Canary Sandbox Environment (CSE)
Blog entry by Radosław Piliszek and Paweł Skrzypek from 7bulls.com
Deployment of applications in cloud, multi cloud and, especially, more complex hybrid architectures incorporating edge and fog solutions, requires an efficient way to test and verify the infrastructure as code (IaC) models. One option is direct deployment to the target infrastructure, but it is smarter to use a Canary Sandbox Environment to test the IaC, and the infrastructure it represents, before the actual deployment. Additionally, using Canary Sandbox Environment, it is possible to execute additional stress and completeness tests, not normally run in the target, production environment. This increases the reliability of the deployed environment.
PIACERE users can use a safe, sandbox-like platform to test their IaC (and transitively DOML) - the PIACERE Canary Sandbox Environment (CSE).
The goal is to provide tools that would allow to dynamically test the IaC in a fast and cheap manner.
CSE also makes a perfect target for testing of Infrastructure Optimisation Platform (IOP) results, albeit in a simulated manner.
THE OATH OF CSE DEVELOPERS: TO PROVISION AND TO MOCK!
There are two subprojects in CSE:
CSE Provisioner – to allow users to orchestrate the deployment of the chosen CSE
CSE Mocklord – to provide a mocked-up version of cloud provider’s APIs
A GLIMPSE AT CSEP ARCHITECTURE
CSE – WHAT’S OFFERED BY DEFAULT?
CSE Provisioner is to provision both the Mocklord, as well as OpenStack-based target for IEM.
Open to extensibility – e.g. support for Kubernetes.
Mocklord is to mock AWS EC2 APIs.
Again, open to extensibility – more APIs as welcome additions.
CSE – WHY MOCK? (AND WHY NOT?)
Mocked APIs can be fast but the fact that they are mocked dramatically reduces the depth of testing that can be applied – there are zero real resources to run against. Real APIs cause real actions to happen and may allow deep testing BUT real actions need real resources – that is not cheap! Go for the best of both worlds – real and mocked, mocked and real.
CSE – WHY OPENSTACK? WHY AWS?
Based on analysis done as part of WP2 and WP7 in the PIACERE project, OpenStack has been chosen as the platform for the real APIs and AWS for the mocked ones. OpenStack is the most popular open-source IaaS software. AWS is by far the most popular public cloud. And those two facts found their reflection in the needs of the testbed in PIACERE.
The CSE is an integral part of the PIACERE DevSecOps process, but can be used independently, by other DevOps platforms.