GitOps: Git based application deployment patterns for Kubernetes

Transcript

1. Git based application deployment patterns for Kubernetes Git ❤ K8s

2. Shahidh K Muhammed @shahidh_k

3. Git • Distributed version control system • Manage source code

   • Any text files can be tracked • Collaboration

4. Git - Source of Truth • Infrastructure as Code ◦

   Terraform, CloudFormation • System Configuration as Code ◦ Ansible ◦ Chef ◦ Puppet • Application Configuration as Code ◦ Kubernetes ◦ Hasura • Application Source Code

5. Ops • Configure, build, test, deploy • CI/CD • Monitor,

   fix • Upgrades • Rollbacks • Automation

6. GitOps • Stable surface (tooling abstraction) for developers • Things

   change under this surface • Git as the boundary • Everything should be declarative • Driving DevOps through Git • Reduced toolset, Complete extensibility • Everything as Code - Kuberentes

7. Approach • Stable surface (tooling abstraction) for developers • Without

   restricting the ability of the operators to interface with infrastructure or to enforce controls and release processes. • "Below" this stable surface operators change plumbing • "Above" this surface developers use consistent tooling

8. Git as the boundary • For a developer, Git is

   the perfect tool for creating a "stable" boundary. • Git-hooks on the client-side/server-side • Webhook integrations offered by centralised git-hosting providers (github, bitbucket etc) • Constraint: ◦ git-hooks and webhooks can only make use of information inside the git repository ◦ or the environment that the git-hook/webhook runs in • Key constraint: Everything must become declarative.

9. Everything must become declarative Declarative tools ❤ Git

10. Git push to deploy • Comfortable and known workflow for

    developers • Given everything is declarative, Git is the only tool a developer need to drive DevOps tasks

11. GitOps - particular way of driving DevOps with Git

12. GitOps - Benefits • Reduced toolset ◦ Developers only need

    to use git for all DevOps tasks • Complete extensibility ◦ git-hooks and webhooks allow for infinite customisation and tooling to be implemented by operators without affecting the developer workflow in the slightest

13. GitOps - a checklist Developers • Declarative microservice runtime: Dockerfile

    • Declarative environment configuration: Kubernetes PodSpec • Declarative stateful actions: Jobs as containers, migration files

14. GitOps - a checklist Operators • Programmable git-remote/webhook listener on

    the cluster • Declarative infrastructure requirements: CloudFormation, Terraform • Declarative deployment: Kubernetes DeploymentSpec • Declarative tests - run as jobs in a pipeline triggered by a webhook or git-hooks • Implement CI/CD tasks automation in git-hooks • Implement deployment of stateful tasks like database migrations • Monorepo or a config repo - configuration, integration tests for the application are stored • Store secrets/tokens as references to actual values on the Kubernetes cluster, or a vault

15. Everything as Code

16. GitOps on Kubernetes • Setting up a git-remote that can

    receive git events or webhooks: Gitkube.sh: git push to your kubernetes cluster to build and deploy docker images • Synchronising state in git repo with state on a kubernetes cluster: Flux: A controller running on a kubernetes cluster that synchronises the declarative spec in the git repo with the state of the kubernetes cluster • Setting up git-hooks for running stateful migrations: Hasura: A CLI that sets up git-hooks on the local and remote git that can apply configuration, database migrations and can build/deploy docker images via git events.
17. None

18. Gitkube - Architecture

19. Demo • Gitkube • GitOps at Hasura: ◦ Deploying applications

    ◦ Changing subdomain ◦ Add a new domain ◦ Database migrations

20. Shahidh K Muhammed @shahidh_k Thanks for listening! Questions?