Upgrade to Pro — share decks privately, control downloads, hide ads and more …

CI/CD with Kubernetes

CI/CD with Kubernetes

Bastian Hofmann

August 30, 2019
Tweet

More Decks by Bastian Hofmann

Other Decks in Programming

Transcript

  1. @BastianHofmann
    CI/CD with Kubernetes
    Bastian Hofmann
    [email protected]

    View Slide

  2. Continuous Integration

    View Slide

  3. Continuous Delivery

    View Slide

  4. View Slide

  5. Container orchestration platform

    View Slide

  6. Deploy, run and scale your services
    in isolated containers

    View Slide

  7. No vendor lock in

    View Slide

  8. Standardized APIs

    View Slide

  9. Runs on

    View Slide

  10. Your laptop

    View Slide

  11. View Slide

  12. Bare metal

    View Slide

  13. Cloud Providers

    View Slide

  14. And if you don't want to install and
    maintain Kubernetes yourself

    View Slide

  15. Managed Kubernetes

    View Slide

  16. View Slide

  17. View Slide

  18. So we have code, how do we get this
    into Kubernetes?

    View Slide

  19. Lot's of tools

    View Slide

  20. Example for this talk

    View Slide

  21. View Slide

  22. Example application

    View Slide

  23. https:/
    /gitlab.com/bashofmann/
    angular-test-app

    View Slide

  24. https:/
    /gitlab.com/bashofmann/
    angular-test-app-finished

    View Slide

  25. Pipeline with multiple stages, each
    stage can have multiple jobs

    View Slide

  26. Stage 1:
    Preparing

    View Slide

  27. Stage 2:
    Linters and Tests

    View Slide

  28. Stage 3:
    Building an image

    View Slide

  29. Stage 4: On master:
    Deploying to Kubernetes into a stage
    namespace

    View Slide

  30. Stage 5: On master:
    Testing if stage works

    View Slide

  31. Stage 6: On tag:
    Tag the docker image

    View Slide

  32. Stage 7: On tag:
    Deploying to Kubernetes into a prod
    namespace

    View Slide

  33. Stage 8: On tag:
    Testing if prod works

    View Slide

  34. In detail

    View Slide

  35. Stage 1:
    Preparing

    View Slide

  36. Only do slow operations once and
    cache and re-use results

    View Slide

  37. Stage 2:
    Linters and Tests

    View Slide

  38. Add linters for everything

    View Slide

  39. Unit tests

    View Slide

  40. Integration tests

    View Slide

  41. Browser tests

    View Slide

  42. Stage 3:
    Building an image

    View Slide

  43. Make the build as fast as possible

    View Slide

  44. Make the image as small as possible

    View Slide

  45. Stage 4: On master:
    Deploying to Kubernetes into a stage
    namespace

    View Slide

  46. Stage 5: On master:
    Testing if stage works

    View Slide

  47. Stage 6: On tag:
    Tag the docker image

    View Slide

  48. Stage 7: On tag:
    Deploying to Kubernetes into a prod
    namespace

    View Slide

  49. Stage 8: On tag:
    Testing if prod works

    View Slide

  50. Use a versioning scheme

    View Slide

  51. Never deploy "latest"

    View Slide

  52. Use Kubernetes namespaces

    View Slide

  53. Use Helm or similar tools

    View Slide

  54. Make use of Kubernetes "magic"

    View Slide

  55. Sealed Secrets

    View Slide

  56. Secrets are stored encrypted in Git
    and encrypted inside of the cluster

    View Slide

  57. LoadBalancers

    View Slide

  58. Automatically creates a highly
    available LoadBalancer with a
    public IP address

    View Slide

  59. Ingress controller

    View Slide

  60. The ingress controller (nginx) listens
    on routing rules in Ingress Resources
    and configures itself to route
    incoming traffic to the correct
    running and healthy pods

    View Slide

  61. cert-manager

    View Slide

  62. Cert-manager listens on Ingress
    Resources and if they need TLS,
    requests a certificate from
    LetsEncrypt

    View Slide

  63. external-dns

    View Slide

  64. External-DNS listens on Ingress
    Resources and creates DNS entries

    View Slide

  65. Prometheus

    View Slide

  66. Kubernetes and Node metrics are
    automatically included

    View Slide

  67. Kubernetes and Node alerts are
    automatically included

    View Slide

  68. Kubernetes and Node dashboards
    are automatically included

    View Slide

  69. Scraping targets can be
    automatically discovered

    View Slide

  70. Service Meshes

    View Slide

  71. View Slide

  72. Alternatives

    View Slide

  73. Flux

    View Slide

  74. View Slide

  75. Knative

    View Slide

  76. Kubernetes-based platform to
    deploy and manage modern
    serverless workloads

    View Slide

  77. Tekton CD

    View Slide

  78. CI that runs completely within
    Kubernetes with Kubernetes Custom
    Resources

    View Slide

  79. [email protected]
    https:/
    /twitter.com/BastianHofmann
    http:/
    /speakerdeck.com/u/bastianhofmann

    View Slide