Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Next-gen CI/CD with Gitops and Progressive Deli...

Next-gen CI/CD with Gitops and Progressive Delivery | Jfokus

Kevin Dubois

February 07, 2024
Tweet

More Decks by Kevin Dubois

Other Decks in Technology

Transcript

  1. @kevindubois Next-gen CI/CD with Gitops and Progressive Delivery Kevin Dubois

    Principal Developer Advocate, Red Hat @kevindubois
  2. @kevindubois Kevin Dubois ★ Java Champion ★ Principal Developer Advocate

    at Red Hat ★ Based in Belgium 󰎐 ★ Speak English, Dutch, French, Italian ★ Open Source Contributor (Quarkus, Camel, Knative, ..) ★ Community Organizer (BeJUG, BeCNCF) @[email protected] youtube.com/@thekevindubois linkedin.com/in/kevindubois github.com/kdubois @kevindubois.com
  3. @kevindubois CI / CD Build Test Security Checks Release Deploy

    Stage Deploy Prod Continuous Integration Continuous Delivery Manual
  4. @kevindubois Continuous Developer Flow Outer loop Inner loop Pull/Merge Request

    Production Build / Package Code Push Debug Code Review Build Deploy Security Tests Compliance Inner loop Outer loop Developer Test
  5. @kevindubois CI - CD - CD Build Test Security Checks

    Release Deploy Stage Deploy Prod Continuous Integration Continuous Delivery Continuous Deployment Manual Auto
  6. @kevindubois The application Push to give energy windmill Kafka Topic

    2.Sends the interaction Dashboard: Green Energy Nickname Team Push/Tap to generate energy Cars that need energy Two teams competing (top 5 players) First wins
  7. @kevindubois Architecture 3: Generate power (REST) Game Dashboard 1: Assign

    player Name & Team (REST) 6: Update dashboard (SSE) 2: Increment player cluster counter 4: Send power event 5: Receive power events
  8. @kevindubois Developer Flow Outer loop Inner loop Pull/Merge Request Production

    Build / Package Code Push Debug Code Review Build Deploy Security Tests Compliance Inner loop Outer loop Developer Test
  9. @kevindubois Serverless CI Containers Built for container apps and runs

    on Kubernetes Designed with microservices and distributed teams in mind DevOps Serverless Runs serverless with no CI/CD engine to manage and maintain
  10. @kevindubois Why Cloud-Native CI/CD? Traditional CI/CD Cloud-Native CI/CD Designed for

    Virtual Machines Designed for Containers and Kubernetes Require IT Ops for CI engine maintenance Pipeline as a service with no Ops overhead Plugins shared across CI engine Pipelines fully isolated from each other Plugin dependencies with undefined update cycles Everything lifecycled as container images No interoperability with Kubernetes resources Native Kubernetes resources Admin manages persistence Platform manages persistence Config baked into CI engine container Configured via Kubernetes ConfigMaps Declarative !
  11. @kevindubois Tekton is a Graduated Continuous Delivery Foundation project and

    follows the OpenSSF best practices. Contributions from Google, Red Hat, Cloudbees, IBM, Elastic, Puppet, and many more An open-source project for providing a set of shared and standard components for building Kubernetes-style CI/CD systems https://tekton.dev
  12. @kevindubois Step • Runs commands within container(builder image) • Mounts

    volumes, uses env vars • Eg. ‘mvn test’ or ‘git clone’ Task • A list of steps that are executed in sequential order • Takes inputs, outputs parameters Task Run • Runs a individual Task Pipeline • List of tasks defined to run in a certain order • Takes inputs, outputs parameters Pipeline Run • Runs a Pipeline Typed Decoupled Cloud Native Declarative Tekton Concepts
  13. @kevindubois apiVersion: tekton.dev/v1beta1 kind: Pipeline metadata: name: wind-turbine-pipeline spec: params:

    - name: MANIFESTS_GIT_REPO type: string tasks: - name: git-clone params: - name: url value: $(params.GIT_REPO) workspaces: - name: output workspace: source workspaces: - name: source
  14. @kevindubois Tekton CLI(tkn) •List and Describe • Pipeline • Resource

    • Task • Task Run • Pipeline Run •View logs • Task Run • Pipeline Run •https://github.com/tektoncd/cli
  15. @kevindubois What is GitOps? Treat everything as code Git is

    the single source of truth Operations through Git workflows
  16. @kevindubois CI/CD Engines Jenkins Spinnaker Tekton Concourse CI …... CI/CD

    versus GitOps Desired State Cluster State Observe State Take Action GitOps Engines ACM, ArgoCD, FluxCD Razee, Faros Desired State Cluster State
  17. @kevindubois ArgoCD Sync Monitor Detect drift Take action Argo CD

    is a declarative, GitOps continuous delivery tool for Kubernetes. Cluster and application configuration versioned in Git Automatically syncs configuration from Git to clusters Drift detection, visualization and correction
  18. @kevindubois Source Git Repository Image Registry CI Config Git Repository

    Kubernetes CD Pull Request / Commit Push Pull GitOps Application Delivery Model
  19. @kevindubois GitOps Application Delivery Model Push Pull Pull Request Source

    Git Repository Image Registry Config Git Repository Kubernetes Deploy Monitor Detect drift CD Take action
  20. @kevindubois What is Progressive Delivery? • No Big Bang •

    Deploy != Release • Metrics • Subset of Users
  21. @kevindubois Why Progressive Delivery? • Decreases Downtime • Limits the

    Tragedy • Deploy & Release to Production faster • Less mocking or setting up unreliable ‘fake’ services
  22. @kevindubois Blue - Green apiVersion: v1 kind: Service metadata: name:

    my-service labels: app: mystuff spec: ports: - name: http port: 8000 selector: inservice: mypods type: LoadBalancer apiVersion: apps/v1 kind: Deployment metadata: name: mynode-deployment spec: replicas: 1 selector: matchLabels: app: mynode template: metadata: labels: app: mynode spec: containers: - name: mynode image: quay.io/rhdevelopers/mynode:v1 ports: - containerPort : 8000 kubectl label pod -l app=mynode inservice=mypods 52
  23. @kevindubois Controlling Microservices with a Service Mesh Code Independent (Polyglot)

    • Intelligent Routing and Load-Balancing • Smarter Canary Releases • Dark Launch • Chaos: Fault Injection • Resilience: Circuit Breakers • Observability & Telemetry: Metrics and Tracing • Security: Encryption & Authorization • Fleet wide policy enforcement 55
  24. @kevindubois Istio Architecture Control Plane The data plane is composed

    of a set of intelligent proxies (Envoy) deployed as sidecars. These proxies mediate and control all network communication between microservices. They also collect and report telemetry on all mesh traffic. The control plane manages and configures the proxies to route traffic. Data Plane
  25. @kevindubois Pod Container JVM Service A Sidecar Container Pod Container

    JVM Service C Sidecar Container Pod Container JVM Service B Sidecar Container The sidecar intercepts all network traffic 57
  26. @kevindubois Canary Release apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: recommendation

    spec: hosts: - recommendation http: - route: - destination: host: recommendation subset: version-v1 weight: 75 - destination: host: recommendation subset: version-v2 weight: 25 58
  27. @kevindubois Shadowing Traffic apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: recommendation

    spec: hosts: - recommendation http: - route: - destination: host: recommendation subset: version-v1 mirror: host: recommendation subset: version-v2 59
  28. @kevindubois Dark Canary apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: recommendation

    spec: hosts: - recommendation http: - match: - headers: end-user: exact: Alexandra route: - destination: host: recommendation subset: version-v2 - route: - destination: host: recommendation subset: version-v1 60
  29. @kevindubois Rolling out automatically apiVersion: argoproj.io/v1alpha1 kind: Rollout metadata: name:

    rollouts-demo labels: app: rollouts-demo spec: strategy: canary: steps: - setWeight: 20 - pause: duration: "1m" - setWeight: 50 - pause: duration: "2m" canaryService: rollouts-demo-canary stableService: rollouts-demo-backend trafficRouting: istio: virtualService: name: rollout-vsvc routes: - primary … 64
  30. @kevindubois Metrics Based Rollouts strategy: canary: analysis: args: - name:

    service-name value: rollouts-demo-canary.canary.svc.cluster.local templates: - templateName: success-rate canaryService: rollouts-demo-canary stableService: rollouts-demo-stable trafficRouting: istio: virtualService: name: rollout-vsvc routes: - primary steps: - setWeight: 30 - pause: { duration: 20s } - setWeight: 40 - pause: { duration: 10s } - setWeight: 60 - pause: { duration: 10s } - setWeight: 80 - pause: { duration: 5s } - setWeight: 90 - pause: { duration: 5s } - setWeight: 100 - pause: { duration: 5s } 66
  31. @kevindubois apiVersion: argoproj.io/v1alpha1 kind: AnalysisTemplate metadata: name: success-rate spec: args:

    - name: service-name metrics: - name: success-rate interval: 10s successCondition: len(result) == 0 || result[0] >= 0.95 failureLimit: 2 provider: prometheus: address: https://internal:[email protected]:9090 query: | sum(irate(istio_requests_total{ reporter="source", destination_service=~"{{args.service-name}}", response_code!~"5.*"}[30s]) ) Metrics Based Rollouts 67
  32. @kevindubois Final Notes • State is always hard ◦ start

    with stateless; work with features; non-destructive schema changes; event-driven architectures (use eg. Debezium to work with ‘classic’ DBs). • Step by Step • Embrace GitOps • If you haven’t automatically destroyed something by mistake, you aren’t automating enough • Demos ◦ https://dn.dev/istio-tutorial ◦ https://github.com/kdubois/progressive-delivery ◦ https://github.com/redhat-developer-demos/bubbles-progressive-delivery ◦ github.com/redhat-developer-demos/quinoa-wind-turbine 69
  33. @kevindubois Start exploring in the OpenShift Sandbox. Learn containers, Kubernetes,

    and OpenShift in your browser. developers.redhat.com/developer-sandbox Try Red Hat's products and technologies without setup or configuration.
  34. @kevindubois Join Red Hat Developer. Build here. Go anywhere. facebook.com/RedHatDeveloper

    youtube.com/RedHatDevelopers twitter.com/rhdevelopers linkedin.com/showcase/red-hat-developer Thank you!