Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Using Helm to achieve frictionless deployments

Using Helm to achieve frictionless deployments

Slides for the talk presented at Continuous Lifecycle London 2020

https://continuouslifecycle.london/sessions/using-helm-to-achieve-frictionless-deployments/

Pauline Lallinec

July 15, 2020
Tweet

More Decks by Pauline Lallinec

Other Decks in Programming

Transcript

  1. Using Helm to achieve
    frictionless deployments
    Pauline Lallinec, Workday Public Cloud
    Continuous Lifecycle London, July 2020

    View full-size slide

  2. 99.96%
    uptime
    44 million
    users
    195 billion
    transactions*
    What is Workday?
    * FY20

    View full-size slide

  3. Software Engineer - DevOps
    Non-stop karaoke machine
    @plallin
    Workday + Public Cloud = Scylla
    Amazon AWS (US, EU, Canada) + Workday DC
    4 teams, 2 continents

    View full-size slide

  4. ● Overview of Kubernetes resources
    ● Helm: package manager for Kubernetes
    ● Helm chart structures
    ● The need for Helm charts release automation
    ● Overview of custom resources & custom controllers
    ● Example: Custom Helm release controllers
    ● Helm operators
    Agenda

    View full-size slide

  5. About Kubernetes
    “Kubernetes (K8s) is an
    open-source system for
    automating deployment,
    scaling, and management of
    containerized applications.”
    Long story short: it deploys
    and manages your (Docker)
    containers for you.

    View full-size slide

  6. About Kubernetes
    Kubernetes = YAML files
    apiVersion: apps/v1
    kind: Deployment
    metadata:
    name: my-app
    spec:
    replicas: 3
    template:
    spec:
    containers:
    - name: busybox
    image: busybox:latest
    ...

    View full-size slide

  7. About Kubernetes
    Packaging an application for
    Kubernetes:
    ● Deployment
    ● Service
    ● Configmaps
    ● ...

    View full-size slide

  8. About Kubernetes
    Solution: use a package
    manager
    ● Package application
    ● Delivery consistency
    ● Templating

    View full-size slide

  9. About Helm
    ● Package manager for Kubernetes
    ● Helm chart: a set of Kubernetes
    resources
    ● Helm release: a version of a Helm
    Chart
    ● 2 versions of Helm: Helm 2 and
    Helm 3
    ○ Favor using Helm 3

    View full-size slide

  10. Introducing unicorns
    A very simple app!
    The app
    One single HTML page showing a unicorn,
    serviced by Python’s SimpleHTTPServer
    Kubernetes resources
    One deployment, with only 1 container
    containing the Unicorn app
    A service, to allow me access the website from
    my laptop
    3 versions: pink, blue, green

    View full-size slide

  11. The need for Helm release automation

    View full-size slide

  12. The need for Helm release automation
    Problem
    Need to ship more Kubernetes resources
    Solution
    Helm for Kubernetes packaging + versioning
    Next
    Deploy Helm releases reliably

    View full-size slide

  13. The need for Helm release automation
    Priority: reliability
    Solution
    Script handling upgrades & automatically
    rollbacks failed releases

    View full-size slide

  14. The need for Helm release automation
    Priority: reliability
    Solution
    Script handling upgrades & automatically
    rollbacks failed releases
    Problems
    ● Lack of automation
    ● Does not scale
    ● Additional server maintenance (Jenkins)

    View full-size slide

  15. The need for Helm release automation
    Requirements
    ● Automation
    ● Reliability
    ● Observability

    View full-size slide

  16. The need for Helm release automation
    Requirements
    ● Automation
    ● Reliability
    ● Observability
    Solution
    An in-cluster service to manage all incoming Helm
    releases
    Choices:
    ● Own custom controller
    ● Flux Helm Operator

    View full-size slide

  17. Building your own custom controller / operator
    What is it?
    ● Your own Kubernetes controller
    ● Running your own logic

    View full-size slide

  18. Building your own custom controller / operator
    Pros Cons
    Your own code, with ability to
    add custom features and
    logic
    Your own code, with
    responsibility to maintain and
    extend it
    Can manage non
    cloud-native services
    Initially, need to commit time
    to develop it
    Automated rollback
    Control over delivery

    View full-size slide

  19. Flux Helm Operator
    What is it?
    ● Operator offered by WeaveWorks
    ● Weave Flux: CI/CD for Helm charts
    ● Flux Helm Operator: Helm release manager

    View full-size slide

  20. Installing Flux Helm Operator
    Pros Cons
    Someone else’s code,
    benefitting from community
    inputs
    Someone else’s code
    Open source &
    community-driven
    In most companies, need to
    go through security review /
    approval process
    Production-ready Updates subjected to
    external PR review &
    approval
    Regularly updated by Fluxcd
    + community
    No control over delivery

    View full-size slide

  21. Custom resources &
    Custom controllers

    View full-size slide

  22. Custom resources
    A way to create custom objects that
    live within your cluster, and are handled
    by a custom controller running a logic
    of your own.
    (Ideally) CRDs responds to CRUD
    events (Create, Read, Update, Delete)
    and allow you to implement your own
    declarative API.

    View full-size slide

  23. Standalone CRDs
    ● Custom object with their own
    API endpoint
    ● Store / retrieve structured data
    CRDs + Custom controllers
    ● Declarative API
    Custom resource definitions

    View full-size slide

  24. Helm Releases
    ● Object type: HelmRelease
    ● Object definition:
    ○ Release name
    The name of the application
    ○ Release version
    The version of application
    Example: custom resources

    View full-size slide

  25. Custom resource definitions
    apiVersion: apiextensions.k8s.io/v1beta1
    kind: CustomResourceDefinition
    metadata:
    name: helmreleases.samplecontroller.k8s.io
    spec:
    group: samplecontroller.k8s.io
    version: v1alpha1
    names:
    kind: HelmRelease
    plural: helmreleases
    scope: Namespaced
    Custom object with their own API endpoint

    View full-size slide

  26. $ kubectl create -f helm_release_crd.yaml
    customresourcedefinition.apiextensions.k8s.io/helmreleases.sample
    controller.k8s.io created
    $ kubectl get crd
    NAME CREATED AT
    helmreleases.samplecontroller.k8s.io 2019-03-23T05:21:43Z
    Custom object with their own API endpoint
    Custom resource definitions

    View full-size slide

  27. apiVersion: samplecontroller.k8s.io/v1alpha1
    kind: HelmRelease
    metadata:
    name: unicorn-release
    spec:
    releaseVersion: pink
    releaseName: unicorn
    Store / retrieve structured data
    Custom resource definitions

    View full-size slide

  28. $ kubectl create -f unicorn-release-pink.yaml
    helmrelease.samplecontroller.k8s.io/unicorn-release created
    $ kubectl get helmreleases
    NAME AGE
    unicorn-release 36s
    Store / retrieve structured data
    Custom resource definitions

    View full-size slide

  29. $ kubectl describe helmrelease unicorn-release
    Name: unicorn-release
    Namespace: default
    API Version: samplecontroller.k8s.io/v1alpha1
    Kind: HelmRelease
    Metadata:
    ...
    Spec:
    Release Name: unicorn
    Release Version: pink
    Events:
    Store / retrieve structured data
    Custom resource definitions

    View full-size slide

  30. Custom controllers

    View full-size slide

  31. ● Watches the current state of the
    cluster
    ● Ensure desired state of cluster =
    current state of cluster
    ● If desired state ≠ current state, will
    take action to make them match
    Controller pattern

    View full-size slide

  32. ● Listen to any resource type
    ● Ensure existing state of resource
    type = desired state of resource type
    ● If desired state ≠ existing state, will
    take action to make existing state =
    desired state
    ● This is implemented using your
    own logic!
    Clone kubernetes/sample-controller from GitHub for an example of a
    sample controller
    Custom controllers

    View full-size slide

  33. Helm Release Controller
    ● Listen to CRDs of type HelmRelease
    ● Ensures all desired Helm releases are
    installed / upgraded
    ● Will install / upgrade the Helm release if
    not already installed / not upgraded to
    desired version
    Example: custom controllers

    View full-size slide

  34. ● Cluster logic remains within the
    cluster
    ● Declarative API: let the cluster
    manage itself
    ● No need for additional script /
    Jenkins job
    Helm Release Controller

    View full-size slide

  35. ● Automated rollback according to a
    logic of our own
    ● Allow for custom business logic
    ● (Helm 2 only) No need to install /
    maintain the Helm Client on
    different servers
    Helm Release Controller

    View full-size slide

  36. (Unicorn) HelmRelease
    New Helm Release?
    Y: Install Helm Release
    N: Upgrade Helm Release
    Unicorns CRD’d

    View full-size slide

  37. Unicorns CRD’d : the demo

    View full-size slide

  38. Clone of the existing Sample
    Controller from Kubernetes
    No update done to listeners, informers,
    event handlers, etc.
    Focus on SyncHandlers() which is
    responsible for ensuring that
    desired state = existing state
    kubernetes/sample-controller: https://github.com/kubernetes/sample-controller
    Helm Release Controller: the implementation

    View full-size slide

  39. Receive a CRD of type Helm Release
    Helm Release Controller: the implementation

    View full-size slide

  40. Get information on CRD of type HelmRelease
    Helm Release Controller: the implementation

    View full-size slide

  41. Get information about the current CRD (= desired state)
    Helm Release Controller: the implementation

    View full-size slide

  42. Install Helm release if it doesn’t already exist (= match desired state)
    Helm Release Controller: the implementation

    View full-size slide

  43. Check existing deployment (= existing state)
    Helm Release Controller: the implementation

    View full-size slide

  44. Upgrade existing release if necessary (= match desired state)
    Helm Release Controller: the implementation

    View full-size slide

  45. Update Helm Release status
    Helm Release Controller: the implementation

    View full-size slide

  46. Update Helm Release status
    Helm Release Controller: the implementation

    View full-size slide

  47. If an error happens, re-enqueue the event and retry later
    Helm Release Controller: the implementation

    View full-size slide

  48. Finally, return successful sync event
    Helm Release Controller: the implementation

    View full-size slide

  49. ● Choice of programming language
    ● Can enforce validation
    ● Can support /status and /scale
    subresources (and maybe /exec and
    /log in the future*)
    * https://github.com/kubernetes/kubernetes/issues/72637
    CRDs + Custom controllers: Other benefits

    View full-size slide

  50. Flux Helm Operator

    View full-size slide

  51. ● Extension to Weave Flux
    ● Essentially a custom controller built by Flux
    ● Open-source
    ● Production ready
    ● Handles rollback of failed Helm releases
    ● Uses GitOps flow
    ● Compatible with Helm 2 and Helm 3
    Flux Helm Operator

    View full-size slide

  52. Flux Helm Operator
    - Reacts to commits in a repo
    - Create a custom resource of type “HelmRelease”
    - The operator watches that resource and installs /
    upgrades the release in question

    View full-size slide

  53. Flux Helm Operator
    The HelmRelease custom resource:
    ● Offers many customization option
    ● Allows you to set up access to your chart
    repository
    ● Provides visibility on its status in `kubectl
    describe`
    https://github.com/fluxcd/helm-operator/blob/master/chart/helm-operator/README.md
    https://github.com/fluxcd/helm-operator/blob/master/deploy/crds.yaml

    View full-size slide

  54. ● Use cases for Helm
    ● Why we need Helm release automation
    ● Comparison of custom controllers vs Helm operators
    ● Overview of custom resources & custom controllers
    ● Example Helm release custom controllers
    ● Example Helm operator
    Key takeaways

    View full-size slide

  55. This presentation features not only my work,
    but my entire team’s work, and therefore I
    would like to recognize their contribution :-)
    Thank you
    Scylla + Fabrication Team
    Slide not included in the presentation

    View full-size slide

  56. Farouq
    Cathal
    Adrian
    Sathish
    David
    John
    Rob
    Lucas
    Joe
    Aideen
    Declan

    View full-size slide

  57. Thank you!
    Learn more more about
    engineering at Workday!
    medium.com/workday-engineering
    Learn more about
    opportunities at Workday!
    workday.com/careers
    Learn more about me!
    @plallin
    plallin.dev

    View full-size slide