that type of reality. By comparing what should be in the environment to what is actually in the environment, alerts can be generated, and – if required – the software can reapply the last known good state.
The same applies to functionality to clean up stale infrastructure with self-destroying stacks. Duffy explains: "I was meeting with the head of innovation at a large enterprise, and he was saying, 'Hey, we want to enable our developers to be self-serve. But we're afraid if we do that, we're gonna have all this infrastructure lying around that's wasted and costing us money'."
Pulumi's solution is to apply a time-to-live setting to a given project or stack. Once that time is up, the stack can be automatically torn down.
It all sounds slightly worrying for anyone who is used to a controlled way of working. Are things really out of control to this extent?
"Almost every customer struggles with this; the problem is they lose track of it. They'll find it some number of months down the road when they run a cost analytics tool or something.
"This helps get ahead of that problem."
If you're going to build a business, great open source can be a key component of that. But you have to have something of commercial value that people are going to pay for...
Duffy reckons that while drift detection tends to get more attention, time-to-live will actually have the most impact "because almost everybody's been bitten by this."
The new Infrastructure Lifecycle Management features, which include scheduled deployments and deployment notifications too, are also all exposed by new REST APIs.
The Silicon Valley Mindset and HashiCorp
It is difficult to discuss infrastructure as code without HashiCorp and Terraform coming up and, of course, HashiCorp's controversial move of changing its software license to the Business Source License. At the time, Duffy wrote on X: "Today, HashiCorp decided to burn down their entire legacy as good stewards of open source."
In summing up the Silicon Valley mindset, Duffy tells The Register: "There's this meme... create a project that is infinitely successful, and then we'll figure out how to make money later.
"I just don't think that works.
"That's the Facebook mindset: get a billion users, and then we can figure out monetization later. That doesn't work with open source because you can't force someone to pay for something that's free.
"If you're going to build a business, great open source can be a key component of that. But you have to have something of commercial value that people are going to pay for.
- Docker launches Testcontainers on former rival Red Hat's OpenShift
- HashiCorp co-founder on dodging cloud chaos, supporting open source
- HashiCorp tool sniffs out configuration drift
- GitHub gathers friends for a security code cleanse to scrub that software up to spec
"And if you look at HashiCorp, how did they start? They started with an assortment of amazing open source technologies and no business model. I think they tried to back into it over time, and that's what led to this outcome."
According to Duffy, the outcome was that HashiCorp found itself "with their back against the wall" and was forced to do a controversial relicensing exercise.
It has since been announced that HashiCorp will be following Red Hat into the arms of IBM. In response to a comment from Kelsey Hightower about not having IBM buying HashiCorp on a bingo card, Duffy replied simply: "I did." ®