CI/CD with Kubernetes

Transcript

1. @BastianHofmann CI/CD with Kubernetes Bastian Hofmann [email protected]

2. Continuous Integration

3. Continuous Delivery

4. None

5. Container orchestration platform

6. Deploy, run and scale your services in isolated containers

7. No vendor lock in

8. Standardized APIs

9. Runs on

10. Your laptop

11. None

12. Bare metal

13. Cloud Providers

14. And if you don't want to install and maintain Kubernetes

    yourself

15. Managed Kubernetes

16. None
17. None

18. So we have code, how do we get this into

    Kubernetes?

19. Lot's of tools

20. Example for this talk

21. None

22. Example application

23. https:/ /gitlab.com/bashofmann/ angular-test-app

24. https:/ /gitlab.com/bashofmann/ angular-test-app-finished

25. Pipeline with multiple stages, each stage can have multiple jobs

26. Stage 1: Preparing

27. Stage 2: Linters and Tests

28. Stage 3: Building an image

29. Stage 4: On master: Deploying to Kubernetes into a stage

    namespace

30. Stage 5: On master: Testing if stage works

31. Stage 6: On tag: Tag the docker image

32. Stage 7: On tag: Deploying to Kubernetes into a prod

    namespace

33. Stage 8: On tag: Testing if prod works

34. In detail

35. Stage 1: Preparing

36. Only do slow operations once and cache and re-use results

37. Stage 2: Linters and Tests

38. Add linters for everything

39. Unit tests

40. Integration tests

41. Browser tests

42. Stage 3: Building an image

43. Make the build as fast as possible

44. Make the image as small as possible

45. Stage 4: On master: Deploying to Kubernetes into a stage

    namespace

46. Stage 5: On master: Testing if stage works

47. Stage 6: On tag: Tag the docker image

48. Stage 7: On tag: Deploying to Kubernetes into a prod

    namespace

49. Stage 8: On tag: Testing if prod works

50. Use a versioning scheme

51. Never deploy "latest"

52. Use Kubernetes namespaces

53. Use Helm or similar tools

54. Make use of Kubernetes "magic"

55. Sealed Secrets

56. Secrets are stored encrypted in Git and encrypted inside of

    the cluster

57. LoadBalancers

58. Automatically creates a highly available LoadBalancer with a public IP

    address

59. Ingress controller

60. The ingress controller (nginx) listens on routing rules in Ingress

    Resources and configures itself to route incoming traffic to the correct running and healthy pods

61. cert-manager

62. Cert-manager listens on Ingress Resources and if they need TLS,

    requests a certificate from LetsEncrypt

63. external-dns

64. External-DNS listens on Ingress Resources and creates DNS entries

65. Prometheus

66. Kubernetes and Node metrics are automatically included

67. Kubernetes and Node alerts are automatically included

68. Kubernetes and Node dashboards are automatically included

69. Scraping targets can be automatically discovered

70. Service Meshes

71. None

72. Alternatives

73. Flux

74. None

75. Knative

76. Kubernetes-based platform to deploy and manage modern serverless workloads

77. Tekton CD

78. CI that runs completely within Kubernetes with Kubernetes Custom Resources

79. [email protected] https:/ /twitter.com/BastianHofmann http:/ /speakerdeck.com/u/bastianhofmann