Slide 1

Slide 1 text

Confidential │ © 2020 VMware, Inc. The CI/CD Experience Kubernetes Edition SpringOne Tour 2020 Cora Iberkleid Developer Advocate Andreas Evers Senior Solutions Architect

Slide 2

Slide 2 text

2 Confidential │ © 2020 VMware, Inc. With Kubernetes, everything from deployment to monitoring to scaling is more standardized and inherently easier to automate. This presents the possibility to achieve a more effective and comprehensive Continuous Integration (CI) and Continuous Delivery (CD) experience. We can incorporate the practice of infrastructure-as-code and take advantage of a flourishing ecosystem of tools to improve and fully automate our application deployment strategies. In this session, we'll tour the landscape of new Kubernetes-centric tooling, including Tekton, Kustomize, and ArgoCD. We'll also explore how GitOps can be leveraged for CI/CD.

Slide 3

Slide 3 text

Confidential │ © 2020 VMware, Inc. Agenda 3 Day 1 9:00 AM–11:00 AM PDT Building Images Configuration Management GitOps & Continuous operations Automated image management Workflow automation ChatOps Integrated solutions & Opinionated pipelines Homework! Day 2 9:00 AM–10:00 AM PDT Fireside Chat with Lyle Murphy, Mark Fisher, Mark Pollack, and Paul Czarkowski

Slide 4

Slide 4 text

4 Confidential │ © 2020 VMware, Inc. Introduction

Slide 5

Slide 5 text

Confidential │ © 2020 VMware, Inc. 5 change ? path to production prod code

Slide 6

Slide 6 text

Confidential │ © 2020 VMware, Inc. 6 change ? path to production prod code path to prod the things you need to do to confidently deploy code to production

Slide 7

Slide 7 text

Confidential │ © 2020 VMware, Inc. 7 change path to production prod code path to prod the things you need to do to confidently deploy code to production deploy ?

Slide 8

Slide 8 text

Confidential │ © 2020 VMware, Inc. 8 change path to production prod code path to prod the things you need to do to confidently deploy code to production test deploy

Slide 9

Slide 9 text

Confidential │ © 2020 VMware, Inc. 9 change path to production prod code path to prod the things you need to do to confidently deploy code to production test package deploy

Slide 10

Slide 10 text

Confidential │ © 2020 VMware, Inc. 10 change path to production prod code path to prod the things you need to do to confidently deploy code to production test package deploy test deploy

Slide 11

Slide 11 text

Confidential │ © 2020 VMware, Inc. 11 change path to production prod code path to prod the things you need to do to confidently deploy code to production test package deploy test deploy promote

Slide 12

Slide 12 text

Confidential │ © 2020 VMware, Inc. 12 change path to production prod code path to prod the things you need to do to confidently deploy code to production test package deploy test deploy promote reviews pull request feature branch

Slide 13

Slide 13 text

Confidential │ © 2020 VMware, Inc. 13 change path to production prod code path to prod the things you need to do to confidently deploy code to production test package deploy test deploy promote rollback test strategic rollout reviews pull request feature branch

Slide 14

Slide 14 text

Confidential │ © 2020 VMware, Inc. 14 change path to production prod code path to prod the things you need to do to confidently deploy code to production test package deploy test deploy promote rollback test strategic rollout reviews pull request feature branch declared state maintain

Slide 15

Slide 15 text

15 Confidential │ © 2020 VMware, Inc. Demo Preview

Slide 16

Slide 16 text

Confidential │ © 2020 VMware, Inc. 16 change demo implementation prod code test package deploy test deploy promote rollback test strategic rollout reviews pull request feature branch declared state maintain

Slide 17

Slide 17 text

Confidential │ © 2020 VMware, Inc. 17 change demo implementation prod code test package deploy test deploy promote rollback test strategic rollout reviews pull request feature branch declared state maintain kubernetes infrastructure as code self-healing extensible api

Slide 18

Slide 18 text

Confidential │ © 2020 VMware, Inc. 18 change demo implementation prod code test package deploy test deploy promote rollback test strategic rollout reviews pull request feature branch declared state maintain git source of truth version control pull/merge request flows triggers

Slide 19

Slide 19 text

Confidential │ © 2020 VMware, Inc. 19 change demo implementation prod code test package deploy test deploy promote rollback test strategic rollout reviews pull request feature branch declared state maintain gitops declarative desired state continuous operations

Slide 20

Slide 20 text

Confidential │ © 2020 VMware, Inc. 20 test change prod code package deploy test deploy promote rollback test strategic rollout reviews pull request feature branch declared state maintain demo implementation argo deploy to kubernetes detect/repair divergence

Slide 21

Slide 21 text

Confidential │ © 2020 VMware, Inc. 21 test change prod code package deploy test deploy promote rollback test strategic rollout reviews pull request feature branch declared state maintain demo implementation tekton pipelined workflows

Slide 22

Slide 22 text

Confidential │ © 2020 VMware, Inc. 22 test change prod code package deploy test deploy promote rollback test strategic rollout reviews pull request feature branch declared state maintain demo implementation kpack build images autonomous rebuilds patch OS at scale

Slide 23

Slide 23 text

Confidential │ © 2020 VMware, Inc. 23 App Git Repo Code change Docker Hub Dockerfile docker build & push kubectl apply manifests baseline

Slide 24

Slide 24 text

Confidential │ © 2020 VMware, Inc. 24 App Git Repo Code change Docker Hub Dockerfile docker build & push kubectl apply manifests deployment artifact Image artifact

Slide 25

Slide 25 text

25 Confidential │ © 2020 VMware, Inc. Image as the Artifact

Slide 26

Slide 26 text

Confidential │ © 2020 VMware, Inc. + Libs/Packages + Runtime/Middleware + Container OS Libs/Packages + Runtime/Middleware + VM Guest OS Kubernetes + Host OS Build Deploy App Artifact Code context

Slide 27

Slide 27 text

Confidential │ © 2020 VMware, Inc. Package dependencies with application. Standardize application packaging and runtime environment. HOW App and all dependencies Image Container build run deployment artifact runtime instance WHY Deploy & run software in a repeatable and reliable manner across computers. containerization

Slide 28

Slide 28 text

28 Confidential │ © 2020 VMware, Inc. Building Images Demo

Slide 29

Slide 29 text

Confidential │ © 2020 VMware, Inc. Tool that makes buildpack functionality available to end-users. Simply stated: We interact with a platform in order to use buildpacks. Components that provide runtime support for applications. More generally: Modular way of adding arbitrary content and behavior into an image, while ensuring that it's manageable, auditable, repeatable, and reliable. Platform Buildpacks

Slide 30

Slide 30 text

Confidential │ © 2020 VMware, Inc. 30 ● CNCF Sandbox project initiated by Pivotal and Heroku in 2018 ○ Contributors include Google, Microsoft, and others ● Well-defined platform-to-buildpack contract to take source code and output OCI images ● Focus on how to orchestrate builds, not how to run an app ● Unified standard to enable ecosystem of platforms and modular buildpacks ● Optimize for fast rebuilds, minimal data transfer, and efficient OS rebasing Cloud Native Buildpacks (CNB)

Slide 31

Slide 31 text

Confidential │ © 2020 VMware, Inc. 31 App Git Repo Code change Docker Hub Image kubectl apply dev manifests deployment dev Deploy

Slide 32

Slide 32 text

32 Confidential │ © 2020 VMware, Inc. Deployment Demo

Slide 33

Slide 33 text

33 Confidential │ © 2020 VMware, Inc. Configuration Management

Slide 34

Slide 34 text

Confidential │ © 2020 VMware, Inc. 34 App Git Repo Code change Docker Hub Image kubectl apply dev manifests code duplication dev

Slide 35

Slide 35 text

Confidential │ © 2020 VMware, Inc. 35 App Git Repo Code change Docker Hub Image kubectl apply dev manifests manual build & deploy dev prod

Slide 36

Slide 36 text

Confidential │ © 2020 VMware, Inc. 36 App Git Repo Code change Docker Hub Image kubectl apply dev manifests manual build & deploy dev prod prod manifests

Slide 37

Slide 37 text

Confidential │ © 2020 VMware, Inc. 37 App Git Repo Code change Docker Hub Image kubectl apply dev manifests manual build & deploy dev prod prod manifests

Slide 38

Slide 38 text

Confidential │ © 2020 VMware, Inc. 38 Does one thing well Cleanly separates static resources (fixed), the resource changes (overlay), and the config that combines them (kustomize) Kubernetes native configuration management Kustomize ● ConfigMap lifecycle mgmt ● Part of kubectl ● Simplicity ● Transformers ● Not every part of the resources are “selectable” for changes

Slide 39

Slide 39 text

Confidential │ © 2020 VMware, Inc. 39 App Git Repo Code change Docker Hub Image kubectl apply dev overlays configuration customization dev prod prod overlays base manifests

Slide 40

Slide 40 text

40 Confidential │ © 2020 VMware, Inc. Configuration Management Demo

Slide 41

Slide 41 text

Confidential │ © 2020 VMware, Inc. 41 Primarily a Package Manager (Charts), used for configuration customization as well Parameterized kubernetes resources + values.yml files for different environments Lots of {{-if / else}} switches The Kubernetes Package Manager Helm ● Excellent for deploying OTS software ● Unreadable GoLang templating (example) ● Mandatory semver ● Not great for CD ● Non-declarative by default

Slide 42

Slide 42 text

Confidential │ © 2020 VMware, Inc. 42 App Git Repo Code change Docker Hub Image kubectl apply dev manifests manual build & deploy dev prod prod manifests

Slide 43

Slide 43 text

Confidential │ © 2020 VMware, Inc. 43 App Git Repo Code change Docker Hub Image kubectl apply dev overlays declarative configuration dev prod prod overlays base manifests

Slide 44

Slide 44 text

Confidential │ © 2020 VMware, Inc. 44 App Git Repo Code change Docker Hub Image kubectl apply dev overlays declarative configuration dev prod prod overlays base manifests Desired state

Slide 45

Slide 45 text

45 Confidential │ © 2020 VMware, Inc. GitOps

Slide 46

Slide 46 text

Confidential │ © 2020 VMware, Inc. 46 #1. The entire system described declaratively. Kubernetes is just one example of many modern cloud native tools that are “declarative” and that can be treated as code. Declarative means that configuration is guaranteed by a set of facts instead of by a set of instructions. With your application’s declarations versioned in Git, you have a single source of truth. Your apps can then be easily deployed and rolled back to and from Kubernetes. And even more importantly, when disaster strikes, your cluster’s infrastructure can also be dependably and quickly reproduced. #2. The canonical desired system state versioned in Git. With the declaration of your system stored in a version control system, and serving as your canonical source of truth, you have a single place from which everything is derived and driven. This trivializes rollbacks; where you can use a `Git revert` to go back to your previous application state. With Git’s excellent security guarantees, you can also use your SSH key to sign commits that enforce strong security guarantees about the authorship and provenance of your code. #3. Approved changes that can be automatically applied to the system. Once you have the declared state kept in Git, the next step is to allow any changes to that state to be automatically applied to your system. What's significant about this is that you don't need cluster credentials to make a change to your system. With GitOps, there is a segregated environment of which the state definition lives outside. This allows you to separate what you do and how you're going to do it. #4. Software agents to ensure correctness and alert on divergence. Once the state of your system is declared and kept under version control, software agents can inform you whenever reality doesn’t match your expectations. The use of agents also ensures that your entire system is self-healing. And by self-healing, we don’t just mean when nodes or pods fail—those are handled by Kubernetes—but in a broader sense, like in the case of human error. In this case, software agents act as the feedback and control loop for your operations. Four Principles of GitOps GitOps

Slide 47

Slide 47 text

Confidential │ © 2020 VMware, Inc. 47 INSTRUCTIONS 1. From city center, turn onto Route 4 north. 2. At the traffic circle, take the first exit 3. At the first light, turn right. 4. Take the first available right turn. 5. At the traffic circle, start in the left lane and take the third exit. 6. The library is the first building on that road. How to get to the library? Imperative vs. Declarative FACTS ● The library is located at 10 Community Way East Greenbush, NY 12061 United States uninvolved instructor, smart engine can recover from any starting point smart instructor, dumb engine must begin at starting point

Slide 48

Slide 48 text

Confidential │ © 2020 VMware, Inc. 48 IMPERATIVE ● kubectl create … ● kubectl run … ● kubectl expose … ● kubectl edit … ● kubectl patch ... ● kubectl label … ● kubectl scale … ● kubectl annotate … How to get to the desired state? Imperative vs. Declarative DECLARATIVE ● kubectl apply … Controllers are the smart engines that converge running resources to desired state ✓ Great for creating reproducible deployments ✓ Great for creating yamls, troubleshooting, learning, experimentation

Slide 49

Slide 49 text

Confidential │ © 2020 VMware, Inc. 49 #1. The entire system described declaratively. Kubernetes is just one example of many modern cloud native tools that are “declarative” and that can be treated as code. Declarative means that configuration is guaranteed by a set of facts instead of by a set of instructions. With your application’s declarations versioned in Git, you have a single source of truth. Your apps can then be easily deployed and rolled back to and from Kubernetes. And even more importantly, when disaster strikes, your cluster’s infrastructure can also be dependably and quickly reproduced. #2. The canonical desired system state versioned in Git. With the declaration of your system stored in a version control system, and serving as your canonical source of truth, you have a single place from which everything is derived and driven. This trivializes rollbacks; where you can use a `Git revert` to go back to your previous application state. With Git’s excellent security guarantees, you can also use your SSH key to sign commits that enforce strong security guarantees about the authorship and provenance of your code. #3. Approved changes that can be automatically applied to the system. Once you have the declared state kept in Git, the next step is to allow any changes to that state to be automatically applied to your system. What's significant about this is that you don't need cluster credentials to make a change to your system. With GitOps, there is a segregated environment of which the state definition lives outside. This allows you to separate what you do and how you're going to do it. #4. Software agents to ensure correctness and alert on divergence. Once the state of your system is declared and kept under version control, software agents can inform you whenever reality doesn’t match your expectations. The use of agents also ensures that your entire system is self-healing. And by self-healing, we don’t just mean when nodes or pods fail—those are handled by Kubernetes—but in a broader sense, like in the case of human error. In this case, software agents act as the feedback and control loop for your operations. Four Principles of GitOps GitOps

Slide 50

Slide 50 text

Confidential │ © 2020 VMware, Inc. 50 ➔ Code vs configuration ➔ Separation of access, cleaner audit logs ➔ Enables modular pipelines (“elbow joints”) ➔ Trigger action based on different life cycles ➔ Makes sense for coupled deployments comprised out of multiple repositories Separate repositories

Slide 51

Slide 51 text

Confidential │ © 2020 VMware, Inc. 51 #1. The entire system described declaratively. Kubernetes is just one example of many modern cloud native tools that are “declarative” and that can be treated as code. Declarative means that configuration is guaranteed by a set of facts instead of by a set of instructions. With your application’s declarations versioned in Git, you have a single source of truth. Your apps can then be easily deployed and rolled back to and from Kubernetes. And even more importantly, when disaster strikes, your cluster’s infrastructure can also be dependably and quickly reproduced. #2. The canonical desired system state versioned in Git. With the declaration of your system stored in a version control system, and serving as your canonical source of truth, you have a single place from which everything is derived and driven. This trivializes rollbacks; where you can use a `Git revert` to go back to your previous application state. With Git’s excellent security guarantees, you can also use your SSH key to sign commits that enforce strong security guarantees about the authorship and provenance of your code. #3. Approved changes that can be automatically applied to the system. Once you have the declared state kept in Git, the next step is to allow any changes to that state to be automatically applied to your system. What's significant about this is that you don't need cluster credentials to make a change to your system. With GitOps, there is a segregated environment of which the state definition lives outside. This allows you to separate what you do and how you're going to do it. #4. Software agents to ensure correctness and alert on divergence. Once the state of your system is declared and kept under version control, software agents can inform you whenever reality doesn’t match your expectations. The use of agents also ensures that your entire system is self-healing. And by self-healing, we don’t just mean when nodes or pods fail—those are handled by Kubernetes—but in a broader sense, like in the case of human error. In this case, software agents act as the feedback and control loop for your operations. Principles of GitOps GitOps

Slide 52

Slide 52 text

Confidential │ © 2020 VMware, Inc. 52 #1. The entire system described declaratively. Kubernetes is just one example of many modern cloud native tools that are “declarative” and that can be treated as code. Declarative means that configuration is guaranteed by a set of facts instead of by a set of instructions. With your application’s declarations versioned in Git, you have a single source of truth. Your apps can then be easily deployed and rolled back to and from Kubernetes. And even more importantly, when disaster strikes, your cluster’s infrastructure can also be dependably and quickly reproduced. #2. The canonical desired system state versioned in Git. With the declaration of your system stored in a version control system, and serving as your canonical source of truth, you have a single place from which everything is derived and driven. This trivializes rollbacks; where you can use a `Git revert` to go back to your previous application state. With Git’s excellent security guarantees, you can also use your SSH key to sign commits that enforce strong security guarantees about the authorship and provenance of your code. #3. Approved changes that can be automatically applied to the system. Once you have the declared state kept in Git, the next step is to allow any changes to that state to be automatically applied to your system. What's significant about this is that you don't need cluster credentials to make a change to your system. With GitOps, there is a segregated environment of which the state definition lives outside. This allows you to separate what you do and how you're going to do it. #4. Software agents to ensure correctness and alert on divergence. Once the state of your system is declared and kept under version control, software agents can inform you whenever reality doesn’t match your expectations. The use of agents also ensures that your entire system is self-healing. And by self-healing, we don’t just mean when nodes or pods fail—those are handled by Kubernetes—but in a broader sense, like in the case of human error. In this case, software agents act as the feedback and control loop for your operations. Principles of GitOps GitOps

Slide 53

Slide 53 text

Confidential │ © 2020 VMware, Inc. 53 #1. The entire system described declaratively. Kubernetes is just one example of many modern cloud native tools that are “declarative” and that can be treated as code. Declarative means that configuration is guaranteed by a set of facts instead of by a set of instructions. With your application’s declarations versioned in Git, you have a single source of truth. Your apps can then be easily deployed and rolled back to and from Kubernetes. And even more importantly, when disaster strikes, your cluster’s infrastructure can also be dependably and quickly reproduced. #2. The canonical desired system state versioned in Git. With the declaration of your system stored in a version control system, and serving as your canonical source of truth, you have a single place from which everything is derived and driven. This trivializes rollbacks; where you can use a `Git revert` to go back to your previous application state. With Git’s excellent security guarantees, you can also use your SSH key to sign commits that enforce strong security guarantees about the authorship and provenance of your code. #3. Approved changes that can be automatically applied to the system. Once you have the declared state kept in Git, the next step is to allow any changes to that state to be automatically applied to your system. What's significant about this is that you don't need cluster credentials to make a change to your system. With GitOps, there is a segregated environment of which the state definition lives outside. This allows you to separate what you do and how you're going to do it. #4. Software agents to ensure correctness and alert on divergence. Once the state of your system is declared and kept under version control, software agents can inform you whenever reality doesn’t match your expectations. The use of agents also ensures that your entire system is self-healing. And by self-healing, we don’t just mean when nodes or pods fail—those are handled by Kubernetes—but in a broader sense, like in the case of human error. In this case, software agents act as the feedback and control loop for your operations. Principles of GitOps GitOps

Slide 54

Slide 54 text

Confidential │ © 2020 VMware, Inc. 54 App Git Repo Code change Docker Hub Image kubectl apply dev overlays dev prod prod overlays base manifests Desired state declarative configuration

Slide 55

Slide 55 text

Confidential │ © 2020 VMware, Inc. 55 App Git Repo Code change Docker Hub Image kubectl apply dev overlays dev prod prod overlays base manifests Desired state Desired state assurance Argo CD state reconciliation

Slide 56

Slide 56 text

56 Confidential │ © 2020 VMware, Inc. GitOps Demo

Slide 57

Slide 57 text

57 Confidential │ © 2020 VMware, Inc. Continuous Operations Demo

Slide 58

Slide 58 text

Confidential │ © 2020 VMware, Inc. 58 Concept of Application (set of Kubernetes resources) Uses CRDs to store this information Focused on enterprise application deployments Provides UI with enterprise authentication capabilities ArgoCD

Slide 59

Slide 59 text

Confidential │ © 2020 VMware, Inc. 59 Doesn’t have the Application context, Flux is used primarily to bootstrap clusters where the application layer hasn’t necessarily been deployed yet Can scan image repositories for new versions and update the cluster automatically Intentionally doesn’t provide a UI Weave Flux

Slide 60

Slide 60 text

Confidential │ © 2020 VMware, Inc. 60 Moving common components into a separate repository Both projects will start to depend on this repository internally Best of both worlds Argo Flux GitOps Engine First focus is Kubernetes integration logic, next up will be Git integrations Eventually one user-facing solution will emerge Will be part of the CNCF

Slide 61

Slide 61 text

Confidential │ © 2020 VMware, Inc. 61 App Git Repo Code change Docker Hub Image dev overlays state reconciliation dev prod prod overlays base manifests Desired state Desired state assurance Argo CD

Slide 62

Slide 62 text

Confidential │ © 2020 VMware, Inc. 62 kpack App Git Repo Code change dev overlays image management dev prod prod overlays base manifests Desired state Desired state assurance Argo CD Autonomous image management Image

Slide 63

Slide 63 text

63 Confidential │ © 2020 VMware, Inc. 5 min break

Slide 64

Slide 64 text

Confidential │ © 2020 VMware, Inc. 64 kpack App Git Repo Code change dev overlays image management dev prod prod overlays base manifests Desired state Desired state assurance Argo CD Autonomous image management Image

Slide 65

Slide 65 text

65 Confidential │ © 2020 VMware, Inc. Automated Image Management

Slide 66

Slide 66 text

Confidential │ © 2020 VMware, Inc. builder image buildpacks platform run image * Cloud Native Buildpacks

Slide 67

Slide 67 text

Confidential │ © 2020 VMware, Inc. pack builder image buildpacks platform run image * Cloud Native Buildpacks

Slide 68

Slide 68 text

Confidential │ © 2020 VMware, Inc. pack kpack Spring Boot Tekton Tanzu Build Service az acr pack Google Cloud Run Button builder image buildpacks platform run image * Platform Ecosystem Buildpacks Ecosystem Cloud Native Buildpacks

Slide 69

Slide 69 text

Confidential │ © 2020 VMware, Inc. pack kpack Spring Boot Tekton Tanzu Build Service az acr pack Google Cloud Run Button builder image buildpacks platform run image * Platform Ecosystem Buildpacks Ecosystem Cloud Native Buildpacks

Slide 70

Slide 70 text

Confidential │ © 2020 VMware, Inc. 70 kpack: Buildpacks as a Service ● Automatically rebuild images based on changes in inputs ● Efficiently rebase OS layers with a CVE hotfix (new run-image) ● Consistent, repeatable, transparent and secure builds -- at scale Hosted, Centralized, Automated

Slide 71

Slide 71 text

Confidential │ © 2020 VMware, Inc. run image run image new run image app/bp layers rebase id1 id2 Rebase - OS CVE Patches Platform

Slide 72

Slide 72 text

72 Confidential │ © 2020 VMware, Inc. kpack Demo

Slide 73

Slide 73 text

Confidential │ © 2020 VMware, Inc. 73 kpack App Git Repo Code change dev overlays workflow automation dev prod prod overlays base manifests Argo CD Image ?

Slide 74

Slide 74 text

Confidential │ © 2020 VMware, Inc. 74 kpack App Git Repo Code change dev overlays workflow automation dev prod prod overlays base manifests Argo CD Image Workflow automation Build Test Lint

Slide 75

Slide 75 text

Confidential │ © 2020 VMware, Inc. 75 kpack App Git Repo Code change dev overlays workflow automation dev prod prod overlays base manifests Argo CD Image Workflow automation Build Test Lint ?

Slide 76

Slide 76 text

Confidential │ © 2020 VMware, Inc. 76 kpack App Git Repo Code change dev overlays workflow automation dev prod prod overlays base manifests Argo CD Image Workflow automation Build Test Lint Promote

Slide 77

Slide 77 text

77 Confidential │ © 2020 VMware, Inc. Workflow Automation

Slide 78

Slide 78 text

Confidential │ © 2020 VMware, Inc. 78 Jenkins Pipeline - Stage - Step Concourse Resource - Job - Task Spinnaker Stage - Step - Task CircleCI Workflow - Job - Step Workflow Automation GitLab CI Stage - Job Travis Stage - Job ⬤ ⬤ ⬤

Slide 79

Slide 79 text

Confidential │ © 2020 VMware, Inc. 79 Jenkins Pipeline - Stage - Step Concourse Resource - Job - Task Spinnaker Stage - Step - Task CircleCI Workflow - Job - Step Workflow Automation GitLab CI Stage - Job Travis Stage - Job Tekton Pipeline - Task - Step ⬤ ⬤ ⬤

Slide 80

Slide 80 text

Confidential │ © 2020 VMware, Inc. 80 Generic workflow engine utilizing CRDs, happens to be really good at CD with Kubernetes Standardization of pipelines native to Kubernetes Provides other building blocks than pipelines as well Kubernetes-native Workflow Engine Tekton

Slide 81

Slide 81 text

Confidential │ © 2020 VMware, Inc. 81 Event Listener Trigger Template Pipeline Run Trigger Binding Pipeline Run Pipeline Pipeline Run Task Task ⬤ ⬤ ⬤ Task Task Run Task Run Task Run Task Run Task Run Task Run Tekton Pipelines Task Run Task Run Task Run ⬤ ⬤ ⬤ ⬤ ⬤ ⬤ ⬤ ⬤ ⬤ ⬤ ⬤ ⬤ ⬤ ⬤ ⬤ Step ⬤ ⬤ ⬤ Step Step ⬤ ⬤ ⬤ Step Step ⬤ ⬤ ⬤ Step Pipeline Resource Pipeline Resource Pipeline Resource ⬤ ⬤ ⬤ Icon: Mihail Zhukov

Slide 82

Slide 82 text

Confidential │ © 2020 VMware, Inc. 82 App Git Repo Code change Tekton Build Event Listener Trigger Template Trigger Binding Pipeline Pipeline Run Golang Test Task Golang Lint Task Update Revision Task Git Clone Task Argo CD Golang Test Task Run Golang Lint Task Run Update Revision Task Run Git Clone Task Run Ops Git Repo Image App kpack Builder Image Build Docker Hub revision: cf362c7 Git Clone Task Run build

Slide 83

Slide 83 text

Confidential │ © 2020 VMware, Inc. 83 Tekton Promote Event Listener Trigger Template Trigger Binding Pipeline Pipeline Run Ops Dev Task Run Git Clone Task Argo CD Git Clone Task Run Ops Dev Task Run Ops Git Repo Dev App newTag: x.y.z Docker Hub deploy

Slide 84

Slide 84 text

84 Confidential │ © 2020 VMware, Inc. Workflow Automation Demo

Slide 85

Slide 85 text

Confidential │ © 2020 VMware, Inc. 85 App Git Repo Code change Tekton Build Event Listener Trigger Template Trigger Binding Pipeline Pipeline Run Golang Test Task Golang Lint Task Update Revision Task Git Clone Task Argo CD Golang Test Task Run Golang Lint Task Run Update Revision Task Run Git Clone Task Run Ops Git Repo Image App kpack Builder Image Build Docker Hub revision: cf362c7 Git Clone Task Run build You are here

Slide 86

Slide 86 text

Confidential │ © 2020 VMware, Inc. 86 Tekton Promote Event Listener Trigger Template Trigger Binding Pipeline Pipeline Run Ops Dev Task Run Git Clone Task Argo CD Git Clone Task Run Ops Dev Task Run Ops Git Repo Dev App newTag: x.y.z Docker Hub deploy

Slide 87

Slide 87 text

Confidential │ © 2020 VMware, Inc. 87 change path to production prod code path to prod the things you need to do to confidently deploy code to production test package deploy test deploy promote rollback test strategic rollout reviews pull request feature branch declared state maintain Collaboration

Slide 88

Slide 88 text

88 Confidential │ © 2020 VMware, Inc. ChatOps

Slide 89

Slide 89 text

Confidential │ © 2020 VMware, Inc. 89 “A collaboration model that helps to connect people, process, tools, and automation into a transparent workflow.” - GitHub ChatOps

Slide 90

Slide 90 text

Confidential │ © 2020 VMware, Inc. 90 Eventing engine Can receive webhook calls for e.g. PRs Can trigger Tekton pipelines and report back the status to the PRs Supports a wide range of ChatOps commands Can be complex to set up Only supports github.com Jenkins X’s Lighthouse is a fork with added support for GitHub Enterprise, GitLab and BitBucket Server, with a simpler setup and less moving parts Kubernetes-native eventing engine Prow

Slide 91

Slide 91 text

91 Confidential │ © 2020 VMware, Inc. Prow Demo

Slide 92

Slide 92 text

92 Confidential │ © 2020 VMware, Inc. Integrated Solutions

Slide 93

Slide 93 text

Confidential │ © 2020 VMware, Inc. 93 App Git Repo Code change Tekton Argo CD Ops Git Repo kpack Docker Hub eventual demo path Ops Git Repo Tekton Argo CD

Slide 94

Slide 94 text

Confidential │ © 2020 VMware, Inc. 94 change path to production prod code path to prod the things you need to do to confidently deploy code to production test package deploy test deploy promote rollback test strategic rollout reviews pull request feature branch declared state maintain

Slide 95

Slide 95 text

Confidential │ © 2020 VMware, Inc. 95 Designed to run on and target Kubernetes Quickstarts & buildpacks Uses Prow (Lighthouse), Draft and Tekton internally Supports promotion flows with on-demand environments Hides Tekton’s complexity, but provides its flexibility Jenkins Kubernetes edition Jenkins X

Slide 96

Slide 96 text

96 Confidential │ © 2020 VMware, Inc. Jenkins X Demo

Slide 97

Slide 97 text

Confidential │ © 2020 VMware, Inc. 97 Keep it simple, stupid People over Processes over Tools

Slide 98

Slide 98 text

Confidential │ © 2020 VMware, Inc. 98 Keep it simple, stupid People over Processes over Tools

Slide 99

Slide 99 text

Confidential │ © 2020 VMware, Inc. 99 Powerful turn-key multi-cloud deployment tool Advanced deployment strategies including automated canary analysis Keeps track of state of your deployments and uses it to drive pipelines Offers composite UI across clouds, clusters, regions and deployment platforms Complex to set up and a platform on its own to maintain Lacks declarative configuration of pipelines Deployment platform for fast and safe deployments Spinnaker

Slide 100

Slide 100 text

Confidential │ © 2020 VMware, Inc. 100 GitLab is a comprehensive SDLC platform, containing a Git server, an image registry, issue tracker, application monitoring, security scanning, … The differentiating feature is Auto DevOps It automatically sets up the complete pipeline and necessary integrations ● detects the language of the code automatically builds ● tests and measures code quality ● scans for potential vulnerabilities, security flaws and licensing issues ● packages ● instruments (for monitoring in real-time) and deploys the application It provides an opinionated pipeline out-of-the-box Jenkins Kubernetes edition GitLab CI

Slide 101

Slide 101 text

101 Confidential │ © 2020 VMware, Inc. Opinionated Pipelines

Slide 102

Slide 102 text

Confidential │ © 2020 VMware, Inc. 102 Avoids boilerplate code which is the same for 80% of the projects by abstracting it. Examples of opinionated solutions: ● Spring Boot provides an opinionated interpretation of the Spring framework abstracted in libraries ● Cloud Native Buildpacks provide an opinionated way of building and containerizing your application ● Spinnaker provides opinionated advanced deployment strategies ● Jenkins X quickstart uses Draft packs to provide an opinionated way of bootstrapping your pipeline ● GitLab’s Auto DevOps provides an opinionated full-featured end-to-end pipeline, including support for Cloud Native Buildpacks Characteristics Opinionated Pipelines

Slide 103

Slide 103 text

Confidential │ © 2020 VMware, Inc. 103 change path to production prod code path to prod the things you need to do to confidently deploy code to production test package deploy test deploy promote rollback test strategic rollout reviews pull request feature branch declared state maintain

Slide 104

Slide 104 text

104 Confidential │ © 2020 VMware, Inc. Homework

Slide 105

Slide 105 text

Confidential │ © 2020 VMware, Inc.

Slide 106

Slide 106 text

Confidential │ © 2020 VMware, Inc.

Slide 107

Slide 107 text

107 Confidential │ © 2020 VMware, Inc. www.katacoda.com/ springone-tour-2020-cicd Free Self-guided Course gitter.im/pivotal-cf/s1t-2020-cicd

Slide 108

Slide 108 text

108 Confidential │ © 2020 VMware, Inc. www.katacoda.com/ springone-tour-2020-cicd Free Self-guided Course gitter.im/pivotal-cf/s1t-2020-cicd

Slide 109

Slide 109 text

Confidential │ © 2020 VMware, Inc. Thank You See you tomorrow! Cora Iberkleid Developer Advocate Andreas Evers Senior Solutions Architect

Slide 110

Slide 110 text

Paul Czarkowski Technical Advocate VMware Tanzu Lyle Murphy Product Manager, Tanzu Developer Ecosystem VMware Mark Fisher Sr. Staff Engineer Spring Mark Pollack Sr. Staff Engineer Spring