$30 off During Our Annual Pro Sale. View Details »

GitOps: Git based application deployment patterns on Kubernetes

GitOps: Git based application deployment patterns on Kubernetes

A take on analyzing what GitOps is, in the current context. Presented at ContainerDays 2018 at Hamburg.

Shahidh K Muhammed

June 20, 2018

More Decks by Shahidh K Muhammed

Other Decks in Technology


  1. GitOps - when Git ❤ K8s Git based application deployment

    patterns on Kubernetes
  2. Hello! I’m Shahidh @shahidh_k GraphQL on Postgres

  3. Git

  4. Declarative tools

  5. Declarative tools ❤ Git as source of truth

  6. Git: source of truth • Application Source Code • Application

    Configuration as Code ◦ Kubernetes ◦ Docker • System Configuration as Code ◦ Ansible ◦ Chef ◦ Puppet • Infrastructure as Code ◦ Terraform ◦ CloudFormation
  7. Git push

  8. • Write code • git push heroku master Changed the

    world for developers Suddenly they’re all ninjas Developers are doing DevOps! Git push workflow
  9. The simplest DevOps task: Build & Deploy on Kubernetes

  10. Build & Deploy $ docker build -t registry.com/my-image:my-tag . $

    docker push registry.com/my-image:my-tag $ kubectl set image deployment/my-deployment container=registry.com/my-image:my-tag
  11. $ git push dev master

  12. Demo 1 : Git push to update webpage

  13. Gitkube architecture git-remote k8s :: deployment,svc Exposed externally SSH-key based

    auth deployment $ git push dev master CRD configuration k8s :: CRD Deployments to update authorised-keys Dockerfile path controller k8s :: operator Apply changes $ kubectl ... remote.yaml </> your computer Kubernetes cluster
  14. Extend to more DevOps tasks? git push to: • Build

    and run unit-tests • Deploy code • Deploy configuration • Apply stateful migrations • Run integration tests
  15. Demo 2: Sending a slack notification on deploy

  16. git push to apply Kubernetes objects (git hooks are amazing)

  17. K8s controller </> yaml Control -loops containers, iptables, resource allocation,

    volumes You do this This just happens
  18. CRD + Operator </> yaml Operator (does stateful things) Jobs,

    pods, volumes You do this This just happens
  19. Eventual consistency - no pipelines </> yaml containers, iptables, resource

    allocation, volumes K8s controllers You do this This just happens. Eventually. Custom operators </> yaml </> yaml </> yaml </> yaml Run jobs, reconfigure deployments
  20. Typical DevOps pipeline Build + run unit-tests Dockerfile Production build

    (artifacts) Multi-stage dockerfile Deploy configuration Update Kubernetes manifests Run stateful tasks (database migrations) Update CRs Run integration tests Run jobs with init-containers to check if microservices are ready
  21. GitOps

  22. GitOps • Code, config, monitoring, policy etc. declarative & version

    controlled • What can be described and observed can be automated and controlled and accelerated • Git as a source of truth for the desired state of whole system • Compare desired state to actual state and act • Make ops changes by pull requests to this repo • All changes need to go through git review process, no kubectl • Use a k8s operator on the cluster to drive the observed cluster state to desired state • Pipelines, observability, control Source: Weaveworks
  23. GitOps 1. Way of doing DevOps -- not a replacement

    2. Commit desired state in a git repo -- not the steps to achieve the state 3. Declarative vs Imperative DevOps 4. Pipelines by default are imperative devops 5. GitOps by definition is declarative devops 6. Yaml file with a set of steps does not make it declarative
  24. GitOps Advantages • Declarative: desired state is clear • Git:

    recreate/rollback, audit trail • Observability: diff with actual state • Git as a dev-operator boundary Disadvantages • Cannot have everything in git (secrets, dynamic variables etc.) • New tools (k8s operators) required to achieve state instead of simple scripts
  25. Git as the developer - operator boundary

  26. Git: stable developer - ops boundary • Consistent tooling for

    devs • Freedom for operators to change the plumbing underneath • Git hooks on client/server side, webhook integrations offered by GitHub, GitLab, BitBucket etc. • CRD + Operator on K8s
  27. Constraints • git-hooks and webhooks can only make use of

    information inside the git repository • or the environment that the git-hook/webhook runs in • K8s Operators need manifests • Key constraint: Everything must become declarative
  28. Everything as Code

  29. What did we achieve? Reduced toolset Developers only need to

    use git for all DevOps tasks Complete extensibility Git-hooks, k8s operators allow for infinite customisation and tooling to be implemented by operators without affecting the developer workflow in the slightest
  30. On pipelines • Pipelines executing a sequence of tasks -

    imperative • CI/CD tools - GitLab Auto DevOps, Jenkins X • As more parts of it becomes declarative, we can start applying these configuration • The CRD+Operator pattern works well • No more pipelines?
  31. Git based tools on K8s

  32. Some more demos?

  33. Thank you for listening! Questions? @shahidh_k

  34. References • GitOps - Operations by Pull Request • Can

    GitOps solve the developer / ops boundary once and for all? • GitOps - Modern best practices for high velocity app dev using cloud native tools