Scaling Bare Metal Infrastructure With Serverless Orchestration
The latest Metal integration enables creation of automated infrastructure that responds to events in near real time.
As Equinix Metal grows, we continue working to make scaling bare metal infrastructure on our platform easier. Metal’s core components are now interoperable software objects developers use to build constructs for provisioning, deprovisioning or scaling infrastructure. One of our latest integrations takes this a step further by automating operational processes, such as scaling a Metal-hosted production environment, using events generated by the production infrastructure in near real time.
The integration enables users to scale out (or scale up) bare metal infrastructure with serverless technology, enabling automation solutions that interact seamlessly with Metal software objects, respond to provisioning and application events and act on them reliably. To build it we partnered with Direktiv, whose platform provides a simple-to-use stateful orchestration engine that uses a YAML workflow specification to execute containers in a serverless fashion.
Before getting into the details of the integration, let’s talk about why we think it’s important, what problems it solves and what sorts of business value it brings. It addresses four key problems: dependence on a single cloud platform, configuration complexity, reusability and multitenancy:
- Cloud agnostic: Direktiv is built to run on any platform or cloud, support any code or capability and NOT be dependent on the cloud provider’s services for running the workflow or executing the actions (while, obviously, supporting it all).
- Simplicity: More than anything, configuring workflow components should be simple. Using only YAML and jq, you should be able to express all workflow states, transitions, evaluations and actions needed to complete the workflow.
- Reusable: If you make the effort to push all your microservices, code or application components into a container platform, you want to reuse and standardize this code across all of your workflows. The Direktiv team modeled its specification on the CNCF Serverless Workflow Specification to ensure that your code is always reusable and portable, not tied to a specific vendor format, requirement or language.
- Multi-tenanted and secure: Direktiv may be used in a multi-tenant service provider space, which means all workflow executions are isolated, data access is secured and isolated and all workflows and actions are truly ephemeral (or serverless).
Why Direktiv On Equinix Metal?
While there are many reasons applying this integration across various new and existing organizations currently running on Equinix Metal is beneficial, here are a few key ways it adds business value:
- A seamless experience for IT managers orchestrating both infrastructure and software with step-function workflows
- Deploying, scaling and deprovisioning infrastructure with Infrastructure-as-Code tools (Terraform, Ansible, etc.) in multicloud environments (for example Metal and AWS)
- Reduced costs and operational overhead of event-driven architected Metal environments through serverless container orchestration
- Serverless and event-driven application workflows on Kubernetes with minimal compute infrastructure resources
Direktiv provides all the necessary specifications to describe the states of the workflow, but also allows you to standardize and reuse your integrations by putting them into a container registry. It executes these policies and containers based on events received from the environment, applications and underlying platforms.
Let’s take a closer look at Direktiv’s attributes:
- Event-driven, or, as I like to describe it, active vs. passive orchestration execution. This provides the capability to have workflows executed using events originating from within an organization's IT environment (“machine created,” “user onboarded,” “AD record modified,” etc.). This isn’t a new concept, but there is now a push to standardize event format via CloudEvents. Event-driven orchestration supports all IT functions. As Figure 1A shows, it provides the ability to act on events in near real time for IT Operations (“machine reboot,” “network down,” “BGP peer failure”), DevOps (“repository push,” “application build complete,” “application build failure”) and DevSecOps (“unauthorized access,” “unauthorized token creation,” “new SSH certificates loaded”).
- Serverless. The Direktiv engine, the workflows and their plugins are code- , vendor- and cloud-agnostic. They are completely abstracted from the underlying infrastructure or cloud components, available only on an “as-needed” basis. Direktiv supports stateless code execution in a serverless environment with or without stateful data retention, which is configured inside an orchestration policy.
- Orchestration is used to tie together multi-discipline engineering teams (such as DevOps, ITOps, DevSecOps, Network and Security) and to embed automation in an organization’s CI/CD practices.
- Containers. Direktiv runs containers either as isolated micro-machines or within a normal container environment. All code is abstracted from the user in the form of a YAML specification language that describes the workflow. The plugins are Direktiv-provided containers or your own.
- Enterprise Features. The platform supports policy control, authentication and authorization and observability.
How Direktiv On Equinix Metal Works
Every Equinix customer, be they an SRE, a software developer or an infrastructure engineer, can integrate into Metal to provision and scale infrastructure in their own way. Engineering teams need agility, reliability and easy scalability when it comes to infrastructure orchestration, and the Direktiv integration with Metal addresses those needs. As Figure 1B shows, Direktiv relies on Knative serverless technology to orchestrate and scale a K3S cluster on bare metal machines by using interlinked step functions.
The integration step function steps:
- Provision bare metal host machines using Metal’s Python SDK
- Direktiv listens to host status events via the Equinix Metal API
- Once device status is verified, generate new SSH passwords, update the SSH passwords in HashiCorp Vault and stage Ansible (using a deployment playbook git repository) to deploy a K3S cluster on the machines provisioned in step one
- Deploy the K3S cluster using the Ansible playbook
- Check connectivity with the K3S cluster just deployed with kubectl
Direktiv observes all these steps and sends any errors to ServiceNow, which then creates incident management tickets.
This is how the the integration’s orchestration workflow appears in the Direktiv platform:
Example Use Cases
Here is a handful of example use cases for the integration of Direktiv and Equinix:
- Build an on-premises serverless engine on bare metal, enabling you to use Direktiv with Equinix Metal AND your own managed infrastructure
- Build and provision (from bare metal to application and processes):
- Leverage the Terraform scripts or Ansible playbooks provided by Equinix to build infrastructure
- Install operating environments (K3S, middleware, application engines)
- Deploy applications from CI/CD
- Extend the build and provisioning process into your change, release and incident management processes
- Automate remediation using event-driven actions for automated scaling and remediation (failed provisioning scenarios)
- Audit and security notifications for things like new API key or SSH key updates, password changes or BGP/interconnect events
- Get near real-time notifications. Use the event integration between Metal Console and Direktiv to set up external notifications to email, Slack, Teams, Discord, Twilio, etc.
One of the most important advantages of running Direktiv’s event-driven platform on Equinix Metal is the ability to orchestrate infrastructure on Metal and across any connected environments. It can be hosted anywhere a Kubernetes cluster can run with minimal compute resources. That, in and of itself, opens the door for much higher-level automation with workflows than what other popular IaaS providers may have. Equinix Metal provides the compute, storage and the high-speed connectivity, while Direktiv provides the serverless event-driven automation to scale infrastructure.
It’s exciting to see Equinix Metal’s developer-friendly ecosystem continue to grow. This recent integration is a great example of how a solution provider can take advantage of Metal’s developer resources to add a layer on top of another layer of software services, ultimately enabling customers to ramp up their production environment.