Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Next-gen CI/CD with Gitops and Progressive Deli...

Next-gen CI/CD with Gitops and Progressive Delivery | Code Europe

Kevin Dubois

May 22, 2023
Tweet

More Decks by Kevin Dubois

Other Decks in Technology

Transcript

  1. @kevindubois Kevin Dubois • Principal Developer Advocate at Red Hat

    • 18+ years of experience writing and delivering software applications • Speak English, Dutch, French, Italian • Passionate about improving Dev Experience with Open Source @[email protected] youtube.com/@thekevindubois linkedin.com/in/kevindubois github.com/kdubois
  2. @kevindubois Developer Flow Outer loop Inner loop Pull/Merge Request Production

    Build / Package Code Push Debug Code Review Build Deploy Security Tests Compliance Inner loop Outer loop Developer Test
  3. @kevindubois @kevindubois Today, let’s focus on the “Outer Loop” The

    outer loop consists of the larger team processes that your code flows through on its way to the cluster: code reviews, integration tests, security and compliance. It needs be transparent and fast for developers from all teams. Outer Loop Development
  4. @kevindubois CI / CD Build Test Security Checks Release Deploy

    Stage Deploy Prod Continuous Integration Continuous Delivery Continuous Deployment Manual Auto
  5. @kevindubois The application Push to give energy windmill 1.Sends click

    Kafka Topic 2.Sends the interaction Dashboard: Green Energy Nickname Team Push/Tap to generate energy Cars that need energy Two teams competing (top 5 players) First wins
  6. @kevindubois Architecture 3: Generate power (REST) Game Dashboard 1: Assign

    player Name & Team (REST) 6: Update dashboard (SSE) 2: Increment player cluster counter 4: Send power event 5: Receive power events 9
  7. @kevindubois Developer Flow Outer loop Inner loop Pull/Merge Request Production

    Build / Package Code Push Debug Code Review Build Deploy Security Tests Compliance Inner loop Outer loop Developer Test
  8. @kevindubois Tekton is a Graduated Continuous Delivery Foundation project and

    follows the OpenSSF best practices. Contributions from Google, Red Hat, Cloudbees, IBM, Elastic, Puppet, and many more An open-source project for providing a set of shared and standard components for building Kubernetes-style CI/CD systems https://tekton.dev
  9. @kevindubois What is GitOps? Treat everything as code Git is

    the single source of truth Operations through Git workflows
  10. @kevindubois GitOps Application Delivery Model Source Git Repository Image Registry

    CI Config Git Repository Kubernetes CD Pull Request / Commit Push Pull
  11. @kevindubois What is Progressive Delivery? Build Test Security Checks Release

    Deploy Stage Deploy Prod Continuous Integration Continuous Delivery Continuous Deployment Manual Auto
  12. @kevindubois What is Progressive Delivery? • No Big Bang •

    Deploy != Release • Metrics • Subset of Users
  13. @kevindubois Why Progressive Delivery? • Decreases Downtime • Limits the

    Tragedy • Deploy & Release to Production faster • Less mocking or setting up unreliable ‘fake’ services
  14. @kevindubois Blue - Green 35 apiVersion: v1 kind: Service metadata:

    name: my-service labels: app: mystuff spec: ports: - name: http port: 8000 selector: inservice: mypods type: LoadBalancer apiVersion: apps/v1 kind: Deployment metadata: name: mynode-deployment spec: replicas: 1 selector: matchLabels: app: mynode template: metadata: labels: app: mynode spec: containers: - name: mynode image: quay.io/rhdevelopers/mynode:v1 ports: - containerPort: 8000 kubectl label pod -l app=mynode inservice=mypods
  15. @kevindubois Controlling Microservices with a Service Mesh 38 Code Independent

    (Polyglot) • Intelligent Routing and Load-Balancing • Smarter Canary Releases • Dark Launch • Chaos: Fault Injection • Resilience: Circuit Breakers • Observability & Telemetry: Metrics and Tracing • Security: Encryption & Authorization • Fleet wide policy enforcement
  16. @kevindubois 39 Istio Architecture Control Plane The data plane is

    composed of a set of intelligent proxies (Envoy) deployed as sidecars. These proxies mediate and control all network communication between microservices. They also collect and report telemetry on all mesh traffic. The control plane manages and configures the proxies to route traffic. Data Plane
  17. @kevindubois Pod Container JVM Service A Sidecar Container Pod Container

    JVM Service C Sidecar Container Pod Container JVM Service B Sidecar Container The sidecar intercepts all network traffic
  18. @kevindubois Canary Release 41 apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name:

    recommendation spec: hosts: - recommendation http: - route: - destination: host: recommendation subset: version-v1 weight: 75 - destination: host: recommendation subset: version-v2 weight: 25
  19. @kevindubois Shadowing Traffic 42 apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name:

    recommendation spec: hosts: - recommendation http: - route: - destination: host: recommendation subset: version-v1 mirror: host: recommendation subset: version-v2
  20. @kevindubois Dark Canary 43 apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name:

    recommendation spec: hosts: - recommendation http: - match: - headers: end-user: exact: Alexandra route: - destination: host: recommendation subset: version-v2 - route: - destination: host: recommendation subset: version-v1
  21. @kevindubois Rolling out automatically 47 apiVersion: argoproj.io/v1alpha1 kind: Rollout metadata:

    name: rollouts-demo labels: app: rollouts-demo spec: strategy: canary: steps: - setWeight: 20 - pause: duration: "1m" - setWeight: 50 - pause: duration: "2m" canaryService: rollouts-demo-canary stableService: rollouts-demo-backend trafficRouting: istio: virtualService: name: rollout-vsvc routes: - primary …
  22. @kevindubois Metrics Based Rollouts strategy: canary: analysis: args: - name:

    service-name value: rollouts-demo-canary.canary.svc.cluster.local templates: - templateName: success-rate canaryService : rollouts-demo-canary stableService : rollouts-demo-stable trafficRouting : istio: virtualService : name: rollout-vsvc routes: - primary steps: - setWeight: 30 - pause: { duration: 20s } - setWeight: 40 - pause: { duration: 10s } - setWeight: 60 - pause: { duration: 10s } - setWeight: 80 - pause: { duration: 5s } - setWeight: 90 - pause: { duration: 5s } - setWeight: 100 - pause: { duration: 5s } 49
  23. @kevindubois apiVersion: argoproj.io/v1alpha1 kind: AnalysisTemplate metadata: name: success-rate spec: args:

    - name: service-name metrics: - name: success-rate interval: 10s successCondition : len(result) == 0 || result[0] >= 0.95 failureLimit: 2 provider: prometheus: address: https://internal:[email protected]:9090 query: | sum(irate(istio_requests_total{ reporter="source", destination_service=~"{{args.service-name}}", response_code!~"5.*"}[30s]) ) 50 Metrics Based Rollouts
  24. @kevindubois Final Notes • State is always hard, start with

    stateless • Step by Step • Embrace GitOps • If you haven’t automatically destroyed something by mistake, you aren’t automating enough • Demos ◦ https://dn.dev/istio-tutorial ◦ https://github.com/kdubois/progressive-delivery ◦ https://github.com/redhat-developer-demos/bubbles-progressive-delivery ◦ github.com/redhat-developer-demos/quinoa-wind-turbine 52
  25. @kevindubois Start exploring in the OpenShift Sandbox. Learn containers, Kubernetes,

    and OpenShift in your browser. developers.redhat.com/developer-sandbox Try Red Hat's products and technologies without setup or configuration.
  26. @kevindubois 55 Learn OpenShift and all Cloud Native for free

    in our web based learning portal Resources Try OpenShift GitOps on our learning portal Red Hat Developers Deep Dive Join our workshops to explore Argo CD, Tekton, Kubernetes, Helm and more! Sign up at developers.redhat.com Find out more about Red Hat’s products and what it offers developers GitOps ebooks Find out more on GitOps with ebooks https://developers.redhat.com/e-books Get more about GitOps on Red Hat Developer Portal!