Upgrade to Pro — share decks privately, control downloads, hide ads and more …

CI/CD with Kubernetes

8e82eb7e128a14a16d642ae55227339b?s=47 Bastian Hofmann
August 30, 2019
Programming
0
110

CI/CD with Kubernetes

8e82eb7e128a14a16d642ae55227339b?s=128

Bastian Hofmann

August 30, 2019
Tweet

More Decks by Bastian Hofmann

See All by Bastian Hofmann
8e82eb7e128a14a16d642ae55227339b?s=48 bastianhofmann
0
120
8e82eb7e128a14a16d642ae55227339b?s=48 bastianhofmann
0
63
8e82eb7e128a14a16d642ae55227339b?s=48 bastianhofmann
1
86
8e82eb7e128a14a16d642ae55227339b?s=48 bastianhofmann
0
89
8e82eb7e128a14a16d642ae55227339b?s=48 bastianhofmann
1
39
8e82eb7e128a14a16d642ae55227339b?s=48 bastianhofmann
1
200
8e82eb7e128a14a16d642ae55227339b?s=48 bastianhofmann
2
110
8e82eb7e128a14a16d642ae55227339b?s=48 bastianhofmann
0
110
8e82eb7e128a14a16d642ae55227339b?s=48 bastianhofmann
0
390

Other Decks in Programming

See All in Programming
B1196c22fd3ca181eec43e1b67823d3f?s=48 aftiopk
0
130
12c88a3a10478fa18d0363b3ba3d9df1?s=48 christianliebel
PRO
0
100
E0e036f89c14b3e59640318eedf9670b?s=48 bkuhlmann
2
350
Bbb17eeeecd3d9d06f4db310ab630a12?s=48 borkdude
1
220
4047c64e3a1e2f81addd4ba675ddc451?s=48 zsmb
0
160
9e68acadfe81c2634fae5b8c891f6814?s=48 tamaudon
0
150
F6baf93a0833a98bdc8184c214f4c468?s=48 rgoswami
1
160
Ee4cc84c4dedde009c013c6d5f1a2e84?s=48 tatchnicolas
1
100
3f97ef294ccbc5e3f16b7594e06fd1f3?s=48 sryoya
2
120
03d26b71500c1bf966aedbd125baee45?s=48 udaikue
0
360
6914735c2aaaa9fa1d7e5c8ddde6de4c?s=48 yoheimuta
2
110
D07d36d7d3263da869c7d030ba4a64a6?s=48 y__mattu
0
300

Featured

See All Featured
20bfe76b3d6105641f879fe45cfc9272?s=48 bkeepers
PRO
54
4.4k
5f2da528927a2ec9ba4fec2069cbc958?s=48 kneath
220
15k
06f8b41980eb4c577fa40c41d5030c19?s=48 keathley
20
810
Fde6c3a50ca518a909ef35c22c0ee0e4?s=48 destraynor
222
47k
20bfe76b3d6105641f879fe45cfc9272?s=48 bkeepers
PRO
322
54k
7fa6101cd43067653cf4ac6c7ca54305?s=48 akmur
252
19k
0bce06bd06ee7a2c4f5500f25dcf7f18?s=48 paulrobertlloyd
71
3.7k
E76911cbe088e5b850d966de3fc7435b?s=48 robhawkes
53
2.9k
E837d2996f52008ace055a08fbfff992?s=48 frogandcode
129
20k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
146
20k
C9b18d9dff88a9dd2393364c2b3b21bd?s=48 colly
188
14k
1b8ad785acdd1ce1c99914b1c2a4e10e?s=48 sugarenia
233
900k

Transcript

  1. @BastianHofmann CI/CD with Kubernetes Bastian Hofmann mail@bastianhofmann.de

  2. Continuous Integration

  3. Continuous Delivery

  4. None

  5. Container orchestration platform

  6. Deploy, run and scale your services in isolated containers

  7. No vendor lock in

  8. Standardized APIs

  9. Runs on

  10. Your laptop

  11. None

  12. Bare metal

  13. Cloud Providers

  14. And if you don't want to install and maintain Kubernetes

    yourself

  15. Managed Kubernetes

  16. None
  17. None

  18. So we have code, how do we get this into

    Kubernetes?

  19. Lot's of tools

  20. Example for this talk

  21. None

  22. Example application

  23. https:/ /gitlab.com/bashofmann/ angular-test-app

  24. https:/ /gitlab.com/bashofmann/ angular-test-app-finished

  25. Pipeline with multiple stages, each stage can have multiple jobs

  26. Stage 1: Preparing

  27. Stage 2: Linters and Tests

  28. Stage 3: Building an image

  29. Stage 4: On master: Deploying to Kubernetes into a stage

    namespace

  30. Stage 5: On master: Testing if stage works

  31. Stage 6: On tag: Tag the docker image

  32. Stage 7: On tag: Deploying to Kubernetes into a prod

    namespace

  33. Stage 8: On tag: Testing if prod works

  34. In detail

  35. Stage 1: Preparing

  36. Only do slow operations once and cache and re-use results

  37. Stage 2: Linters and Tests

  38. Add linters for everything

  39. Unit tests

  40. Integration tests

  41. Browser tests

  42. Stage 3: Building an image

  43. Make the build as fast as possible

  44. Make the image as small as possible

  45. Stage 4: On master: Deploying to Kubernetes into a stage

    namespace

  46. Stage 5: On master: Testing if stage works

  47. Stage 6: On tag: Tag the docker image

  48. Stage 7: On tag: Deploying to Kubernetes into a prod

    namespace

  49. Stage 8: On tag: Testing if prod works

  50. Use a versioning scheme

  51. Never deploy "latest"

  52. Use Kubernetes namespaces

  53. Use Helm or similar tools

  54. Make use of Kubernetes "magic"

  55. Sealed Secrets

  56. Secrets are stored encrypted in Git and encrypted inside of

    the cluster

  57. LoadBalancers

  58. Automatically creates a highly available LoadBalancer with a public IP

    address

  59. Ingress controller

  60. The ingress controller (nginx) listens on routing rules in Ingress

    Resources and configures itself to route incoming traffic to the correct running and healthy pods

  61. cert-manager

  62. Cert-manager listens on Ingress Resources and if they need TLS,

    requests a certificate from LetsEncrypt

  63. external-dns

  64. External-DNS listens on Ingress Resources and creates DNS entries

  65. Prometheus

  66. Kubernetes and Node metrics are automatically included

  67. Kubernetes and Node alerts are automatically included

  68. Kubernetes and Node dashboards are automatically included

  69. Scraping targets can be automatically discovered

  70. Service Meshes

  71. None

  72. Alternatives

  73. Flux

  74. None

  75. Knative

  76. Kubernetes-based platform to deploy and manage modern serverless workloads

  77. Tekton CD

  78. CI that runs completely within Kubernetes with Kubernetes Custom Resources

  79. mail@bastianhofmann.de https:/ /twitter.com/BastianHofmann http:/ /speakerdeck.com/u/bastianhofmann