Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Continuous Operations with GitOps - an Introduction

schnatterer
September 15, 2021
Technology
0
47

Continuous Operations with GitOps - an Introduction

https://www.herbstcampus.de/veranstaltung-13171-0-continuous-operations-mit-gitops--eine-einfuehrung.html

schnatterer

September 15, 2021
Tweet

More Decks by schnatterer

See All by schnatterer
The perfect GitOps process: repos, folders, stages, patterns
schnatterer
0
12
GitOps - is this something for me?
schnatterer
0
11
GitOps - is this something for me?
schnatterer
0
82
IT-Tage 2021 - GitOps: Introduction to Continuous Operations with Kubernetes
schnatterer
0
110
GitOps: Hands-on Continuous Operations mit Kubernetes
schnatterer
0
65
GitOps: Introduction to Continuous Operations with Kubernetes
schnatterer
0
19
GitOps: Introduction to Continuous Operations with Kubernetes - Mastering Kubernetes 2021
schnatterer
0
17
Introduction to GitOps - A new age of ops automation?
schnatterer
1
87
Good Practices for Secure Kubernetes AppOps (JavaLand 2021)
schnatterer
0
36

Other Decks in Technology

See All in Technology
株式会社オプティム_採用会社紹介資料 / optim-recruit
optim
0
9.5k
MagicPod開発における テスト自動化とCI
nozomiito
0
130
フルComposeでTVアプリを作った話
sasakitomohiro
0
280
C# の async/await は実際にどうやって動いているか
nenonaninu
3
11k
組織一丸となってカスタマーサクセスを実現するための取り組みと悩み
zakiyama
0
130
バリエーションで差をつける。myshoesの新たな挑戦 #cicd_test_night
whywaita
PRO
0
480
1人目QA奮闘記-2023年ver-/QA Engineer's Struggle 2023
mii3king
1
400
今後の開発規模拡大、QA人材を爆速で立ち上げる
ymty
1
840
社内でChatGPTを利用するためのガイドラインを整備した話
yoshikieguchi
0
1k
Google I:O 2023 Androidの自動テストアップデートまとめ / Google I:O 2023 Android Testing Update Recap
tkmnzm
0
190
CloudWatchでバレる 「君、仕事中にyo〇tube観てたよね?」
kadogen_0527
1
290
ChatGPTを活用した 便利ツールの紹介
hankehly
0
430

Featured

See All Featured
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
500
130k
GitHub's CSS Performance
jonrohan
1022
430k
Building Effective Engineering Teams - LeadDev
addyosmani
5
590
What’s in a name? Adding method to the madness
productmarketing
PRO
14
2.1k
Building Better People: How to give real-time feedback that sticks.
wjessup
346
18k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
123
29k
For a Future-Friendly Web
brad_frost
166
8k
Building Applications with DynamoDB
mza
86
5.1k
GraphQLとの向き合い方2022年版
quramy
23
11k
Fantastic passwords and where to find them - at NoRuKo
philnash
33
2k
StorybookのUI Testing Handbookを読んだ
zakiyama
9
3.5k
Writing Fast Ruby
sferik
613
58k

Transcript



  1. // CONTINUOUS OPERATIONS

    WITH GITOPS
    - AN INTRODUCTION
    Johannes Schnatterer, Cloudogu GmbH
    Version: 202109151213-b9d957a

    @jschnatterer
    1
    .
    1

    View Slide

  2. Agenda
    • What is GitOps?
    • How can it be used?
    • What challenges arise?
    1
    .
    2

    View Slide

  3. What is GitOps?
    2
    .
    1

    View Slide

  4. • Operating model
    • Origin: blog post by Weaveworks, August 2017
    Use developer tooling to drive operations
    weave.works/blog/gitops-operations-by-pull-request
    2
    .
    2

    View Slide

  5. "Classic" Continuous Delivery ("CIOps")
    Developer
    Git Repo CI Server
    Continuous Integration +
    Continuous Delivery
    K8s Cluster
    push pull deploy
    imperative,
    once
    GitOps

    K8s Cluster
    Developer
    Git Repo
    CI Server
    Continuous Integration Continuous Delivery
    GitOps
    operator
    push
    pull
    pull
    deploy
    declarative,
    continuously
    2
    .
    3

    View Slide

  6. GitOps Principles
    1 The principle of declarative desired state
    2 The principle of immutable desired state versions
    3 The principle of continuous state reconciliation
    4 The principle of operations through declaration
    github.com/open-gitops/documents/blob/main/PRINCIPLES.md
    2
    .
    4

    View Slide

  7. GitOps vs DevOps
    • DevOps is about collaboration of formerly separate groups (mindset)
    • GitOps focuses on ops (operating model)
    • GitOps can be used with or without DevOps
    2
    .
    5

    View Slide

  8. K8s Cluster
    Developer
    Git Repo
    CI Server
    GitOps
    operator
    push
    pull
    pull
    deploy
    Advantages of GitOps
    • No access to cluster from outside
    No credentials on CI server
    • Forces declarative description
    • IaC is auditable
    • Scalability - one repo many applications
    • Self-healing / Hands-off ops
    2
    .
    6

    View Slide

  9. How can GitOps be used?
    3
    .
    1

    View Slide

  10. What can GitOps be used for?
    Cloud
    Cluster
    K8s Resources /
    applications
    Cloud Infra IAM DNS
    ...
    Pods Services
    ...
    3
    .
    2

    View Slide

  11. GitOps tool categories
    • GitOps operators/controllers
    • Supplementary GitOps tools
    • Tools for operating k8s clusters + cloud infra with GitOps
    3
    .
    3

    View Slide

  12. GitOps operators/controllers







    3
    .
    4

    View Slide

  13. Supplementary GitOps tools
    Secrets


    • + K8s integration
    • Operators for Key Management Systems
    bitnami-labs/sealed-secrets
    Soluto/kamus
    mozilla/sops
    3
    .
    5

    View Slide

  14. Others
    • Backup
    • Deployment Strategies - Progressive Delivery


    • ...
    GitOps loves operators
    3
    .
    6

    View Slide

  15. Operate Kubernetes with Kubernetes
    Cloud Infra
    Repo
    Management Cluster Target Cluster
    Target Cluster
    Target Cluster
    3
    .
    7

    View Slide

  16. Management Cluster
    Cloud Infra
    Repo
    GitOps
    operator
    API-Server Infra operator
    Target Clusters
    Infra providers
    pull watch
    apply resources
    apply resources
    create/
    manage
    create/
    manage
    create
    clusters/
    VMs/
    metal
    3
    .
    8

    View Slide

  17. | -
    Tools for operating k8s clusters + cloud infra







    +
    Cloud or Operator



    rancher/terraform-controller
    3
    .
    9

    View Slide

  18. See also
    ( )
    • General tool comparison,
    • tips on criteria for tool selection,
    • comparison of ArgoCD v1 and Flux v2
    cloudogu.com/blog/gitops-tools iX 4/2021
    3
    .
    10

    View Slide

  19. What challenges arise with GitOps?
    4
    .
    1

    View Slide

  20. More Infra ...
    • GitOps Operator: One or more custom controllers
    • Helm, Kustomize Controllers
    • Operators for Supplementary tools (secrets, etc.)
    • Monitoring/Alerting systems
    • ...
    4
    .
    2

    View Slide

  21. ... higher cost
    • Maintenance/patching (vendor lock-in)
    • Resource consumption
    • Learning curve
    • Error handling
    • failing late and silently
    • monitoring/alerting required
    • reason might be difficult to pinpoint
    • operators cause alerts (OOM errors, on Git/API server down, etc.)
    4
    .
    3

    View Slide

  22. Day two questions
    • POC is simple
    • Operations in prod has its challenges
    • How to realize staging?
    • How to structure repos and how many of them?
    • Role of CI server?
    • How to realize local dev env?
    • How to delete resources?
    • ...
    4
    .
    4

    View Slide

  23. Implementing stages
    Idea 1: Staging Branches
    • Develop Staging
    • Main Production




    Logic for branching complicated and error prone (merges)
    4
    .
    5

    View Slide

  24. Idea 2: Staging folders
    • On the same branch: One folder per stage
    • Process:
    • commit to staging folder only,
    • create short lived branches and pull requests for prod
    • Duplication is tedious, but can be automized
    ├── production

    │ └── application

    │ └── deployment.yaml

    └── staging

    └── application

    └── deployment.yaml


    • Logic for branching simpler
    • Supports arbitrary number of stages
    4
    .
    6

    View Slide

  25. Basic role of CI server
    K8s Cluster
    Developer
    Git Repo
    CI Server
    GitOps
    operator
    OCI Registry
    push
    pull
    push
    pull
    pull
    deploy
    4
    .
    7

    View Slide

  26. Number of repositories: application vs GitOps repo
    GitOps tools: Put infra in separate repo! See
    K8s Cluster
    Developer
    App Repo GitOps Repo
    CI Server
    GitOps
    operator
    OCI Registry
    push
    app
    code
    push
    infra
    code
    pull
    push
    pull
    pull
    deploy
    argo-cd.readthedocs.io/en/release-2.0/user-guide/best_practices
    4
    .
    8

    View Slide

  27. Disadvantages
    • Separated maintenance & versioning of app and infra code
    • Review spans across multiple repos
    • Local dev more difficult

    How to avoid those?
    4
    .
    9

    View Slide

  28. Extended role of CI server
    K8s Cluster
    Developer
    App Repo GitOps Repo
    CI Server
    GitOps
    operator
    OCI Registry
    push
    app
    +infra
    code
    pull
    push
    infra
    code
    push
    pull
    pull
    deploy
    4
    .
    10

    View Slide

  29. Advantages
    • Single repo for development: higher efficiency
    • Automated staging (e.g. PR creation, namespaces)
    • Shift left: static code analysis + policy check on CI server,
    e.g. yamlint, kubeval, helm lint, conftest
    • Simplify review by adding info to PRs

    cloudogu/gitops-build-lib
    4
    .
    11

    View Slide

  30. Local development
    • Option 1: Deploy GitOps operator and Git server on local cluster
    complicated
    • Option 2: Just carry on without GitOps.
    Easy, when IaC remains in app repo
    4
    .
    12

    View Slide

  31. How to delete resources?
    • "garbage collection" (Flux) / "resource pruning" (ArgoCD)
    disabled by default
    • Enable from beginning avoid manual interaction
    4
    .
    13

    View Slide

  32. Demo
    Your Host
    K3d Container
    SCM-Manager
    Docker Daemon ArgoCD
    App Repos GitOps Repos
    Registry
    Jenkins
    run
    pull push
    push
    pull
    deploy
    cloudogu/gitops-playground
    5

    View Slide

  33. 6
    .
    1

    View Slide

  34. Personal Conclusion
    After migrating to and operating with GitOps in production for > 1
    year
    • Smoother CI/CD,
    • everything declarative
    • faster deployment
    • But: security advantages only when finished migration
    6
    .
    2

    View Slide

  35. GitOps experience distilled
    Has advantages, once established
    Mileage for getting there may vary
    6
    .
    3

    View Slide

  36. Adopt GitOps?
    • Greenfield
    • AppOps: Definitely
    • ClusterOps: Depends
    • Brownfield: Depends
    6
    .
    4

    View Slide

  37. Johannes Schnatterer, Cloudogu GmbH

    • GitOps Resources (intro, our articles, etc.)
    • Links to GitOps Playground and Build Lib
    • Discussions
    • Trainings
    cloudogu.com/gitops
    6
    .
    5

    View Slide

  38. Image sources
    • What is GitOps?

    • How can GitOps be used? Tools:
    • What challenges arise with GitOps?
    https://pixabay.com/illustrations/question-mark-
    important-sign-1872665/
    https://pixabay.com/photos/tools-
    knives-wrenches-drills-1845426/
    https://unsplash.com/photos/bJhT_8nbUA0
    6
    .
    6

    View Slide