Continuous Delivery to Kubernetes DEPLOYMENT INTERFACES Lothar Schulz @lothar_schulz Continuous Lifecycle 2018-11-15

2 WE ARE CONSTANTLY INNOVATING TECHNOLOGY HOME-BREWED, CUTTING-EDGE & SCALABLE technology solutions ~ 2,000 employees from tech locations (HQs in Berlin) 7 77 nations revenue 2017 ~ 4.5billion EUR

3

4 Me Engineering Lead at Zalando Code ● https://github.com/zalando ● https://github.com/lotharschulz @lothar_schulz lotharschulz.info

5 CI/CD @ ZALANDO STUPS (toolset around AWS) Kubernetes Lizzy & CloudLobster Lizzy

6 Deployment Format

7 Dependency $ cat Dockerfile # "latest" will be used when --build-arg is omitted ARG BASE_IMAGE_VERSION=latest FROM registry.opensource.zalan.do/stups/python: ${BASE_IMAGE_VERSION} …

8 Deployment & Integration descriptor ~/zalando/dev/ghe-backup-deploy on master $ filetree README.md delivery.yaml deploy |-deploy apply |---apply kube|secret.yaml statefulset.yaml

9 Trigger

10 SCM integration - ….

11 Compliance In general, compliance means conforming to a rule, such as a specification, policy, standard or law. https://en.wikipedia.org/wiki/Regulatory_compliance

12 Tests $ cat delivery.yaml version: "2017-09-20" ….. - desc: "run tests" cmd: | nosetests -w python

13 Credentials $ cat delivery.yaml version: "2017-09-20" - desc: "build and push docker images" cmd: | PIERONE_NAMESPACE=pierone.stups.zalan.do/machinery BASE_IMAGE=$PIERONE_NAMESPACE/ghe-backup IMAGE=$BASE_IMAGE:cdp-${CDP_BUILD_VERSION} CACHE_IMAGE=$BASE_IMAGE:latest docker build --cache-from $CACHE_IMAGE -t $CACHE_IMAGE -t $IMAGE -f Dockerfile . if [ -z "$CDP_PULL_REQUEST_NUMBER" ]; then docker push $IMAGE echo "$IMAGE pushed" else ... fi

14 Build AWS Credentials & Setup Continuous Delivery to Kubernetes at Zalando CICD-Meetup 20170920 source code management system Controller code change trigger Builder Proxy Docker Registry Worker VMs token injection schedules and monitors tasks source code checkout task execution image upload

15 Build AWS Credentials & Setup Continuous Delivery to Kubernetes at Zalando CICD-Meetup 20170920 source code management system Controller code change trigger Builder Proxy Docker Registry Worker VMs token injection schedules and monitors tasks source code checkout task execution image upload

16 Git Branches & Pull Requests Builds branch 1 branch 2

17 Git Branches & Pull Requests Builds branch 1 branch 2 Poll PR until mergeable is true https://developer.github.com/v3/pulls/#response-1 https://developer.github.com/v3/git/#checking-mergeability-of-pull-requests

18 Git Branches & Pull Requests Builds branch 1 branch 2 reference is not a tree reference ?

19 Git Branches & Pull Requests Builds branch 1 branch 2 commits without reference can’t be accessed https://developer.github.com/v3/git/refs/#create-a-reference

20 Git Branches & Pull Requests Builds branch 1 branch 2 merge A & B in worker VMs/nodes A B

21 Hands off operations $ zkubectl get po | grep cdp-controller cdp-controller-7985fd799f-4jpbz cdp-controller-7985fd799f-rgpf8

22 Traffic https://github.com/zalando-incubator/stackset-controller

23 polling must die Don’t call us, we notify you.

24 AWS S3 control access via IAM roles provision roles in AWS accounts change request cache control headers object store

25 • creates git repository • configures zappr • creates a deployment descriptor • can create K8s manifests • deploys app to test cluster • creates default monitoring repository creator

26 Support round robin

27 Culture Focus on single customer group Autonomy doesn’t work without a corresponding accountability model End to End Ownership Autonomy has to be learned and earned

28 Culture

29 - build https://github.com/zalando/ghe-backup - delivery.yaml - deploy to k8s with Github Enterprise feedback - delivery.yaml - I’m sure you have questions https://www.flickr.com/photos/eyecatcherfotosde/2539793798 @lothar_schulz lotharschulz.info