Upgrade to Pro — share decks privately, control downloads, hide ads and more …

GitOps - is this something for me?

schnatterer
April 07, 2022
Technology
0
82

GitOps - is this something for me?

Mastering GitOps

Zum Einstieg in die Konferenz liefert dieser Vortrag einen Überblick über das Thema GitOps und zeigt auf, an welchen Stellen die weiteren Vorträge des Tages Vertiefungen bieten.

Am Anfang steht eine Begriffsdefinition, die mit Halbwissen aufräumt und GitOps klar von den Git-basierten Vorgehen der Vergangenheit abgrenzt. Dabei zeigt der Vortrag Vorteile von GitOps auf, verschweigt aber nicht die Herausforderungen.

Neben dem Anwendungsfall "Deployment von Anwendungen" beleuchtet der Vortrag auch das Deployment genereller Cloud-Infrastruktur per GitOps und zeigt jeweils eine Übersicht der Tools, die dafür zur Auswahl stehen.

Teilnehmende können sich nach diesem Vortrag ein eigenes Bild von Nutzen, Herausforderungen und Reifegrad von GitOps machen und wissen, was im Laufe des weiteren Tages auf sie zukommt.

https://www.mastering-gitops.de/veranstaltung-14077-se-0-gitops--ist-das-was-fuer-mich.html

schnatterer

April 07, 2022
Tweet

More Decks by schnatterer

See All by schnatterer
The perfect GitOps process: repos, folders, stages, patterns
schnatterer
0
12
GitOps - is this something for me?
schnatterer
0
11
IT-Tage 2021 - GitOps: Introduction to Continuous Operations with Kubernetes
schnatterer
0
110
GitOps: Hands-on Continuous Operations mit Kubernetes
schnatterer
0
65
GitOps: Introduction to Continuous Operations with Kubernetes
schnatterer
0
19
Continuous Operations with GitOps - an Introduction
schnatterer
0
47
GitOps: Introduction to Continuous Operations with Kubernetes - Mastering Kubernetes 2021
schnatterer
0
17
Introduction to GitOps - A new age of ops automation?
schnatterer
1
88
Good Practices for Secure Kubernetes AppOps (JavaLand 2021)
schnatterer
0
36

Other Decks in Technology

See All in Technology
Head toward Java 20 and Java 21
line_developers
PRO
0
450
何故、UseCaseは1メソッドなのか
okuzawats
2
410
エンジニアのキャリアパスはどう描く? まつもとりーさんと考える後悔しないキャリア選択
matsumoto_r
PRO
2
340
よくわかるフォルシアのエンジニア 旅行プラットフォーム部編
forcia_dev_pr
0
230
Sprasia, Inc. - Sprasia Engineers Culture Deck
sprasiainc
0
110
Autonomous Database Cloud 技術詳細 / adb-s_technical_detail_jp
oracle4engineer
PRO
10
26k
JSAI2023 Tutorial 「基盤モデルの技術と展望」
yusuke0519
6
2.6k
どうしてもcgoから逃げられなくなったあなたに知ってほしいcgoの使い方入門
sakiengineer
1
1.1k
過去事例から見るモニタリングの大切さ #techfeed_live
whywaita
PRO
1
450
JUnitテストをCI環境で並列で実行する方法とその速度, スケーラビリティ
nabedge
4
280
Microsoft Build 2023 で発表された Cosmos DB の注目アップデート / Microsoft Build 2023 Cosmos DB update
miyake
1
230
Cluster_Extended Tokyo_WWDC 2023
clusterinc
0
370

Featured

See All Featured
Testing 201, or: Great Expectations
jmmastey
26
5.9k
Gamification - CAS2011
davidbonilla
75
4.2k
What's in a price? How to price your products and services
michaelherold
234
10k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
33
21k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
218
21k
The Language of Interfaces
destraynor
149
21k
The Art of Programming - Codeland 2020
erikaheidi
37
11k
Building an army of robots
kneath
300
41k
Fireside Chat
paigeccino
18
2.1k
Rails Girls Zürich Keynote
gr2m
89
12k
Documentation Writing (for coders)
carmenintech
53
3.1k
Imperfection Machines: The Place of Print at Facebook
scottboms
255
12k

Transcript



  1. // GITOPS -

    IS THIS SOMETHING FOR ME?
    Johannes Schnatterer, Cloudogu GmbH
    Version: 202204062012-c43a708

    @jschnatterer
    2

    View Slide

  2. Agenda
    • Basics
    • Tools
    • Challenges
    3

    View Slide

  3. GitOps basics
    5

    View Slide

  4. Origin: blog post by Weaveworks, August 2017
    Use developer tooling to drive operations
    weave.works/blog/gitops-operations-by-pull-request
    6

    View Slide

  5. "Classic" Continuous Delivery ("CIOps")

    Developer
    Git Repo CI Server
    Continuous Integration +
    Continuous Delivery
    K8s Cluster
    push pull deploy
    imperative,
    once
    GitOps

    K8s Cluster
    Developer
    Git Repo
    CI Server
    Continuous Integration Continuous Delivery
    GitOps
    operator
    push
    pull
    pull
    deploy
    declarative,
    continuously
    7

    View Slide

  6. GitOps Principles
    The desired state of a GitOps managed system must be:
    1 Declarative
    2 Versioned and Immutable
    3 Pulled Automatically
    4 Continuously Reconciled
    github.com/open-gitops/documents/blob/main/PRINCIPLES.md
    8

    View Slide

  7. GitOps vs DevOps
    • DevOps is about collaboration of formerly separate groups (mindset)
    • GitOps focuses on ops (operating model)
    • GitOps could be used with or without DevOps and vice versa
    • Still, GitOps might be...
    The right way to do DevOps
    Alexis Richardson
    9

    View Slide

  8. K8s Cluster
    Developer
    Git Repo
    CI Server
    GitOps
    operator
    push
    pull
    pull
    deploy
    Advantages of GitOps
    • No access to cluster from outside
    (might also solve firewall/zone issues)
    • No credentials on CI server
    (neither cluster access nor for apps)
    • Forces declarative description
    • IaC is auditable
    • Scalability - one repo many applications
    • Self-healing
    10

    View Slide

  9. What can GitOps be used for?
    Cloud
    Cluster
    K8s Resources /
    applications
    Cloud Infra IAM DNS VMs Clusters
    ...
    Services CRDs
    ...
    Deployments
    11

    View Slide

  10. GitOps tools
    13

    View Slide

  11. GitOps tool categories
    • GitOps operators/controllers
    • Supplementary GitOps tools
    • Tools for operating cloud infra
    14

    View Slide

  12. GitOps operators/controllers







    15

    View Slide

  13. Supplementary GitOps tools
    Secrets
    16

    View Slide

  14. Secrets - Ways of storing secrets
    • Store Secrets in Repo (encrypted/sealed)
    • Store Secrets in Key Management System (KMS)
    • Different KMS
    • Proprietary KMS:

    ...
    • Hashicorp Vault
    • Different K8s Integrations
    • Operator
    • Container Storage Interface (CSI) driver
    • Side car (injector)
    • Helm/Kustomize plugin
    • GitOps Operator: native support or plugin
    17

    View Slide

  15. Secrets - Tools

    • + K8s integration

    • (plugin)
    • (plugin)
    • flux v2 ( )







    • (sidecar injector)
    bitnami-labs/sealed-secrets
    mozilla/sops
    isindir/sops-secrets-operator
    jkroepke/helm-secrets
    viaduct-ai/kustomize-sops
    native support
    argoproj-labs/argocd-vault-plugin
    kubernetes-sigs/secrets-store-csi-driver
    external-secrets/external-secrets
    hashicorp/vault-k8s
    18

    View Slide

  16. Others
    • Backup / restore
    • Deployment Strategies - Progressive Delivery


    • ...
    19

    View Slide

  17. GitOps operators
    +
    Infra Operator
    =
    Operate cloud infra with GitOps
    20

    View Slide

  18. Operate Kubernetes with Kubernetes
    Cloud Infra
    Repo
    Management Cluster Target Cluster
    Target Cluster
    Target Cluster
    21

    View Slide

  19. Management Cluster
    Cloud Infra
    Repo
    GitOps
    operator
    API-Server Infra operator
    Target Clusters
    Infra providers
    pull watch CRs
    apply resources
    apply resources
    create/
    manage
    create/
    manage
    create
    clusters/
    VMs/
    metal
    22

    View Slide

  20. Tools for operating cloud infra




    23

    View Slide

  21. Terraform + GitOps
    Terraform Cloud or K8s Operator





    weaveworks/tf-controller
    rancher/terraform-controller
    24

    View Slide

  22. See also
    ( )
    • General tool comparison,
    • tips on criteria for tool selection,
    • comparison of ArgoCD and Flux
    cloudogu.com/blog/gitops-tools iX 4/2021
    25

    View Slide

  23. Challenges with GitOps
    27

    View Slide

  24. More Infra ...
    • GitOps Operator: One or more custom controllers
    • Helm, Kustomize Controllers
    • Operators for Supplementary tools (secrets, etc.)
    • Monitoring/Alerting systems
    • ...
    28

    View Slide

  25. ... higher cost
    • Maintenance/patching (vendor lock-in)
    • Resource consumption
    • Learning curve
    • Error handling
    • failing late and silently
    • monitoring/alerting required
    • reason might be difficult to pinpoint
    • operators cause alerts (OOM errors, on Git/API server down, etc.)
    29

    View Slide

  26. Day two questions
    • POC is simple
    • Operations in prod has its challenges
    • How to realize local dev env?
    • How to delete resources?
    • How to realize staging?
    • How to structure repos and how many of them?
    • Role of CI server?
    • ...
    30

    View Slide

  27. Local development
    • Option 1: Deploy GitOps operator and Git server on local cluster
    complicated
    • Option 2: Just carry on without GitOps.
    Easy, when IaC is stored in app repo
    31

    View Slide

  28. How to delete resources?
    • garbage collection (Flux) / resource pruning (ArgoCD)

    disabled by default
    • Enable from beginning avoid manual interaction
    • Unfortunately, still often unreliable / too defensive (?)
    32

    View Slide

  29. Implementing stages
    Idea 1: Staging Branches
    • Develop Staging
    • Main Production


    • Logic for branching complicated (merges)
    • Gets even more difficult with more stages
    33

    View Slide

  30. Idea 2: Staging folders
    • On the same branch: One folder per stage
    • Process:
    • commit to staging folder only ( protect prod),
    • create short lived branches and pull requests for prod
    • Duplication is tedious, but can be automized
    ├── production

    │ └── application

    │ └── deployment.yaml

    └── staging

    └── application

    └── deployment.yaml


    • Logic for branching simpler
    • Supports arbitrary number of stages
    34

    View Slide

  31. Basic role of CI server
    K8s Cluster
    Developer
    Git Repo
    CI Server
    GitOps
    operator
    OCI Registry
    push
    pull
    push
    pull
    + watch
    pull
    + push
    deploy
    Optional: GitOps operator updates image version in Git


    github.com/argoproj-labs/argocd-image-updater
    fluxcd.io/docs/guides/image-update
    35

    View Slide

  32. Number of repositories: application vs GitOps repo
    K8s Cluster
    Developer
    Git Repo
    CI Server
    GitOps
    operator
    OCI Registry
    push
    pull
    push
    pull
    pull
    deploy



    K8s Cluster
    Developer
    App Repo GitOps Repo
    CI Server
    GitOps
    operator
    OCI Registry
    push
    app
    code
    push
    infra
    code
    pull
    push
    pull
    pull
    deploy
    GitOps tools: Put infra in separate repo! See
    argo-cd.readthedocs.io/en/release-2.0/user-guide/best_practices
    36

    View Slide

  33. Disadvantages
    • Separated maintenance & versioning of app and infra code
    • Review spans across multiple repos
    • Local dev more difficult
    • Static code analysis for IaC code not possible

    How to avoid those?
    37

    View Slide

  34. Extended role of CI server
    K8s Cluster
    Developer
    App Repo GitOps Repo
    CI Server
    GitOps
    operator
    OCI Registry
    push
    app
    code
    push
    infra
    code
    pull
    push
    pull
    pull
    deploy



    K8s Cluster
    Developer
    App Repo GitOps Repo
    CI Server
    GitOps
    operator
    OCI Registry
    push
    app
    +infra
    code
    pull
    push
    infra
    code
    push
    pull
    pull
    deploy
    38

    View Slide

  35. Advantages
    • Single repo for development: higher efficiency
    • Automated staging (e.g. PR creation, namespaces)
    • Shift left: static code analysis + policy check on CI server,
    e.g. yamlint, kubeval, helm lint, conftest
    • Simplify review by adding info to PRs
    39

    View Slide

  36. Disadvantage
    Complexity in CI pipelines
    Recommendation: Use a plugin or library, e.g.

    cloudogu/gitops-build-lib
    40

    View Slide

  37. Hands-on
    Your Host
    K3d Container
    SCM-Manager
    Docker Daemon ArgoCD
    App Repos GitOps Repos
    Registry
    Jenkins
    run
    pull push
    push
    pull
    deploy
    cloudogu/gitops-playground
    41

    View Slide

  38. Johannes Schnatterer, Cloudogu GmbH
    • GitOps Resources:

    articles, videos,
    projects,

    • /

    cloudogu.com/gitops
    eBook
    Community
    Trainings Consulting
    Jobs
    43

    View Slide

  39. Image sources
    • Basics:
    • Tools:
    • Challenges:
    • GitMaturity:
    https://pixabay.com/illustrations/question-mark-important-sign-
    1872665/
    https://pixabay.com/photos/tools-knives-wrenches-drills-1845426/
    https://unsplash.com/photos/bJhT_8nbUA0
    https://pixabay.com/photos/age-bacteria-bio-biology-blue-
    1238283/
    44

    View Slide

  40. GitOps maturity
    46

    View Slide

  41. thoughtworks.com/radar/techniques/gitops
    47

    View Slide

  42. linkedin.com/pulse/hype-cycle-agile-devops-2021-joachim-herschmann/
    48

    View Slide

  43. There are the challenges, but
    • Mature tools
    • very active tool development
    • ArgoCD and Flux CNCF graduation ahead
    • Lots of new tools and integrations emerging, including platforms
    • Vibrant community
    • increasing adoption
    • several dedicated GitOps conferences:
    GitOps Days, GitOps Con, GitOps Summit, Mastering GitOps
    • I have used GitOps successfully in production for years
    49

    View Slide

  44. My GitOps experience distilled
    Has advantages, once established
    Mileage for getting there may vary
    50

    View Slide

  45. Adopt GitOps?
    • Greenfield: Definitely
    • Brownfield: Depends
    51

    View Slide