Upgrade to Pro — share decks privately, control downloads, hide ads and more …

GitOps Survival Guide: Kubernetes Edition

Julio Faerman
January 28, 2022
0
14

GitOps Survival Guide: Kubernetes Edition

As presented on DevConf CZ 2022
https://devconfcz2022.sched.com/event/siGr/gitops-survival-guide-kubernetes-edition

Julio Faerman

January 28, 2022
Tweet

More Decks by Julio Faerman

See All by Julio Faerman
GPT + TDD: Create Doclet Parser
faermanj
0
51
English Accelerator with Tom Horner
faermanj
0
36
Sobrevivendo ao Kubernetes
faermanj
0
80
Speaking about Speaking
faermanj
0
140
Microservicios Hoy
faermanj
0
36
Get Recruited, Not Crazy
faermanj
0
52
Experimentando Software no Glovo
faermanj
1
110
Salvando vidas com dispositivos semi-conectados
faermanj
1
19
Building data-intensive applications
faermanj
0
60

Featured

See All Featured
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
500
130k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
11
870
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
226
16k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
16
1.4k
Producing Creativity
orderedlist
PRO
336
38k
No one is an island. Learnings from fostering a developers community.
thoeni
14
1.8k
Scaling GitHub
holman
455
140k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
225
50k
Building an army of robots
kneath
300
41k
Facilitating Awesome Meetings
lara
37
5.1k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
318
20k
What the flash - Photography Introduction
edds
64
11k

Transcript

  1. GitOps Survival Guide
    Kubernetes Edition
    Julio Faerman
    @faermanj

    View Slide

  2. IMAGE HERE
    Continuous Delivery
    Fast feedback loops, agile innovation,
    evolutionary architectures and more.
    ● Developers build with Git[Hub, Lab]
    ● Git triggers events
    ● Pipeline builds and tests artifacts
    ● Resources are provisioned
    ● Changes get deployed
    ● Reliable rollout
    ● Cleanup underutilized resources

    View Slide

  3. IMAGE HERE
    Not so simple…
    ● How many “Clouds” and when?
    ● Where are the “lock-ins”?
    ● How many clusters?
    ● How to build it?
    ● Is it well-architected?
    ● How to manage the database?
    ● How to keep it all safe?
    ● …
    “Do what you can,
    with what you’ve got,
    where you are.”
    Squire Bill Widener

    View Slide

  4. CONFIDENTIAL designator
    V0000000
    Is this cloud computing?

    View Slide

  5. CONFIDENTIAL designator
    V0000000
    Is this cloud?
    5
    Source:
    https://i.redd.it/8v9fopt6wlx31.jpg
    Is this cloud too?

    View Slide

  6. CONFIDENTIAL designator
    V0000000
    Is this cloud?
    6
    Source:
    https://i.redd.it/8v9fopt6wlx31.jpg
    What about those?

    View Slide

  7. IMAGE HERE
    Kubernetes “end to end”?

    View Slide

  8. CONFIDENTIAL designator
    V0000000

    View Slide

  9. IMAGE HERE
    Red Hat OpenShift on *
    https://caravana.cloud/projetos

    View Slide

  10. IMAGE HERE
    Red Hat OpenShift on *
    https://caravana.cloud/projetos

    View Slide

  11. IMAGE HERE
    Red Hat OpenShift on *
    https://caravana.cloud/projetos

    View Slide

  12. https://learnk8s.io/research

    View Slide

  13. IMAGE HERE
    Well-Architected?
    ● Security
    ● Reliability
    ● Performance
    ● Costs
    ● Operational Visibility

    View Slide

  14. CONFIDENTIAL designator
    V0000000
    14
    bV
    Evolutionary vs Well-Architected

    View Slide

  15. IMAGE HERE
    The Usual Suspects
    Security is a shared responsibility
    Demonstrate reliability by testing
    Keep collaboration through Git
    “There is nothing new in the world
    except the history you do not know.”
    Harry S Truman

    View Slide

  16. CONFIDENTIAL designator
    V0000000
    / Evolutionary vs Well-Architected /

    View Slide

  17. IMAGE HERE
    Auto-deployment vs. Auto-provisioning

    View Slide

  18. IMAGE HERE
    Immutable
    Infrastructure
    ● Reduced, authentication,
    authorization and auditing
    ● As reliable as yesterday
    ● Push to prod from day 1
    ● Simpler rollbacks
    ● Agile innovation
    ● Not necessarily more expensive
    ● Brings “Infrastructure as Code”

    View Slide

  19. Immutable > Blue/Green > Canary > Circle

    View Slide

  20. Database Migrations

    View Slide

  21. IMAGE HERE
    Tiered Ops
    Database -> Maintenance Window
    API -> On Release
    APP -> Weekly
    CDN -> Never

    View Slide

  22. Multi-Cluster Design & Management
    Tier or Purpose
    DB, Network, Storage,
    Compute ...
    Grade or Data
    Development, Staging,
    Pre-prod, Prod,
    Decommissioned, ...
    Circle
    Employees, Beta, Premium,
    RC, GA, ...
    1 2 3

    View Slide

  23. CONFIDENTIAL designator
    V0000000
    The Paradox of Choice

    View Slide

  24. IMAGE HERE
    It starts with shell and yaml…
    https://caravana.cloud/coding-interviews

    View Slide

  25. IMAGE HERE
    Infrastructure as Code
    & Terraform
    ● Built on Git
    ● Declarative
    ● Repeatable
    ● Extensible
    ● Composable
    ● Partially Managed
    ● Fully Managed

    View Slide

  26. IMAGE HERE
    Collaboration with Branches, PRs, Threads &+!
    https://caravana.cloud/projetos

    View Slide

  27. IMAGE HERE
    Pipelines, Builders
    & GitHub Actions
    scheduled
    workflow_dispatch
    repository_dispatch
    check_run
    check_suite
    create
    delete
    deployment
    deployment_status
    discussion
    discussion_comment
    fork
    follum
    issue_comment
    issues
    label
    milestone
    page_build
    project
    project_card
    project_column
    public
    pull_request
    pull_request_review
    pull_request_review_comment
    pull_request_target
    push
    registry_package
    release
    status
    watch
    workflow_run

    View Slide

  28. IMAGE HERE
    Managing Configuration
    Naming Conventions
    git checkout -b prod/env2020
    Environment Variables
    ENV_NAME=prod/env2020
    Repository Content
    infra/prod/env2020.yaml
    Separate Repository
    https://github.com/acme/private-repo/blob/main/
    infra/prod/env2020.yaml
    Secrets are Special
    GitHub Secrets
    Hashicorp Vault
    AWS Systems Manager

    View Slide

  29. CONFIDENTIAL designator
    V0000000
    Observability
    Metrics
    Logs
    Alarms
    Events
    Traces

    View Slide

  30. CONFIDENTIAL designator
    V0000000
    Fault Tolerance at Netflix

    View Slide

  31. CONFIDENTIAL designator
    V0000000

    View Slide

  32. IMAGE HERE
    Operator Maturity Model
    https://caravana.cloud/coding-interviews

    View Slide

  33. So, GitOps...
    Infrastructure as
    Code
    Manage infrastructure
    operations as if it was code,
    using tools and process from
    software development.
    Collaborate through
    Git
    Use commands, tools and
    services from Git as a source of
    code and events.
    Continuous
    Delivery
    Separate deploy and release,
    releasing frequently and
    confidently, by deep automation
    and testing.
    1 2 3

    View Slide

  34. CONFIDENTIAL designator
    V0000000
    learn.openshift.com

    View Slide

  35. References
    Red Hacks
    https://dev.to/redhacks
    Awesome Kubernetes
    https://redhatspain.com
    Learn OpenShift GitOps
    https://learn.openshift.com/gitops/
    Learn k8s
    https://learnk8s.io/

    View Slide

  36. 🙏 ❤
    Julio Faerman
    @faermanj

    View Slide

  37. IMAGE HERE
    GitOps Blueprints
    https://caravana.cloud

    View Slide

  38. CONFIDENTIAL designator
    V0000000

    View Slide

  39. CONFIDENTIAL designator
    V0000000

    View Slide

  40. IMAGE HERE
    Here, there and everywhere;
    Distributed teams, tools and culture

    View Slide

  41. IMAGE HERE
    OKD
    https://caravana.cloud/projetos

    View Slide

  42. IMAGE HERE
    Red Hat OpenShift Platform Plus

    View Slide