Upgrade to Pro — share decks privately, control downloads, hide ads and more …

GitOps: Git based application deployment patterns for Kubernetes

GitOps: Git based application deployment patterns for Kubernetes

GitOps practices for Kubernetes. Presented at Chennai Kubernetes Meetup

Shahidh K Muhammed

April 21, 2018

More Decks by Shahidh K Muhammed

Other Decks in Technology


  1. Git • Distributed version control system • Manage source code

    • Any text files can be tracked • Collaboration
  2. Git - Source of Truth • Infrastructure as Code ◦

    Terraform, CloudFormation • System Configuration as Code ◦ Ansible ◦ Chef ◦ Puppet • Application Configuration as Code ◦ Kubernetes ◦ Hasura • Application Source Code
  3. Ops • Configure, build, test, deploy • CI/CD • Monitor,

    fix • Upgrades • Rollbacks • Automation
  4. GitOps • Stable surface (tooling abstraction) for developers • Things

    change under this surface • Git as the boundary • Everything should be declarative • Driving DevOps through Git • Reduced toolset, Complete extensibility • Everything as Code - Kuberentes
  5. Approach • Stable surface (tooling abstraction) for developers • Without

    restricting the ability of the operators to interface with infrastructure or to enforce controls and release processes. • "Below" this stable surface operators change plumbing • "Above" this surface developers use consistent tooling
  6. Git as the boundary • For a developer, Git is

    the perfect tool for creating a "stable" boundary. • Git-hooks on the client-side/server-side • Webhook integrations offered by centralised git-hosting providers (github, bitbucket etc) • Constraint: ◦ git-hooks and webhooks can only make use of information inside the git repository ◦ or the environment that the git-hook/webhook runs in • Key constraint: Everything must become declarative.
  7. Git push to deploy • Comfortable and known workflow for

    developers • Given everything is declarative, Git is the only tool a developer need to drive DevOps tasks
  8. GitOps - Benefits • Reduced toolset ◦ Developers only need

    to use git for all DevOps tasks • Complete extensibility ◦ git-hooks and webhooks allow for infinite customisation and tooling to be implemented by operators without affecting the developer workflow in the slightest
  9. GitOps - a checklist Developers • Declarative microservice runtime: Dockerfile

    • Declarative environment configuration: Kubernetes PodSpec • Declarative stateful actions: Jobs as containers, migration files
  10. GitOps - a checklist Operators • Programmable git-remote/webhook listener on

    the cluster • Declarative infrastructure requirements: CloudFormation, Terraform • Declarative deployment: Kubernetes DeploymentSpec • Declarative tests - run as jobs in a pipeline triggered by a webhook or git-hooks • Implement CI/CD tasks automation in git-hooks • Implement deployment of stateful tasks like database migrations • Monorepo or a config repo - configuration, integration tests for the application are stored • Store secrets/tokens as references to actual values on the Kubernetes cluster, or a vault
  11. GitOps on Kubernetes • Setting up a git-remote that can

    receive git events or webhooks: Gitkube.sh: git push to your kubernetes cluster to build and deploy docker images • Synchronising state in git repo with state on a kubernetes cluster: Flux: A controller running on a kubernetes cluster that synchronises the declarative spec in the git repo with the state of the kubernetes cluster • Setting up git-hooks for running stateful migrations: Hasura: A CLI that sets up git-hooks on the local and remote git that can apply configuration, database migrations and can build/deploy docker images via git events.
  12. Demo • Gitkube • GitOps at Hasura: ◦ Deploying applications

    ◦ Changing subdomain ◦ Add a new domain ◦ Database migrations