From source code to Kubernetes, a Continuous Deployment tale

From source code to Kubernetes, a Continuous Deployment tale.

$ whoami @agonzalezro

What’s CI?

Push git Generate Validate Build Test git commit ok goimports
ok go vet ok sonar? ok ...

What’s Continuous Delivery & Continuous Deployment?

Merge git Generate Validate Build Test Create artifact Security Checks
Deploy Clair Atomic scan Call it X ...

Once upon a time...

There was a prince, call him Go

main.go const message = "Hi Gophercon 2018!"

main.go const message = "Hi Gophercon 2018!" func mainHandler(w http.ResponseWriter,
req *http.Request) { fmt.Fprintf(w, message) }

main.go func mainHandler(w http.ResponseWriter, req *http.Request) { fmt.Fprintf(w, message) }
func main() { r := mux.NewRouter() r.HandleFunc("/", mainHandler)

main.go func mainHandler(w http.ResponseWriter, req *http.Request) { fmt.Fprintf(w, message) }
func main() { r := mux.NewRouter() r.HandleFunc("/", mainHandler) port := ":8081" if v, ok := os.LookupEnv("PORT"); ok { port = ":" + v }

main.go func main() { r := mux.NewRouter() r.HandleFunc("/", mainHandler) port
:= ":8081" if v, ok := os.LookupEnv("PORT"); ok { port = ":" + v } log.Println("Listening on " + port) log.Fatal(http.ListenAndServe(port, r)) }

$ go build . $ go test -v .

And there was a princess, call her Docker

Dockerfile FROM golang:1.10-alpine3.7 as builder

Dockerfile FROM golang:1.10-alpine3.7 as builder WORKDIR /go/src/github.com/gophercon RUN apk --no-cache
add git RUN go get -u github.com/golang/dep/cmd/dep COPY Gopkg.lock Gopkg.toml ./ RUN dep ensure -vendor-only

Dockerfile FROM golang:1.10-alpine3.7 as builder ... COPY Gopkg.lock Gopkg.toml ./
RUN dep ensure -vendor-only COPY . ./

Dockerfile FROM golang:1.10-alpine3.7 as builder ... COPY Gopkg.lock Gopkg.toml ./
RUN dep ensure -vendor-only COPY . ./ RUN go build

Dockerfile FROM golang:1.10-alpine3.7 as builder ... COPY . ./ RUN
go build FROM alpine:3.7

go build FROM alpine:3.7 COPY --from=builder /go/src/github.com/gophercon ./

go build FROM alpine:3.7 COPY --from=builder /go/src/github.com/gophercon ./ CMD ["./gophercon"]

$ docker build -t gophercon . $ docker run -d
gophercon

They wanted to live together in a beautiful castle, they
called it Kubernetes

pod.yaml apiVersion: v1 kind: Pod

pod.yaml apiVersion: v1 kind: Pod metadata: name: just-a-pod

pod.yaml apiVersion: v1 kind: Pod metadata: name: just-a-pod spec: containers:
- name: gophercon image: agonzalezro/gophercon:latest

$ kubectl apply pod.yaml just-a-pod

deployment.yaml apiVersion: apps/v1 kind: Deployment

deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: gophercon-deployment labels: app:
gophercon

deployment.yaml ... spec: replicas: 2 selector: matchLabels: app: gophercon template:
# pod here

deployment.yaml ... template: metadata: labels: app: gophercon spec: containers: -
name: gophercon # Don't use latest at home! image: agonzalezro/gophercon:latest

$ kubectl apply deployment.yaml gophercon gophercon

service.yaml apiVersion: v1 kind: Service

service.yaml apiVersion: v1 kind: Service metadata: name: gophercon-service

service.yaml ... spec: type: LoadBalancer

service.yaml ... spec: type: LoadBalancer ports: - name: gophercon port:
80 targetPort: 8081 protocol: TCP selector: app: gophercon

$ kubectl apply service.yaml gophercon gophercon

And we are going to help them with CI/CD

Adventure demo time!

github.com/agonzalezro/gophercon

# We are hiring! # Thanks! @agonzalezro

1. Only deploy if tested 2. Vulnerability scanner 3. Repo
should ping CI, CI should deploy to k8s

$ helm install -f hack/values.yaml stable/jenkins NAME: zooming-wildebeest LAST DEPLOYED:
Sat Jun 9 22:27:22 2018 NAMESPACE: default STATUS: DEPLOYED RESOURCES: ==> v1/Secret

Notes The PR could be deployed in some environment pre-merging
it. Secrets and configs

From source code to Kubernetes, a Continuous Deployment tale

From source code to Kubernetes, a Continuous Deployment tale

More Decks by Alexandre González

Other Decks in Technology

Featured

Transcript